Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Impersonation in ASP.NET

Reply
Thread Tools

Impersonation in ASP.NET

 
 
Bonj
Guest
Posts: n/a
 
      10-20-2004
Hi
I would like to know how to use impersonation, in order to write to a file
on a network share.
The user will be logging on to this web app, and will then click a button
which will write to a file on the network share. Currently though, I am
getting permissions errors. I don't want to set identity impersonate = "true"
because I gather that exposes security weaknesses. Rather, I would like the
user to have to actually enter their windows password. I would then call an
impersonate method, and then try to do it. But it is not working at the
moment, I suspect due to permissions.

Here is the code used to impersonate:
Public Function Impersonate(ByVal UserName As String, ByVal Domain As
String, ByVal Password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr

Dim tokenDuplicate As IntPtr
If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()

Return Not (impersonationContext Is Nothing)
End If
End If
End Function

(written in VB.NET, but equally in C#)

Running the same code to write to the text file in a windows forms
application works fine.
This throws a permissions error in ASP.NET, even though the impersonation
method appears to be successful.

Any help much appreciated

Thanks
 
Reply With Quote
 
 
 
 
Raterus
Guest
Posts: n/a
 
      10-20-2004
Don't cross post..aspnet.security is the only appropriate group you needed to post to.

One thing that should work is to make the page that performs this operation set up for "basic authentication", they will be authenticated on IIS first, then if this takes place, impersonate with code using the shorter method found here. http://support.microsoft.com/default...b;en-us;306158 I don't see why it wouldn't work, and you also won't have to worry about coding a potentially buggy interface to gather their username/password.


"Bonj" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Hi
> I would like to know how to use impersonation, in order to write to a file
> on a network share.
> The user will be logging on to this web app, and will then click a button
> which will write to a file on the network share. Currently though, I am
> getting permissions errors. I don't want to set identity impersonate = "true"
> because I gather that exposes security weaknesses. Rather, I would like the
> user to have to actually enter their windows password. I would then call an
> impersonate method, and then try to do it. But it is not working at the
> moment, I suspect due to permissions.
>
> Here is the code used to impersonate:
> Public Function Impersonate(ByVal UserName As String, ByVal Domain As
> String, ByVal Password As String) As Boolean
> Dim tempWindowsIdentity As WindowsIdentity
> Dim token As IntPtr
>
> Dim tokenDuplicate As IntPtr
> If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
> LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> impersonationContext = tempWindowsIdentity.Impersonate()
>
> Return Not (impersonationContext Is Nothing)
> End If
> End If
> End Function
>
> (written in VB.NET, but equally in C#)
>
> Running the same code to write to the text file in a windows forms
> application works fine.
> This throws a permissions error in ASP.NET, even though the impersonation
> method appears to be successful.
>
> Any help much appreciated
>
> Thanks

 
Reply With Quote
 
 
 
 
Bonj
Guest
Posts: n/a
 
      10-20-2004
I've done the 'impersonate with code' bit, but I can't figure out the "make
the page set up for basic authentication" bit. Any ideas? I mean, what do I
actually need to configure other than the code I've already written?

The interface does collect their username and password, but it isn't buggy
because it doesn't store it in session variables, the query string or any
other form of memory other than the stack.

"Raterus" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Don't cross post..aspnet.security is the only appropriate group you needed
to post to.

One thing that should work is to make the page that performs this operation
set up for "basic authentication", they will be authenticated on IIS first,
then if this takes place, impersonate with code using the shorter method
found here. http://support.microsoft.com/default...b;en-us;306158
I don't see why it wouldn't work, and you also won't have to worry about
coding a potentially buggy interface to gather their username/password.


"Bonj" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
> I would like to know how to use impersonation, in order to write to a file
> on a network share.
> The user will be logging on to this web app, and will then click a button
> which will write to a file on the network share. Currently though, I am
> getting permissions errors. I don't want to set identity impersonate =
> "true"
> because I gather that exposes security weaknesses. Rather, I would like
> the
> user to have to actually enter their windows password. I would then call
> an
> impersonate method, and then try to do it. But it is not working at the
> moment, I suspect due to permissions.
>
> Here is the code used to impersonate:
> Public Function Impersonate(ByVal UserName As String, ByVal Domain As
> String, ByVal Password As String) As Boolean
> Dim tempWindowsIdentity As WindowsIdentity
> Dim token As IntPtr
>
> Dim tokenDuplicate As IntPtr
> If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
> LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> impersonationContext = tempWindowsIdentity.Impersonate()
>
> Return Not (impersonationContext Is Nothing)
> End If
> End If
> End Function
>
> (written in VB.NET, but equally in C#)
>
> Running the same code to write to the text file in a windows forms
> application works fine.
> This throws a permissions error in ASP.NET, even though the impersonation
> method appears to be successful.
>
> Any help much appreciated
>
> Thanks



 
Reply With Quote
 
Raterus
Guest
Posts: n/a
 
      10-20-2004
You have to configure basic authentication in IIS, find the page you are referring to, right-click properties, directory security tab.

"Bonj" <benjtaylor at hotpop d0t com> wrote in message news:(E-Mail Removed)...
> I've done the 'impersonate with code' bit, but I can't figure out the "make
> the page set up for basic authentication" bit. Any ideas? I mean, what do I
> actually need to configure other than the code I've already written?
>
> The interface does collect their username and password, but it isn't buggy
> because it doesn't store it in session variables, the query string or any
> other form of memory other than the stack.
>
> "Raterus" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Don't cross post..aspnet.security is the only appropriate group you needed
> to post to.
>
> One thing that should work is to make the page that performs this operation
> set up for "basic authentication", they will be authenticated on IIS first,
> then if this takes place, impersonate with code using the shorter method
> found here. http://support.microsoft.com/default...b;en-us;306158
> I don't see why it wouldn't work, and you also won't have to worry about
> coding a potentially buggy interface to gather their username/password.
>
>
> "Bonj" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi
> > I would like to know how to use impersonation, in order to write to a file
> > on a network share.
> > The user will be logging on to this web app, and will then click a button
> > which will write to a file on the network share. Currently though, I am
> > getting permissions errors. I don't want to set identity impersonate =
> > "true"
> > because I gather that exposes security weaknesses. Rather, I would like
> > the
> > user to have to actually enter their windows password. I would then call
> > an
> > impersonate method, and then try to do it. But it is not working at the
> > moment, I suspect due to permissions.
> >
> > Here is the code used to impersonate:
> > Public Function Impersonate(ByVal UserName As String, ByVal Domain As
> > String, ByVal Password As String) As Boolean
> > Dim tempWindowsIdentity As WindowsIdentity
> > Dim token As IntPtr
> >
> > Dim tokenDuplicate As IntPtr
> > If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
> > LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> > tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> > impersonationContext = tempWindowsIdentity.Impersonate()
> >
> > Return Not (impersonationContext Is Nothing)
> > End If
> > End If
> > End Function
> >
> > (written in VB.NET, but equally in C#)
> >
> > Running the same code to write to the text file in a windows forms
> > application works fine.
> > This throws a permissions error in ASP.NET, even though the impersonation
> > method appears to be successful.
> >
> > Any help much appreciated
> >
> > Thanks

>
>

 
Reply With Quote
 
Bonj
Guest
Posts: n/a
 
      10-21-2004
I figured it. The problem was not permissions, but the fact that IIS
obviously doesn't understand network drives. Putting the full UNC path in it
(e.g. \\server\share$ rather than just L:\) and it works like a dream.
Didn't help but the fact that the error message was quite generic in all
cases - 'could not find a part of the path ... blah blah blah'. Which is the
same error message you get if you don't call Impersonate.

Thanks

"Raterus" wrote:

> You have to configure basic authentication in IIS, find the page you are referring to, right-click properties, directory security tab.
>
> "Bonj" <benjtaylor at hotpop d0t com> wrote in message news:(E-Mail Removed)...
> > I've done the 'impersonate with code' bit, but I can't figure out the "make
> > the page set up for basic authentication" bit. Any ideas? I mean, what do I
> > actually need to configure other than the code I've already written?
> >
> > The interface does collect their username and password, but it isn't buggy
> > because it doesn't store it in session variables, the query string or any
> > other form of memory other than the stack.
> >
> > "Raterus" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > Don't cross post..aspnet.security is the only appropriate group you needed
> > to post to.
> >
> > One thing that should work is to make the page that performs this operation
> > set up for "basic authentication", they will be authenticated on IIS first,
> > then if this takes place, impersonate with code using the shorter method
> > found here. http://support.microsoft.com/default...b;en-us;306158
> > I don't see why it wouldn't work, and you also won't have to worry about
> > coding a potentially buggy interface to gather their username/password.
> >
> >
> > "Bonj" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Hi
> > > I would like to know how to use impersonation, in order to write to a file
> > > on a network share.
> > > The user will be logging on to this web app, and will then click a button
> > > which will write to a file on the network share. Currently though, I am
> > > getting permissions errors. I don't want to set identity impersonate =
> > > "true"
> > > because I gather that exposes security weaknesses. Rather, I would like
> > > the
> > > user to have to actually enter their windows password. I would then call
> > > an
> > > impersonate method, and then try to do it. But it is not working at the
> > > moment, I suspect due to permissions.
> > >
> > > Here is the code used to impersonate:
> > > Public Function Impersonate(ByVal UserName As String, ByVal Domain As
> > > String, ByVal Password As String) As Boolean
> > > Dim tempWindowsIdentity As WindowsIdentity
> > > Dim token As IntPtr
> > >
> > > Dim tokenDuplicate As IntPtr
> > > If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
> > > LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> > > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> > > tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> > > impersonationContext = tempWindowsIdentity.Impersonate()
> > >
> > > Return Not (impersonationContext Is Nothing)
> > > End If
> > > End If
> > > End Function
> > >
> > > (written in VB.NET, but equally in C#)
> > >
> > > Running the same code to write to the text file in a windows forms
> > > application works fine.
> > > This throws a permissions error in ASP.NET, even though the impersonation
> > > method appears to be successful.
> > >
> > > Any help much appreciated
> > >
> > > Thanks

> >
> >

>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Impersonation code Pramod ASP .Net 1 05-12-2005 09:56 PM
Problem with impersonation and delegation Kelly D. Jones ASP .Net 1 09-12-2003 04:43 PM
Re: ASP.NET Fails after SP4 with Impersonation Hidulf ASP .Net 1 06-30-2003 05:23 PM
Re: ASP.NET Fails after SP4 with Impersonation Raymond Basque ASP .Net 3 06-29-2003 05:18 PM
RE: ASP.NET Fails after SP4 with Impersonation Bassel Tabbara [MSFT] ASP .Net 1 06-28-2003 12:01 AM



Advertisments