Re: Access network resources from ASP.NET
From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 11/10/03
- Next message: Ashis Govind: "IIS vs Apache"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: Windows authentication in classic ASP"
- In reply to: AlKa: "Re: Access network resources from ASP.NET"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Nov 2003 19:46:53 GMT
Alessandro,
Thanks for the sentiment. Glad to have resolved your issue. :)
Jim Cheshire [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------
>From: "AlKa" <me@office>
>References: <O#lL0WXmDHA.708@TK2MSFTNGP10.phx.gbl>
<ssXEm8YmDHA.2464@cpmsftngxa06.phx.gbl>
>Subject: Re: Access network resources from ASP.NET
>Date: Sun, 9 Nov 2003 00:29:10 +0100
>Lines: 99
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <#SdS#7kpDHA.2012@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: host106-159.pool217222.interbusiness.it 217.222.159.106
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7476
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>THANK YOU JIM!!!
>
>I looked for it (306158 INFO) for a long long time ... I love you!
>
>Alessandro
>
>"Jim Cheshire [MSFT]" <jamesche@online.microsoft.com> ha scritto nel
>messaggio news:ssXEm8YmDHA.2464@cpmsftngxa06.phx.gbl...
>> Dima,
>>
>> What you are doing is possible. What Mitch is talking about in his post
>is
>> delegation of credentials. Essentially, this means that if you are
>> browsing the site and using your credentials sent by the browser, those
>> same credentials cannot be used to access another resource on a machine
>> remote to the Web server. In that scenario, the Web server is delegating
>> your credentials, and such is prevented when using NTLM authentication.
>If
>> all of the boxes are using Windows 2000 or later, you can use Kerberos
and
>> delegation to get around that.
>>
>> However, what you really want to do is impersonate this user just to run
a
>> certain section of code and to write to the network resource. In that
>> case, code-level impersonation using PInvoke to call LogonUser is the
>> perfect solution.
>>
>> Here is an article that explains how to do that:
>> 306158 INFO: Implementing Impersonation in an ASP.NET Application
>> http://support.microsoft.com/?id=306158
>>
>> Jim Cheshire [MSFT]
>> Developer Support
>> ASP.NET
>> jamesche@online.microsoft.com
>>
>> This post is provided as-is with no warranties and confers no rights.
>>
>> --------------------
>> >From: "Dima Semensky" <dsemen@bellsouth.net>
>> >Subject: Access network resources from ASP.NET
>> >Date: Thu, 23 Oct 2003 10:55:28 -0400
>> >Lines: 34
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <O#lL0WXmDHA.708@TK2MSFTNGP10.phx.gbl>
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>> >NNTP-Posting-Host: 208.18.161.2
>> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl
>> microsoft.public.dotnet.framework.aspnet.security:7296
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>> >
>> >Hi!
>> >
>> >after extensive research of this topic, I'm still not sure what is
>> >"official" way to do it.
>> >
>> >Task:
>> >
>> > 1. User submits some request to ASP.NET application and the app
>should
>> >write the result to a network share.
>> > 2. Integrated Authentication must be used
>> > 3. No open password are allowed to be specified in any config files
>> > 4. Can't assign special domain user as Local Administrator
>> >
>> >Problem:
>> >
>> > With default setup, it is not possible due to security reasons.
>> >
>> >Related topics:
>> > - impersonation
>> > - machine.config - processModel.userName
>> > - IUSR_MACHINE user
>> > - delagation
>> >
>> >Here is where I'm stuck: I'd like to use impersonation like this:
>> > <identity impersonate="true" userName="Bob" password="pwd" />
>> >
>> >but this topic explains that it's not possible:
>>
>>http://groups.google.com/groups?q=impersonate+Logon+failure:+unknown+user+
n
>>
>ame+or+bad+password.++group:microsoft.public.dotnet.*&hl=en&lr=&ie=UTF-8&oe
=
>>
>UTF-8&group=microsoft.public.dotnet.*&selm=uzT4T%23%23wCHA.2680%40TK2MSFTNG
P
>> 09&rnum=1
>> >
>> >Any ideas?
>> >
>> >Dima Semenskyy.
>> >
>> >
>> >
>>
>
>
>
- Next message: Ashis Govind: "IIS vs Apache"
- Previous message: anonymous_at_discussions.microsoft.com: "Re: Windows authentication in classic ASP"
- In reply to: AlKa: "Re: Access network resources from ASP.NET"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
