Re: Error accessing network resources in ASP.Net

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Jim Cheshire" <noemail@xxxxxxxx>
• Date: Fri, 23 Dec 2005 10:07:21 -0600

---

Siva wrote:
> Hi,
> I am trying to run my ASP.Net web app. As part of this app, it needs
> to create a file in a share in side of the intranet. When I run this
> app from a machine which is same as the web server, everything works
> just fine. However when I try the same thing from a remote machine
> (which is again part of the intranet) I get an error "Access to the
> path denied". I have the impersonation enabled on my web.config and
> the integrated windows authentication enabled in IIS config for this
> setting. My dilemma is, under this setting if I access the web app
> from remote machine, under whose context will the app run?
>

Depending on how you've implemented this, you may be encountering an issue
with delegation of credentials. In fact, when it works from the console but
not from a remote box, that's almost always the cause.

One of the types of Windows authentication is NTLM. NTLM does not allow for
delegation of credentials. If you authenticate via a client to the Web
server and then the Web server attempts to pass your credentials to another
computer, that second "hop" will fail.

The solution to that is to use Kerberos and enable delegation.

810572 How to configure an ASP.NET application for a delegation scenario
http://support.microsoft.com/default.aspx?scid=kb;EN-US;810572

--
Jim Cheshire
================================
Blog: http://blogs.msdn.com/jamesche

Latest entry: Digging into Objects
Describes the details of digging into
memory usage with the debugger.



.

---

• References:
  • Error accessing network resources in ASP.Net
    • From: Siva

• Prev by Date: Listing All computer accounts
• Next by Date: Cant start debugging - Tearing Hair From Scalp In HUGE CHUNKS !
• Previous by thread: Re: Error accessing network resources in ASP.Net
• Next by thread: Re: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\UserData' do
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: VPN & Windows authentication ... and my web apps can continue to use Windows authentication ... the login box (dunno what you call that box...NTML? ... my app knows who they are and can read their AD groups. ... regular users it cannot authenticate their credentials. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Application Flow / security issues ... You won't need a special service account. ... If the use case of the app is basically to have a user log in and then loop ... I just checked with corp. and if I want to do delegation I have to ask ... - You are using integrated windows auth in your web app ... (microsoft.public.dotnet.framework.aspnet.security) Re: Application Flow / security issues ... Sounds like you didn't need delegation after all. ... You should be able to use the network service account on the machine for the ... Running the app pool with your domain account is not a good long term ... (microsoft.public.dotnet.framework.aspnet.security) Re: impersonation - network share - access denied ... I've researched Kerberos and tried a few things. ... delegation on the web server on which the app is running, ... the attribute for delegation for the login I'm testing with. ... (microsoft.public.dotnet.framework.aspnet.security) RE: Application to Application authentication models.... ... checksum of the memory of the app, and block all non-kernel access to ... Either you have to store the real credentials on the server, ... > I accept that this may be the case for web applications per machines. ... Again, you gotta have *something* on the filesystem, or in some way ... (SecProg)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.aspnet  > 2005-12