Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Network File access using anonymous access

Reply
Thread Tools

Network File access using anonymous access

 
 
Tim Menninger
Guest
Posts: n/a
 
      07-22-2004
I have seen a number of entries related to accessing remote resources (files
in my case) that need to reside on a remote server. We must leave our files
on a remote server due to their size. All of the solutions that I have run
across have used impersonation with some type of windows or forms based
security in the ASP.NET application. Our application does not require user
authentication so we use never collect usernames and passwords. The
application trying to access the remote resource is a webservice but I do
not want to grant the entire web service access to the remote resource.

Is there a way to set full access to a particular remote resource directory
that the ASPNET user has access to or a way to specify a username and
password at runtime when I access the remote resource?

Thanks,

Tim


 
Reply With Quote
 
 
 
 
Jim Cheshire [MSFT]
Guest
Posts: n/a
 
      07-22-2004
Hi Tim,

There are several ways to accomplish this, but the most secure method is
code-level impersonation. Essentially, you call the LogonUser API and
impersonate a user with access to the remote share. After you do your
work, you revert to running under the ASPNET user.

Here's an article that describes how you can do that:

http://support.microsoft.com/default...B;EN-US;306158

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
http://www.velocityreviews.com/forums/(E-Mail Removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------
>From: "Tim Menninger" <(E-Mail Removed)>
>Subject: Network File access using anonymous access
>Date: Thu, 22 Jul 2004 10:58:17 -0400
>Lines: 18
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
>Message-ID: <em6$cx$(E-Mail Removed)>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: user194.ctx.com 65.201.150.194
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 10909
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>I have seen a number of entries related to accessing remote resources

(files
>in my case) that need to reside on a remote server. We must leave our files
>on a remote server due to their size. All of the solutions that I have run
>across have used impersonation with some type of windows or forms based
>security in the ASP.NET application. Our application does not require user
>authentication so we use never collect usernames and passwords. The
>application trying to access the remote resource is a webservice but I do
>not want to grant the entire web service access to the remote resource.
>
>Is there a way to set full access to a particular remote resource directory
>that the ASPNET user has access to or a way to specify a username and
>password at runtime when I access the remote resource?
>
>Thanks,
>
>Tim
>
>
>


 
Reply With Quote
 
 
 
 
Raterus
Guest
Posts: n/a
 
      07-22-2004
First off, you can't set permissions for the aspnet user on a remote computer, it is a computer-level account, not a domain account. Take a look at this article

http://support.microsoft.com/default...b;en-us;306158

You can specify a domain username/password using the second example on this page, and access the remote resource only when you need it. All the other times, the webservice won't have any access.

--Michael

"Tim Menninger" <(E-Mail Removed)> wrote in message news:em6$cx$(E-Mail Removed)...
> I have seen a number of entries related to accessing remote resources (files
> in my case) that need to reside on a remote server. We must leave our files
> on a remote server due to their size. All of the solutions that I have run
> across have used impersonation with some type of windows or forms based
> security in the ASP.NET application. Our application does not require user
> authentication so we use never collect usernames and passwords. The
> application trying to access the remote resource is a webservice but I do
> not want to grant the entire web service access to the remote resource.
>
> Is there a way to set full access to a particular remote resource directory
> that the ASPNET user has access to or a way to specify a username and
> password at runtime when I access the remote resource?
>
> Thanks,
>
> Tim
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this a local anonymous class or a member anonymous class Reporter Java 3 05-12-2007 05:23 AM
Get username when using Anonymous Access? jhcorey@yahoo.com ASP .Net 5 10-24-2005 04:59 PM
help with an anonymous array of anonymous hashes noeldamonmiller@gmail.com Perl Misc 1 02-10-2005 01:08 AM
Sign in using https becomes anonymous for pages using http Rujuta Gandhi ASP .Net Security 0 12-11-2004 06:55 AM
Re: Non anonymous access using smart client and config files Guenther Liebowitz ASP .Net 3 08-14-2003 07:57 PM



Advertisments