«

I want to restrict access to files (on local and remote servers) without
requiring users to log in to my ASP.NET application. The users are on an
intranet, anonymous access is disabled and Integrated Windows Authentication
is enabled.

Now, how can we determine if the current authenticated user has access to
specific local and remote files on other Windows servers within the domain?

Please note, we do not wish to restrict access to web pages - but to any file.

Thanks in advance.

The right way to do this is to impersonate the user and try to access the
file. It will throw an exception if you can't access it.

For the remote files on a file share, you'll also need Kerberos delegation
to make that work as that involves an extra machine hop and that is only
supported with delegation.

If you want a friendly way to check in advance if the user will have access
to the file before attempting to open it (or list it), then you probably
need to look at doing p/invoke and using the security APIs like AccessCheck.

Joe K.

"John Challis" <John > wrote in message
news:C3602D78-CC7B-4549-AFDA-...
>I want to restrict access to files (on local and remote servers) without
> requiring users to log in to my ASP.NET application. The users are on an
> intranet, anonymous access is disabled and Integrated Windows
> Authentication
> is enabled.
>
> Now, how can we determine if the current authenticated user has access to
> specific local and remote files on other Windows servers within the
> domain?
>
> Please note, we do not wish to restrict access to web pages - but to any
> file.
>
> Thanks in advance.