problem writing a file

From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 09/27/04 

To: microsoft.public.dotnet.framework.aspnet.security
Date: Mon, 27 Sep 2004 13:37:50 -0700

hi,

 i don't know if you are running on w2k3 or w2k and if you intend to impersonate or not...

 here are the 2 scenarios

 1. no impersonation

 Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server (w2k3). The local ASPNET account has no network credentials on another machine -> use a domain account instead. The Network Service account has the credentials of the machine (MachineName$) when in Active Directory or none if stand-alone. Also here - use a domain account or a account that matches on both machines

 2. impersonation

 if you are impersonating you are doing a second hop with the client credentials. your machine/service account has to be trusted for delegation to achieve this.

 

 ---
 Dominick Baier - DevelopMentor
 http://www.leastprivilege.com

   nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>

 Hi,
 I'm really stuck with this one - wondering if you can spot the problem?
 I think that it's a webserver problem that goes deeper than web.config.
 I've not been able to write to a file on a network share via ASP.NET. The
 network share is not the same as the webserver.
 
 relevant section of web.config:
 <appSettings>
 <!-- the location we cannot write to. My staging server
 doesn't have write permissions here, but I do if authenticating as
 myself -->
 <add key="ProjectCollection"
 value=\\my_server\userhome\MyAccount\websiteTests\test.txt />
 </appSettings>
 <!-- Neither of these work!
 I have write perms here for my user ac*** and believe that
 my staging server has write perms here too
 add key="ProjectCollection"
 value=\\my_server\commondocuments\websiteTests\test.txt />
 -->
 </appSettings>
 <system.web>
 <!-- I have also tried "None" here -->
 <authentication mode="Windows" />
 
 <!-- I have tried leaving this out -->
 <identity impersonate="true" />
 
 <authorization>
 <allow users="mydomain\myusername" />
 <deny users="*" />
 <!-- I have tried allow users="*" but I think that then my server
 tries to authenticate as ASPNET. This certainly should not access my home
 folder, but should??? access the common share. I believe that my
 administrator has set up access privs for my server on the common share. It
 doesn't access it however! -->
 </authorization>
 </system.web>
 Relevant code:
 Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
 System.EventArgs) Handles btnSearch.Click
 'identity we are running as - 2 ways of getting the same
 information
 ' returns my username if I am impersonating and
 authenticating in web.config
 'however, still cannot write to either folder no
 matter what I am impersonating or not
 Trace.Write(Page.User.Identity.Name)
 
 Trace.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
 'filename we are trying to write to
 Dim strFileName As String =
 ConfigurationSettings.AppSettings("ProjectCollection")
 Trace.Write(strFileName)
 'fails here. This creates a file in location specified by
 Config setting above
 Dim fs As FileStream = New FileStream(strFileName,
 FileMode.Append)
 Dim w As New StreamWriter(fs)
 w.WriteLine("Test")
 w.Close()
 fs.Close()
 End Sub
 Any Ideas?
 Many thanks
 Sorry for long post
 Iain
 
 
 
 [microsoft.public.dotnet.framework.aspnet.security]