Re: problem writing a file
From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 09/28/04
- Previous message: Mae: "Urgent Help on CAPICOM Decrypt and Encrypt"
- Maybe in reply to: Dominick Baier: "problem writing a file"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: problem writing a file"
- Reply: anonymous_at_discussions.microsoft.com: "Re: problem writing a file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: microsoft.public.dotnet.framework.aspnet.security Date: Mon, 27 Sep 2004 23:15:09 -0700
hi,
check out the machine settings in active directory users and computers.
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/ Thanks again for the reply.
How can I find out if trust for delegation is enabled? Is it enabled on a
machine specific basis, and if so, is it the webserver or the smb server
providing that share which should have trust enabled?
Regards
Iain
"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:O7XGdROpEHA.3668@TK2MSFTNGP15.phx.gbl...
> if you are impersonating depends on the impersonate=true/false switch in
web.config.
>
> trust for delegation is a active directory setting.
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/
>
> Thanks for your prompt reply Dominick
>
> I'm not sure which is the case as I am not the server administrator -
they
> are away :-(
> But I'm a bit confused as to the machine account needing to be trusted
for
> delegation?
> Is this an option in IIS admin?
>
> Regards
> Iain
>
> "Dominick Baier" <dotnet@leastprivilege.com> wrote in message
> news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...
> > hi,
> >
> > i don't know if you are running on w2k3 or w2k and if you intend to
> impersonate or not...
> >
> > here are the 2 scenarios
> >
> > 1. no impersonation
> >
> > Your asp.net app runs under the ASPNET (wk2/xp) account or Network
Server
> (w2k3). The local ASPNET account has no network credentials on another
> machine -> use a domain account instead. The Network Service account has
the
> credentials of the machine (MachineName$) when in Active Directory or
none
> if stand-alone. Also here - use a domain account or a account that
matches
> on both machines
> >
> > 2. impersonation
> >
> > if you are impersonating you are doing a second hop with the client
> credentials. your machine/service account has to be trusted for
delegation
> to achieve this.
> >
> >
> >
> > ---
> > Dominick Baier - DevelopMentor
> > http://www.leastprivilege.com
> >
> >
>
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>
> >
> > Hi,
> > I'm really stuck with this one - wondering if you can spot the problem?
> > I think that it's a webserver problem that goes deeper than web.config.
> > I've not been able to write to a file on a network share via ASP.NET.
The
> > network share is not the same as the webserver.
> >
> > relevant section of web.config:
> > <appSettings>
> > <!-- the location we cannot write to. My staging server
> > doesn't have write permissions here, but I do if authenticating as
> > myself -->
> > <add key="ProjectCollection"
> > value=\\my_server\userhome\MyAccount\websiteTests\test.txt />
> > </appSettings>
> > <!-- Neither of these work!
> > I have write perms here for my user ac*** and believe that
> > my staging server has write perms here too
> > add key="ProjectCollection"
> > value=\\my_server\commondocuments\websiteTests\test.txt />
> > -->
> > </appSettings>
> > <system.web>
> > <!-- I have also tried "None" here -->
> > <authentication mode="Windows" />
> >
> > <!-- I have tried leaving this out -->
> > <identity impersonate="true" />
> >
> > <authorization>
> > <allow users="mydomain\myusername" />
> > <deny users="*" />
> > <!-- I have tried allow users="*" but I think that then my server
> > tries to authenticate as ASPNET. This certainly should not access my
home
> > folder, but should??? access the common share. I believe that my
> > administrator has set up access privs for my server on the common
share.
> It
> > doesn't access it however! -->
> > </authorization>
> > </system.web>
> > Relevant code:
> > Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles btnSearch.Click
> > 'identity we are running as - 2 ways of getting the same
> > information
> > ' returns my username if I am impersonating and
> > authenticating in web.config
> > 'however, still cannot write to either folder no
> > matter what I am impersonating or not
> > Trace.Write(Page.User.Identity.Name)
> >
> >
Trace.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
> > 'filename we are trying to write to
> > Dim strFileName As String =
> > ConfigurationSettings.AppSettings("ProjectCollection")
> > Trace.Write(strFileName)
> > 'fails here. This creates a file in location specified by
> > Config setting above
> > Dim fs As FileStream = New FileStream(strFileName,
> > FileMode.Append)
> > Dim w As New StreamWriter(fs)
> > w.WriteLine("Test")
> > w.Close()
> > fs.Close()
> > End Sub
> > Any Ideas?
> > Many thanks
> > Sorry for long post
> > Iain
> >
> >
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
[microsoft.public.dotnet.framework.aspnet.security]
