Web Services, Remoting, Network Security headache

From: charlie (charlie_at_nunya.com)
Date: 10/30/03 

Date: Thu, 30 Oct 2003 18:38:59 GMT

I have a web service that is accessed from the Internet. From that service
I want to call into a remoting server that will create a document that is
returned as a DIME attachment. So far so good. The problem comes within
the remoting server.

The server calls a service which, in turn executes an exe and passes to it a
pregenerated file containing a list of parameters for the document
generation. The exe's job is to read the parameter file, connect to a
database, generate the document, and exit. The exe performs flawlessly if
all the resources for generating the document are on the local machine.
However that will not be the case in the production environment. All the
document templates will reside on network share drives and this is where I
am running into trouble. Once the exe begins referencing the network
shares, I am seeing the following exception:

System.IO.IOException: Logon failure: unknown user name or bad password.

   at System.IO.__Error.WinIOError(Int32 errorCode, String str)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
   access, FileShare share, Int32 bufferSize, Boolean useAsync, String
   msgPath, Boolean bFromProxy)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess
   access, FileShare share)
   at System.IO.File.Open(String path, FileMode mode)
   at MergeDoc.Merge.GetFile()

I understand the reason for this - that the context of the ASPNET account
does not have the authority and is not recognized by the Domain. However, I
have tried without success to do the following:

1) Impersonation - I have impersonated a valid domain account for the entire
Web Service Application and I have impersonated at the code block level
without success.
2) Assert - I have tried a number of different variations of asserts using
the FileIOPermission object but have not had any success here either. I
must admit that I am fairly green to the System.Security.Permissions objects
and functionality so I may be missing something here.

Can anybody tell me if this is an issue that I am ever going to solve and if
so, point me in the right direction?

Thanks in advance.
Charlie

Relevant Pages

  • Re: Returning interfaces from web-services and remoting servers?
    ... You could certainly make it appear like the web service and remoting server ... use the same, well-defined interface. ... you've defined an IDocument interface for. ...
    (microsoft.public.dotnet.framework)
  • Re: Client IP Address
    ... use a web service that returns your external ip and send it to ... your remoting server. ... >from at the server level? ... Prev by Date: ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: ASPNET and Impersonation
    ... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ...
    (microsoft.public.dotnet.security)
  • Re: ASPNET and Impersonation
    ... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows authentication for web service client??
    ... I have a web service that make a webDav request to Exchange. ... I have impersonation on but when I use the defaultCredentials in the web ... credentials have rights to make this request and I'm at my wits end trying ... >>> The ASPNET account is a local account, so the other machine or domain ...
    (microsoft.public.dotnet.framework.aspnet.webservices)