Re: Impersonation in ASP.net

From: Bunty (Bunty_at_discussions.microsoft.com)
Date: 12/10/04

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation in ASP.net" 
    Date: Fri, 10 Dec 2004 14:13:04 -0800

    Joe,
    Thanks for your reply,

    I am impersonating using a domain user which has all the permissions on the
    share we are trying to access. Is it not impersonating at all?

    Error too does not sound like a permission error?

    Bhupendra

    "Joe Kaplan (MVP - ADSI)" wrote:

    > No, the message below was in regards to a discussion about launching an
    > external process from within ASP.NET under a different security context than
    > the worker process account.
    >
    > I think what you are trying to do is impersonation in order use the current
    > security context to do something to a file on a remote drive. I'm not a
    > super expert on this, but typically, these issues have to do with double hop
    > problems that are fixed by implementing Kerberos delegation.
    >
    > The problem is usually that you impersonate the logged on user, but because
    > you used Windows Integrated Auth in IIS, the token created for that user is
    > an impersonation token and it cannot "hop" to a different machine. As a
    > result, the caller on the remote machine is actually the anonymous user, not
    > the user in question. You can verify that by turning on object access
    > auditing in the remote machine's local security policy and setting the SACL
    > on the file to allow audits.
    >
    > Joe K.
    >
    > "Bunty" <Bunty@discussions.microsoft.com> wrote in message
    > news:1E60121C-9541-4A37-9303-532B915B3246@microsoft.com...
    > > Joe,
    > >
    > > I came across the message this message in the messageboard.
    > >
    > > If I understood it correctly, Did you mean that we can not implement
    > > impersonation in ASP.Net process either?
    > >
    > > I am trying to impersonate a windows user in the Asp.Net application for
    > > copying files from the Remote directory to another another remote
    > > directory
    > > on the same server. Impersonation seems to be working fine.
    > >
    > > But it is raising the exception 'Could not find the file "...."'. I am
    > > sure
    > > that the file exists in that folder but still getting the same error.
    > >
    > > Here is the complete error message:
    > >
    > > Server Error in '/' Application.
    > >
    > >
    > > --------------------------------------------------------------------------------
    > >
    > >
    > > Could not find file "\\remotecomputer\cs\Asset\x.txt".
    > > Description: An unhandled exception occurred during the execution of the
    > > current web request. Please review the stack trace for more information
    > > about
    > > the error and where it originated in the code.
    > >
    > > Exception Details: System.IO.FileNotFoundException: Could not find file
    > > "\\remotecomputer\cs\Asset\x.txt".
    > >
    > > Source Error:
    > > An unhandled exception was generated during the execution of the current
    > > web
    > > request. Information regarding the origin and location of the exception
    > > can
    > > be identified using the exception stack trace below.
    > >
    > >
    > > Stack Trace:
    > >
    > >
    > > [FileNotFoundException: Could not find file
    > > "\\remotecomputer\cs\Asset\x.txt".]
    > > System.IO.__Error.WinIOError(Int32 errorCode, String str) +181
    > > System.IO.File.InternalCopy(String sourceFileName, String destFileName,
    > > Boolean overwrite) +314
    > > System.IO.File.Copy(String sourceFileName, String destFileName) +7
    > > SampleDailies.createclip.CreateFile() in C:\test\filecopy.aspx.vb:159
    > > SampleDailies.createclip.Page_Load(Object sender, EventArgs e) in
    > > C:\test\filecopy.aspx.vb:28
    > > System.Web.UI.Control.OnLoad(EventArgs e) +67
    > > System.Web.UI.Control.LoadRecursive() +35
    > > System.Web.UI.Page.ProcessRequestMain() +750
    > >
    > >
    > >
    > >
    > >
    > > --------------------------------------------------------------------------------
    > >
    > >
    > > Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
    > > ASP.NET
    > > Version:1.1.4322.2032
    > >
    > > Thanks in advance,
    > > Bunty
    > >
    > >
    > > "Joe Kaplan (MVP - ADSI)" wrote:
    > >
    > >> Do a search in this group or microsoft.public.dotnet.security with Google
    > >> for a thread that discussed using WMI to do this.
    > >>
    > >> Essentially, you can't use impersonation and the standard .NET Process
    > >> class
    > >> to do this as it doesn't pick up the impersonated identity and will alway
    > >> use the process identity. Other people have tried calling
    > >> CreateProcessWithLogonW or the AsUser or WithTokenW via p/invoke and
    > >> haven't
    > >> had much luck either. The WMI approach seems to work very well.
    > >>
    > >> You do need the users plaintext password for this though I'm pretty sure.
    > >> You definitely need a primary token one way or the other.
    > >>
    > >> Best of luck,
    > >>
    > >> Joe K.
    > >>
    > >> "Hananiel" <hananiel@yahoo.com> wrote in message
    > >> news:e338e321.0410151204.47822a55@posting.google.com...
    > >> >I want an asp.net buttonclick_onserver event to run a process as a
    > >> > given domain user on the server. What is the easiest way to do this.
    > >> >
    > >> > For some reason "LogonUser" fails with "Unknown user or password"
    > >> > LocalMachine/Administrator also failed.
    > >>
    > >>
    > >>
    >
    >
    >

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation in ASP.net"
    • Quantcast