Re: problem writing a file

• Previous message: Dominick Baier: "problem writing a file"
• In reply to: Dominick Baier: "problem writing a file"
• Next in thread: Dominick Baier: "Re: problem writing a file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Sep 2004 22:09:41 +0100

Thanks for your prompt reply Dominick

I'm not sure which is the case as I am not the server administrator - they
are away :-(
But I'm a bit confused as to the machine account needing to be trusted for
delegation?
Is this an option in IIS admin?

Regards
Iain

"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...
> hi,
>
> i don't know if you are running on w2k3 or w2k and if you intend to
impersonate or not...
>
> here are the 2 scenarios
>
> 1. no impersonation
>
> Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server
(w2k3). The local ASPNET account has no network credentials on another
machine -> use a domain account instead. The Network Service account has the
credentials of the machine (MachineName$) when in Active Directory or none
if stand-alone. Also here - use a domain account or a account that matches
on both machines
>
> 2. impersonation
>
> if you are impersonating you are doing a second hop with the client
credentials. your machine/service account has to be trusted for delegation
to achieve this.
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>
>
> Hi,
> I'm really stuck with this one - wondering if you can spot the problem?
> I think that it's a webserver problem that goes deeper than web.config.
> I've not been able to write to a file on a network share via ASP.NET. The
> network share is not the same as the webserver.
>
> relevant section of web.config:
> <appSettings>
> <!-- the location we cannot write to. My staging server
> doesn't have write permissions here, but I do if authenticating as
> myself -->
> <add key="ProjectCollection"
> value=\\my_server\userhome\MyAccount\websiteTests\test.txt />
> </appSettings>
> <!-- Neither of these work!
> I have write perms here for my user accunt and believe that
> my staging server has write perms here too
> add key="ProjectCollection"
> value=\\my_server\commondocuments\websiteTests\test.txt />
> -->
> </appSettings>
> <system.web>
> <!-- I have also tried "None" here -->
> <authentication mode="Windows" />
>
> <!-- I have tried leaving this out -->
> <identity impersonate="true" />
>
> <authorization>
> <allow users="mydomain\myusername" />
> <deny users="*" />
> <!-- I have tried allow users="*" but I think that then my server
> tries to authenticate as ASPNET. This certainly should not access my home
> folder, but should??? access the common share. I believe that my
> administrator has set up access privs for my server on the common share.
It
> doesn't access it however! -->
> </authorization>
> </system.web>
> Relevant code:
> Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles btnSearch.Click
> 'identity we are running as - 2 ways of getting the same
> information
> ' returns my username if I am impersonating and
> authenticating in web.config
> 'however, still cannot write to either folder no
> matter what I am impersonating or not
> Trace.Write(Page.User.Identity.Name)
>
> Trace.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
> 'filename we are trying to write to
> Dim strFileName As String =
> ConfigurationSettings.AppSettings("ProjectCollection")
> Trace.Write(strFileName)
> 'fails here. This creates a file in location specified by
> Config setting above
> Dim fs As FileStream = New FileStream(strFileName,
> FileMode.Append)
> Dim w As New StreamWriter(fs)
> w.WriteLine("Test")
> w.Close()
> fs.Close()
> End Sub
> Any Ideas?
> Many thanks
> Sorry for long post
> Iain
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]

• Previous message: Dominick Baier: "problem writing a file"
• In reply to: Dominick Baier: "problem writing a file"
• Next in thread: Dominick Baier: "Re: problem writing a file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]