Re: CreateDirectory working inconsistantly from ASP.net
From: Scott Allen (bitmask_at_[nospam)
Date: 10/25/04
- Next message: Henrik Nordgren: "How to unload the assembly?"
- Previous message: Mel_la_Bel: "Grab window content."
- In reply to: David Davies: "CreateDirectory working inconsistantly from ASP.net"
- Next in thread: David Davies: "Re: CreateDirectory working inconsistantly from ASP.net"
- Reply: David Davies: "Re: CreateDirectory working inconsistantly from ASP.net"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 25 Oct 2004 10:44:39 -0400
Hi David:
You are facing the dreaded double hop NTLM issue. With integrated
authentication the client's credentials can make exactly one network
hop. When the browser authenticates to the web server from a remote
machine the credentials make one hop and can't be used to make a
second hop to the server with the file share (if the browser is on the
same machine as the web server the call works because there is still
only one hop involved).
A few of the solutions are:
1) Enable delegation
http://support.microsoft.com/default.aspx?kbid=810572
2) Impersonate with a specific username and password, i.e.
<identity impersonate="true" userName="<name>" password="<password>"/>
You can also do this programatically.
3) Run the ASP.NET worker process under a domain account with
permissions on both machines.
There are some good tips for 2 & 3 here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp
HTH,
-- Scott http://www.OdeToCode.com/blogs/scott/ On Sun, 24 Oct 2004 20:51:02 -0700, David Davies <DavidDavies@discussions.microsoft.com> wrote: >Please HELP !! > >I have a web page that is trying to create folders on a file server > > eg. \\SERVERNAME\F4\Projects\[New Folder Name] > >Users of the web site are authenticated with Windows Integrated Security. > >(have tried on W2003/IIS6 and W2k/IIS5 with no difference in behavoir) > >When a user connects to the using a browser on the same machine as the >webserver the code works and is able to create the new folder. > >When the same user connects from a remote machine the CreateDirectory >function generates the following Exception >System.UnauthorizedAccessException >"Access to the path \"TEST\" is denied." >Source "mscorlib" >StackTrace >System.IO.__Error.WinIOError(Int32 errorCode, String str) >at System.IO.Directory.InternalCreateDirectory(String fullPath, String >path)\r\n >... > >I have tried to do this in 3 ways all with the same problem; >A) >DirectoryInfo di = Directory.CreateDirectory(newfullpath); > >B) >DirectoryInfo root = new DirectoryInfo(rootPath); >DirectoryInfo di = root.CreateSubdirectory(folderName); > >C) >[DllImport("kernel32.dll")] >static extern bool CreateDirectory(string lpPathName, IntPtr >lpSecurityAttributes); >... >bool result = CreateDirectory(path, IntPtr.Zero); >DirectoryInfo di = DirectoryInfo(path); > >I have also checked that the Integrated Authentication is getting passed >correcty into the application > >string origID = Thread.CurrentPrincipal.Identity.Name; >string contextUser = HttpContext.Current.User.Identity.Name; > >Both call return the same user regardless if the call is from the server or >a remote machine. >Needless to say that the User has the required permissions to create the >folder because they are able to do so as long as they do it from a browser on >the server itself. > >If anyone can shed any light on what is going on here I would greatly >appreciate it. > >Regards, >David Davies >Goldman Sachs >
- Next message: Henrik Nordgren: "How to unload the assembly?"
- Previous message: Mel_la_Bel: "Grab window content."
- In reply to: David Davies: "CreateDirectory working inconsistantly from ASP.net"
- Next in thread: David Davies: "Re: CreateDirectory working inconsistantly from ASP.net"
- Reply: David Davies: "Re: CreateDirectory working inconsistantly from ASP.net"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
