Re: problem writing a file

From: Iain A. Mcleod (mcleodia_at_dcs.gla.ac.uk)
Date: 09/28/04

Next message: Mae: "Urgent Help on CAPICOM Decrypt and Encrypt"
Previous message: Dominick Baier: "Re: problem writing a file"
In reply to: Dominick Baier: "Re: problem writing a file"
Next in thread: Dominick Baier: "Re: problem writing a file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Sep 2004 00:09:08 +0100

Thanks again for the reply.

How can I find out if trust for delegation is enabled? Is it enabled on a
machine specific basis, and if so, is it the webserver or the smb server
providing that share which should have trust enabled?

Regards
Iain

"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:O7XGdROpEHA.3668@TK2MSFTNGP15.phx.gbl...
> if you are impersonating depends on the impersonate=true/false switch in
web.config.
>
> trust for delegation is a active directory setting.
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/>
>
> Thanks for your prompt reply Dominick
>
> I'm not sure which is the case as I am not the server administrator -
they
> are away :-(
> But I'm a bit confused as to the machine account needing to be trusted
for
> delegation?
> Is this an option in IIS admin?
>
> Regards
> Iain
>
> "Dominick Baier" <dotnet@leastprivilege.com> wrote in message
> news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...
> > hi,
> >
> > i don't know if you are running on w2k3 or w2k and if you intend to
> impersonate or not...
> >
> > here are the 2 scenarios
> >
> > 1. no impersonation
> >
> > Your asp.net app runs under the ASPNET (wk2/xp) account or Network
Server
> (w2k3). The local ASPNET account has no network credentials on another
> machine -> use a domain account instead. The Network Service account has
the
> credentials of the machine (MachineName$) when in Active Directory or
none
> if stand-alone. Also here - use a domain account or a account that
matches
> on both machines
> >
> > 2. impersonation
> >
> > if you are impersonating you are doing a second hop with the client
> credentials. your machine/service account has to be trusted for
delegation
> to achieve this.
> >
> >
> >
> > ---
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> >
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>
> >
> > Hi,
> > I'm really stuck with this one - wondering if you can spot the problem?
> > I think that it's a webserver problem that goes deeper than web.config.
> > I've not been able to write to a file on a network share via ASP.NET.
The
> > network share is not the same as the webserver.
> >
> > relevant section of web.config:
> > <appSettings>
> > 
> > <add key="ProjectCollection"
> > value=\\my_server\userhome\MyAccount\websiteTests\test.txt />
> > </appSettings>
> > 
> > </appSettings>
> > <system.web>
> > 
> > <authentication mode="Windows" />
> >
> > 
> > <identity impersonate="true" />
> >
> > <authorization>
> > <allow users="mydomain\myusername" />
> > <deny users="*" />
> > 
> > </authorization>
> > </system.web>
> > Relevant code:
> > Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles btnSearch.Click
> > 'identity we are running as - 2 ways of getting the same
> > information
> > ' returns my username if I am impersonating and
> > authenticating in web.config
> > 'however, still cannot write to either folder no
> > matter what I am impersonating or not
> > Trace.Write(Page.User.Identity.Name)
> >
> >
Trace.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
> > 'filename we are trying to write to
> > Dim strFileName As String =
> > ConfigurationSettings.AppSettings("ProjectCollection")
> > Trace.Write(strFileName)
> > 'fails here. This creates a file in location specified by
> > Config setting above
> > Dim fs As FileStream = New FileStream(strFileName,
> > FileMode.Append)
> > Dim w As New StreamWriter(fs)
> > w.WriteLine("Test")
> > w.Close()
> > fs.Close()
> > End Sub
> > Any Ideas?
> > Many thanks
> > Sorry for long post
> > Iain
> >
> >
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]

Next message: Mae: "Urgent Help on CAPICOM Decrypt and Encrypt"
Previous message: Dominick Baier: "Re: problem writing a file"
In reply to: Dominick Baier: "Re: problem writing a file"
Next in thread: Dominick Baier: "Re: problem writing a file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Probleme mit vertrauter Sicherheit von ASP nach MSSQL
... das wird Dir weiterhelfen bei WIndows 2003 Server. ... >> Aktiviere einfach für den Webserver Computer das Delegation Recht im AD. ... Next by Date: ...
(microsoft.public.de.sqlserver)
No domain trust because domain names are the same
... I have a webserver running Active dir. and named mydomain.org. ... on a server located at point B there for ecommerece hereforth named "Charge ... to create a oneway trust having the DC at Point B trust the DC at Point A ... Or another way of creating a persistant connection so I don't have to ...
(microsoft.public.windows.server.active_directory)
Re: IIS6 - Integrated Authentication Probs
... configure SPN's for the Web Server, ... configure 'trust for delegation' on the client user account. ...
(microsoft.public.inetserver.iis.security)
Re: Constrained delegation question!
... remote server running the services in terms of the security audits on the ... AUTHORITY\ANONYMOUS LOGON event. ... you won't be able to get Kerb delegation to ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Unix Bind and Windows DNS coexist problem with forwarder ON
... not a web server. ... Here is the MS KB link of how i setup in Microsoft DNS server. ... I setup delegation in UNIX BIND server to Windows 2003 ... >>> The above does not describe delegation. ...
(microsoft.public.windows.server.dns)