RE: Access File Share from ASP.NET using Unmanaged Code

From: Mark Duregon (msdnonline_at_aspect.com.au)
Date: 07/14/04


Date: Tue, 13 Jul 2004 20:11:01 -0700

We use Forms authentication and if I set impersonate to true then I get an Access Denied excpetion when trying to access our Business Facade layer:

Access is denied: 'BusinessFacade'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IO.FileLoadException: Access is denied: 'BusinessFacade'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[FileLoadException: Access is denied: 'BusinessFacade'.]
   SAMIS.Porteco.Web.Global.Application_AuthenticateRequest(Object sender, EventArgs e) +0
   System.Web.SyncEventExecutionStep.Execute() +60
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +87

 

--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.0.3705.288; ASP.NET Version:1.0.3705.288

"David Coe, MCAD" wrote:

> Do you have impersonation enabled in your web.config file, and Windows authentication setup in IIS?
>
> "Mark Duregon" wrote:
>
> > Hi,
> >
> > We have an application that requires appropriate users to run command files on an adhoc basis. We have implmented a library that uses the following code:
> >
> > using System;
> > using System.Runtime.InteropServices;
> > using System.Security.Principal;
> > using System.Security.Permissions;
> >
> > namespace SAMIS.Porteco.Utilities
> > {
> > public enum LogonType : int
> > {
> > LOGON32_LOGON_INTERACTIVE = 2,
> > LOGON32_LOGON_NETWORK = 3,
> > LOGON32_LOGON_BATCH = 4,
> > LOGON32_LOGON_SERVICE = 5,
> > LOGON32_LOGON_UNLOCK = 7,
> > LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Only for Win2K or higher
> > LOGON32_LOGON_NEW_CREDENTIALS = 9 // Only for Win2K or higher
> > };
> >
> > public enum LogonProvider : int
> > {
> > LOGON32_PROVIDER_DEFAULT = 0,
> > LOGON32_PROVIDER_WINNT35 = 1,
> > LOGON32_PROVIDER_WINNT40 = 2,
> > LOGON32_PROVIDER_WINNT50 = 3
> > };
> >
> > class SecuUtil32
> > {
> > [DllImport("advapi32.dll", SetLastError=true)]
> > public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
> > int dwLogonType, int dwLogonProvider, ref IntPtr TokenHandle);
> >
> > [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
> > public extern static bool CloseHandle(IntPtr handle);
> >
> > [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
> > public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
> > int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
> > }
> >
> > /// <summary>
> > /// Summary description for NetworkSecurity.
> > /// </summary>
> > public class NetworkSecurity
> > {
> > private NetworkSecurity() {}
> >
> > public static WindowsImpersonationContext ImpersonateUser(string domain, string login, string password,
> > LogonType logonType, LogonProvider logonProvider)
> > {
> > IntPtr tokenHandle = new IntPtr(0);
> > IntPtr dupeTokenHandle = new IntPtr(0);
> > try
> > {
> > const int SecurityImpersonation = 2;
> >
> > tokenHandle = IntPtr.Zero;
> > dupeTokenHandle = IntPtr.Zero;
> >
> > //
> > // Call LogonUser to obtain a handle to an access token.
> > //
> > bool returnValue = SecuUtil32.LogonUser(login, domain, password, (int)logonType,
> > (int)logonProvider, ref tokenHandle);
> >
> > if (false == returnValue)
> > {
> > int ret = Marshal.GetLastWin32Error();
> > string strErr = String.Format("LogonUser failed with error code : {0}", ret);
> > throw new ApplicationException(strErr, null);
> > }
> >
> > bool retVal = SecuUtil32.DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);
> >
> > if (false == retVal)
> > {
> > SecuUtil32.CloseHandle(tokenHandle);
> > throw new ApplicationException("Failed to duplicate token", null);
> > }
> >
> > //
> > // The token that is passed to the following constructor must
> > // be a primary token in order to use it for impersonation.
> > //
> > WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
> > WindowsImpersonationContext impersonatedUser = newId.Impersonate();
> >
> > return impersonatedUser;
> > }
> > catch (Exception ex)
> > {
> > throw new ApplicationException(ex.Message, ex);
> > }
> >
> > return null;
> > }
> > }
> > }
> >
> > The problem we are having is that while network resources are not restricted entirely because the batch files are able to run sql scripts against the Oracle database, FTP etc. but the user cannot access a network share either by unc path or trying to map a drive as part of the script. This problem only occurs when trying to run the script in this fashion as it works when run manually through a command prompt whic is expected, an also on a scheduled basis by the Windows Scheduler.
> >
> > Is their a permission I need to request/grant on the assembly and if so which assembly (the library/web or both). I have tried granting full trust to the assemblies without success.
> >
> > Alternatively is their a way to run a defined task from the scheduler. I read the documentation (all 2 lines of it) for the scheduler and did not get the impression that it is possible.
> >
> > Regards,
> > Mark.
> >
> > P.S. I cannot give you an exception or error messages that occur when I try to run the task from the web application, because as soon as I try to access a network resource using the page I have created it simply hangs/timesout but works perfectly when dealing with only local file resources. FYI all command files are on the local machine but need to access network shares to ctp then delete files.
> >
> > Platform: Windows 2000 Server w/ 1.0 Framework



Relevant Pages

  • Announcements items get deleted unexpectedly
    ... the top of the page to return to your Web site. ... Exception Details: System.Runtime.InteropServices.COMException: Item ... the exception can be identified using the exception stack trace below. ... bstrUrl, String bstrListName, String bstrHtmlFormName, Int32 lFormType, ...
    (microsoft.public.sharepoint.portalserver)
  • Announcements items get deleted unexpectedly
    ... the top of the page to return to your Web site. ... Exception Details: System.Runtime.InteropServices.COMException: Item ... the exception can be identified using the exception stack trace below. ... bstrUrl, String bstrListName, String bstrHtmlFormName, Int32 lFormType, ...
    (microsoft.public.sharepoint.portalserver)
  • Announcements items get deleted unexpectedly
    ... the top of the page to return to your Web site. ... Exception Details: System.Runtime.InteropServices.COMException: Item ... the exception can be identified using the exception stack trace below. ... bstrUrl, String bstrListName, String bstrHtmlFormName, Int32 lFormType, ...
    (microsoft.public.sharepoint.portalserver)
  • How do I diagnose an error?
    ... customErrors in the server's .config file. ... An unhandled exception occurred during the execution of the ... Please review the stack trace for more information about ... visa.dps.ppc.RemoteClsConversion.GetHTML(String strXMLFile, String ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Detailed ASP.Net info not displaying in browser
    ... HTTP 500 page when an exception is thrown from the web service. ... at VOSE.Data.DataRequest.dr_DB2Process.DeleteCommRows(String company, String ... objQueue, tOrderManagementIndicator omindicator, Int32 intTriggerId) in ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.xml)