Re: Access File Share from ASP.NET using Unmanaged Code
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/14/04
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Utter madness!"
- Previous message: Paul Mason: "Utter madness!"
- In reply to: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Next in thread: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Reply: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Reply: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Reply: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jul 2004 09:21:35 -0500
Yes, but my question was how are you launching the vbscript processes? I
understand the Win2K/1.0 part.
Joe K.
"Mark Duregon" <msdnonline@aspect.com.au> wrote in message
news:47607F44-4AF2-4501-857F-5E486376C687@microsoft.com...
> Thanks, but I did mention that I am using Windows 2000 and 1.0 of the
framework.
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
> > How are you calling the script files in this app? Are you using the
Process
> > class? In that case, you need to be aware that it will start the new
> > process with the current process' token, not the impersonation token.
Since
> > it would appear that you have a primary token, you could get around this
by
> > calling CreateProcessWithTokenW instead.
> >
> > If that isn't how you are calling the scripts, then how are you doing
it?
> >
> > Joe K.
> >
> > "Mark Duregon" <msdnonline@aspect.com.au> wrote in message
> > news:5A1E8402-3951-4673-B370-DBB71E5C85CA@microsoft.com...
> > > Hi,
> > >
> > > We have an application that requires appropriate users to run command
> > files on an adhoc basis. We have implmented a library that uses the
> > following code:
> > >
> > > using System;
> > > using System.Runtime.InteropServices;
> > > using System.Security.Principal;
> > > using System.Security.Permissions;
> > >
> > > namespace SAMIS.Porteco.Utilities
> > > {
> > > public enum LogonType : int
> > > {
> > > LOGON32_LOGON_INTERACTIVE = 2,
> > > LOGON32_LOGON_NETWORK = 3,
> > > LOGON32_LOGON_BATCH = 4,
> > > LOGON32_LOGON_SERVICE = 5,
> > > LOGON32_LOGON_UNLOCK = 7,
> > > LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Only for Win2K or higher
> > > LOGON32_LOGON_NEW_CREDENTIALS = 9 // Only for Win2K or higher
> > > };
> > >
> > > public enum LogonProvider : int
> > > {
> > > LOGON32_PROVIDER_DEFAULT = 0,
> > > LOGON32_PROVIDER_WINNT35 = 1,
> > > LOGON32_PROVIDER_WINNT40 = 2,
> > > LOGON32_PROVIDER_WINNT50 = 3
> > > };
> > >
> > > class SecuUtil32
> > > {
> > > [DllImport("advapi32.dll", SetLastError=true)]
> > > public static extern bool LogonUser(String lpszUsername, String
> > lpszDomain, String lpszPassword,
> > > int dwLogonType, int dwLogonProvider, ref IntPtr TokenHandle);
> > >
> > > [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
> > > public extern static bool CloseHandle(IntPtr handle);
> > >
> > > [DllImport("advapi32.dll", CharSet=CharSet.Auto,
SetLastError=true)]
> > > public extern static bool DuplicateToken(IntPtr
ExistingTokenHandle,
> > > int SECURITY_IMPERSONATION_LEVEL, ref IntPtr
DuplicateTokenHandle);
> > > }
> > >
> > > /// <summary>
> > > /// Summary description for NetworkSecurity.
> > > /// </summary>
> > > public class NetworkSecurity
> > > {
> > > private NetworkSecurity() {}
> > >
> > > public static WindowsImpersonationContext ImpersonateUser(string
> > domain, string login, string password,
> > > LogonType logonType, LogonProvider logonProvider)
> > > {
> > > IntPtr tokenHandle = new IntPtr(0);
> > > IntPtr dupeTokenHandle = new IntPtr(0);
> > > try
> > > {
> > > const int SecurityImpersonation = 2;
> > >
> > > tokenHandle = IntPtr.Zero;
> > > dupeTokenHandle = IntPtr.Zero;
> > >
> > > //
> > > // Call LogonUser to obtain a handle to an access token.
> > > //
> > > bool returnValue = SecuUtil32.LogonUser(login, domain,
password,
> > (int)logonType,
> > > (int)logonProvider, ref tokenHandle);
> > >
> > > if (false == returnValue)
> > > {
> > > int ret = Marshal.GetLastWin32Error();
> > > string strErr = String.Format("LogonUser failed with error
code
> > : {0}", ret);
> > > throw new ApplicationException(strErr, null);
> > > }
> > >
> > > bool retVal = SecuUtil32.DuplicateToken(tokenHandle,
> > SecurityImpersonation, ref dupeTokenHandle);
> > >
> > > if (false == retVal)
> > > {
> > > SecuUtil32.CloseHandle(tokenHandle);
> > > throw new ApplicationException("Failed to duplicate token",
> > null);
> > > }
> > >
> > > //
> > > // The token that is passed to the following constructor must
> > > // be a primary token in order to use it for impersonation.
> > > //
> > > WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
> > > WindowsImpersonationContext impersonatedUser =
> > newId.Impersonate();
> > >
> > > return impersonatedUser;
> > > }
> > > catch (Exception ex)
> > > {
> > > throw new ApplicationException(ex.Message, ex);
> > > }
> > >
> > > return null;
> > > }
> > > }
> > > }
> > >
> > > The problem we are having is that while network resources are not
> > restricted entirely because the batch files are able to run sql scripts
> > against the Oracle database, FTP etc. but the user cannot access a
network
> > share either by unc path or trying to map a drive as part of the script.
> > This problem only occurs when trying to run the script in this fashion
as it
> > works when run manually through a command prompt whic is expected, an
also
> > on a scheduled basis by the Windows Scheduler.
> > >
> > > Is their a permission I need to request/grant on the assembly and if
so
> > which assembly (the library/web or both). I have tried granting full
trust
> > to the assemblies without success.
> > >
> > > Alternatively is their a way to run a defined task from the scheduler.
I
> > read the documentation (all 2 lines of it) for the scheduler and did not
get
> > the impression that it is possible.
> > >
> > > Regards,
> > > Mark.
> > >
> > > P.S. I cannot give you an exception or error messages that occur when
I
> > try to run the task from the web application, because as soon as I try
to
> > access a network resource using the page I have created it simply
> > hangs/timesout but works perfectly when dealing with only local file
> > resources. FYI all command files are on the local machine but need to
> > access network shares to ctp then delete files.
> > >
> > > Platform: Windows 2000 Server w/ 1.0 Framework
> >
> >
> >
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Utter madness!"
- Previous message: Paul Mason: "Utter madness!"
- In reply to: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Next in thread: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Reply: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Reply: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Reply: Mark Duregon: "Re: Access File Share from ASP.NET using Unmanaged Code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
