Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Impersonation and UnauthorizedAccessException

Reply
Thread Tools

Impersonation and UnauthorizedAccessException

 
 
kevingeist@hotmail.com
Guest
Posts: n/a
 
      10-16-2006
I hope someone can help me with this. Please tell me what I'm not
seeing. In my web app, I'm trying to create files to a common
directory. Only some network IDs have access to write to this
directory.

In my web.config I have:

<authentication mode="Windows"/>
<identity impersonate="true"/>


in my default.aspx.vb I have:
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As
System.Security.Principal.WindowsIdentity
....
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
filePath = System.IO.Path.Combine("w:\kbg\", FileName)
My.Computer.FileSystem.WriteAllText(filePath, strData, False)
impersonationContext.Undo()

When I run the app on the localhost it works great. If I comment out
the impersonationContext line, the app fail because the ASPNET account
does not have access to write to the directory. When I uncomment it,
it works, my network account does have access rights. That's what I
want. My network account has access to the directory, I don't want
ASPNET to have access to it.

Next step, I bring up a browser session on another PC and run the app
on my development PC, I get an "Enter Network Password" popup. I enter
my network password, after a few tries I get an
"UnauthorizedAccessException: Access is to the path 'w:\KBG' is
denied." message. Why does it not work if initiated from another PC?
How do I fix it?

Any help would really be appreciated.

 
Reply With Quote
 
 
 
 
Chris Taylor
Guest
Posts: n/a
 
      10-16-2006
Is the w drive a local drive or is it a mapped network drive?

--
Chris Taylor
http://dotnetjunkies.com/weblog/chris.taylor
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I hope someone can help me with this. Please tell me what I'm not
> seeing. In my web app, I'm trying to create files to a common
> directory. Only some network IDs have access to write to this
> directory.
>
> In my web.config I have:
>
> <authentication mode="Windows"/>
> <identity impersonate="true"/>
>
>
> in my default.aspx.vb I have:
> Dim impersonationContext As
> System.Security.Principal.WindowsImpersonationCont ext
> Dim currentWindowsIdentity As
> System.Security.Principal.WindowsIdentity
> ....
> currentWindowsIdentity = CType(User.Identity,
> System.Security.Principal.WindowsIdentity)
> impersonationContext = currentWindowsIdentity.Impersonate()
> filePath = System.IO.Path.Combine("w:\kbg\", FileName)
> My.Computer.FileSystem.WriteAllText(filePath, strData, False)
> impersonationContext.Undo()
>
> When I run the app on the localhost it works great. If I comment out
> the impersonationContext line, the app fail because the ASPNET account
> does not have access to write to the directory. When I uncomment it,
> it works, my network account does have access rights. That's what I
> want. My network account has access to the directory, I don't want
> ASPNET to have access to it.
>
> Next step, I bring up a browser session on another PC and run the app
> on my development PC, I get an "Enter Network Password" popup. I enter
> my network password, after a few tries I get an
> "UnauthorizedAccessException: Access is to the path 'w:\KBG' is
> denied." message. Why does it not work if initiated from another PC?
> How do I fix it?
>
> Any help would really be appreciated.
>



 
Reply With Quote
 
 
 
 
kevingeist@hotmail.com
Guest
Posts: n/a
 
      10-16-2006
It is a mapped network drive.

Chris Taylor wrote:
> Is the w drive a local drive or is it a mapped network drive?
>
> --
> Chris Taylor
> http://dotnetjunkies.com/weblog/chris.taylor
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> >I hope someone can help me with this. Please tell me what I'm not
> > seeing. In my web app, I'm trying to create files to a common
> > directory. Only some network IDs have access to write to this
> > directory.
> >
> > In my web.config I have:
> >
> > <authentication mode="Windows"/>
> > <identity impersonate="true"/>
> >
> >
> > in my default.aspx.vb I have:
> > Dim impersonationContext As
> > System.Security.Principal.WindowsImpersonationCont ext
> > Dim currentWindowsIdentity As
> > System.Security.Principal.WindowsIdentity
> > ....
> > currentWindowsIdentity = CType(User.Identity,
> > System.Security.Principal.WindowsIdentity)
> > impersonationContext = currentWindowsIdentity.Impersonate()
> > filePath = System.IO.Path.Combine("w:\kbg\", FileName)
> > My.Computer.FileSystem.WriteAllText(filePath, strData, False)
> > impersonationContext.Undo()
> >
> > When I run the app on the localhost it works great. If I comment out
> > the impersonationContext line, the app fail because the ASPNET account
> > does not have access to write to the directory. When I uncomment it,
> > it works, my network account does have access rights. That's what I
> > want. My network account has access to the directory, I don't want
> > ASPNET to have access to it.
> >
> > Next step, I bring up a browser session on another PC and run the app
> > on my development PC, I get an "Enter Network Password" popup. I enter
> > my network password, after a few tries I get an
> > "UnauthorizedAccessException: Access is to the path 'w:\KBG' is
> > denied." message. Why does it not work if initiated from another PC?
> > How do I fix it?
> >
> > Any help would really be appreciated.
> >


 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      10-16-2006
You would need to have Kerberos delegation working in that scenario then
(assuming you are using integrated auth in IIS). Otherwise you have a
double hop issue when accessing with a browser from a remote machine.

You could try following the normal procedures to set up Kerberos delegation.
I'm not sure exactly how it work with mapped network drives and naming
conventions, but you should be able to get it working fine using the share
name.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> It is a mapped network drive.
>
> Chris Taylor wrote:
>> Is the w drive a local drive or is it a mapped network drive?
>>
>> --
>> Chris Taylor
>> http://dotnetjunkies.com/weblog/chris.taylor
>> <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) ups.com...
>> >I hope someone can help me with this. Please tell me what I'm not
>> > seeing. In my web app, I'm trying to create files to a common
>> > directory. Only some network IDs have access to write to this
>> > directory.
>> >
>> > In my web.config I have:
>> >
>> > <authentication mode="Windows"/>
>> > <identity impersonate="true"/>
>> >
>> >
>> > in my default.aspx.vb I have:
>> > Dim impersonationContext As
>> > System.Security.Principal.WindowsImpersonationCont ext
>> > Dim currentWindowsIdentity As
>> > System.Security.Principal.WindowsIdentity
>> > ....
>> > currentWindowsIdentity = CType(User.Identity,
>> > System.Security.Principal.WindowsIdentity)
>> > impersonationContext = currentWindowsIdentity.Impersonate()
>> > filePath = System.IO.Path.Combine("w:\kbg\", FileName)
>> > My.Computer.FileSystem.WriteAllText(filePath, strData, False)
>> > impersonationContext.Undo()
>> >
>> > When I run the app on the localhost it works great. If I comment out
>> > the impersonationContext line, the app fail because the ASPNET account
>> > does not have access to write to the directory. When I uncomment it,
>> > it works, my network account does have access rights. That's what I
>> > want. My network account has access to the directory, I don't want
>> > ASPNET to have access to it.
>> >
>> > Next step, I bring up a browser session on another PC and run the app
>> > on my development PC, I get an "Enter Network Password" popup. I enter
>> > my network password, after a few tries I get an
>> > "UnauthorizedAccessException: Access is to the path 'w:\KBG' is
>> > denied." message. Why does it not work if initiated from another PC?
>> > How do I fix it?
>> >
>> > Any help would really be appreciated.
>> >

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System.UnauthorizedAccessException using impersonation Buckster ASP .Net Security 0 02-10-2006 02:18 AM
Role-based authentication and Forms and System.UnauthorizedAccessException wrecker ASP .Net Security 5 08-30-2005 04:48 PM
Visual Studio throws UnauthorizedAccessException when debugging R Warford ASP .Net 3 12-01-2003 04:08 PM
System.UnauthorizedAccessException: Access is denied. Salim Af■ar ASP .Net 0 08-11-2003 12:10 PM
Re: System.UnauthorizedAccessException: Access to the path <file> is denied. (framework 1.1) S. Justin Gengo ASP .Net 0 07-14-2003 02:00 PM



Advertisments