RE: Impersonate

Hi Zino,

From your description, you're encountering Access Denied error when try
saving a Excel document in ASP.NET webapplication, correcct?

Regarding on the problem you mentioned, I think the account is the first
thing we should check, I suggest try the following things first:

** use filemon tool to verify the Access Denied error and the problem
account

** run the same code with the same account (as in your asp.net application)
in a winform or console application to see whether it works.

** Also, instead of excel file, you can try a normal txt file to see
whether the problem is specfic to the office automation code.

BTW, I saw that you've enabled "impersonate" in web.config file as below:

<authentication mode="Windows"/>
<identity impersonate="true">


then, why did you also use code to programmatically do the impersonation?
You should either impersonate through the web.config setting or use code.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: =?Utf-8?B?emlubw==?= <zino@xxxxxxxxxxxxxxx>
Subject: Impersonate
Date: Fri, 8 Feb 2008 13:41:00 -0800

X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

on Windows Xp and in ASP net 2.0 application,
I followed the example under the following link:
http://msdn2.microsoft.com/en-us/library/system.security.principal.windowsid
entity.impersonate(VS.71).aspx

to save an Excel file, but I keep getting Access denied error.
(I have administartor privilege and I impersonate a domain account
(otherUser) that have administrator permissions too where the Excel file
is
being saved)

note: without impersonation the code works fine under my account.

the web config file is set to :
<authentication mode="Windows"/>
<identity impersonate="true">

and "Integrated Windows Authentication" is the only thing checked in IIS

the web page :
sub Page_Load()
dim xl As myExcel = New myExcel()
xl.SaveExcel("c\test.xls")
end sub

class myExcel
function SaveExcel(filePath As String) As Boolean
dim xl As Excel.Application
dim wb As Excel.Workbook
.... .. . . ' code omitted

dim myImpersonate As New cls_impersonate
if myImpersonate.StartImpersonation(otherUser, otherPwd) Then
wb.SaveAs(filePath, FileFormat:=Excel.XlFileFormat.xlExcel7) '
generate Access is denied error
else
' ... .. .. .
end if
myImpersonate.UndoImpersonation()
end function

end class


class cls_impersonate
Private _impersonatedUser As WindowsImpersonationContext
Private _tokenHandle As New IntPtr(0)

function StartImpersonation(otherUser as string, otherPwd as string) as
boolean
'.. same as in the MSDN example and impersonation succeed without any
error.
' but the following:
' WindowsIdentity.GetCurrent().Name --> return --> domain\otherUser
' while
' httpcontext.Current.User.Identity.Name --> return --> domain\myName
' which I don't understand
end function

sub UndoImpersonation
Me._impersonatedUser.Undo()
If Not System.IntPtr.op_Equality(Me._tokenHandle, IntPtr.Zero)
Then
CloseHandle(Me._tokenHandle)
end sub
end class


thanks for help


.

Relevant Pages

  • RE: NetworkService Account alternative
    ... configure your ASP.NET application to use a custom application pool ... identity(process account) which can be authenticated by the remote SQL ... You can use impersonate to make your ASP.NET page request running under ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Sql Reporting Serviced - > ASP.NET ACCESS DENIED!
    ... The account you are logging in to when on the server doesn't have the ... do you have <Impersonate> set to True? ... > Exception Details: System.UnauthorizedAccessException: Access to the path ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to use WindowsPrincipal properly??
    ... > If you want to check if the user is in the local computers security group ... > used by the general public you have to use Basic Authentication of course. ... You can logon a set account ... > WindowsIndentity which is then used to Impersonate. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Excel Services error and Kerberos
    ... the same account towards SSAS will be used whatever ... I got it work with SSO! ... (SharedServices running Excel Services) ... In the group "Security Configuration" click at the link "Manage settings ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Accounting Reports in Access
    ... this was an Excel sheet. ... This is linked to the main information table using the account number ... you could build a report that groups by teach organization. ... I would then build a sub report that sums up all of the payments made by ...
    (microsoft.public.access.reports)