Re: Application Flow / security issues

if i set it so i can see errors remotely im told this.
"ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user. "

again, this doesnt make sense. I have the impersonate on in the web.config
and anon access disabled (as i said i verified that with the
windowsIdentity.GetCurrent() ) and its from the server to my workstation and
i have admin rights on my workstation and for that matter, the server..


"Justin Rich" <jrich523@xxxxxxxxxxxxxx> wrote in message
news:uiW7IxPBIHA.1356@xxxxxxxxxxxxxxxxxxxxxxx
I tried a using statement as you had suggested and i still get the
UnauthorizedAccessException


<jesse.houwing@xxxxxxxxx> wrote in message
news:21effc901fcc38c9d31cbe4302c2@xxxxxxxxxxxxxxxxxxxxx
Hello Alexey,

On Oct 1, 11:10 pm, Jesse Houwing <jesse.houw...@xxxxxxxxxxxxxxxx>
wrote:

Hello Justin,

im having some issues with application security and i was wondering
if anyone could point me in the direction of some good resources
that would explain the different levels of security.

the problem im currently having is im trying to make a web app that
will pull a file from the client (clients are on the lan and part of
the domain) and its giving me a denied access..

I have set IIS to not allow anon access (verified with
System.Security.Principal.WindowsIdentity.GetCurrent().Name) which
shows the username correctly.

I assume that whats happening now is its using the application pool
identity (set to Network Service by default) to go back to the
client instead of the logged in user creds. I tried messing with the
identity of the application pool with no luck

FileInfo fi1 = new FileInfo(path) <-- problem line

path resolves to something like \\ip\c$\folder\file.txt

I expect the users of my app to be local admins on the machine.

ASP.NET 2.0

You can set impersonation in the web.config. That should fix your
problem.

http://msdn2.microsoft.com/en-us/library/aa292118(VS.71).aspx

--
Jesse Houwing
jesse.houwing at sogeti.nl- Hide quoted text -
- Show quoted text -

or try

System.Security.Principal.WindowsImpersonationContext
impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.I
dentity).Impersonate();
FileInfo fi1 = new FileInfo(path)
...
impersonationContext.Undo();

if you're using an impersonationContext, you *must* also use either a
try/catch/finally block or use a using statement to make sure the
impersonation is undone.

WindowsImpersonationContext impersonationContext = null;
try
{
impersonationContext =
((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate();
// do stuff
}
catch
{
// Handle exceptions
}
finally
{
if (impersonationContext != null)
{
impersonationContext.Undo();
}
}

Or
Using (System.Security.Principal.WindowsImpersonationContext
impersonationContext =
((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
{
// Do stuff.
}

--
Jesse Houwing
jesse.houwing at sogeti.nl






.