Re: Problem using ASP.Net Impersonation to access UNC share

From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 29 Aug 2008 19:28:41 +1000

You can't directly impersonate a domain account on a workgroup server (your app tier server) because the app tier server is unable to logon the domain account.

Your options are to do what you're doing at the moment (NTLM pass through auth with synched accounts)
-or-
find some way to specify credentials when you connect across to the UNC share. This method is simply passing credentials to the remote server, which would then contact a DC in its domain to validate that the credeitals are valid.

Cheers
Ken

<joe.nicholas1@xxxxxxxxxxxxxx> wrote in message news:30cdaee0-089b-411c-98e4-f6528ce7d846@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I am working on an application where a web service (on the web tier)
calls another web/gateway service (on the app tier). This then needs
to save a file to a UNC share on a file server in our internal
network.

The issue that I'm having is that as our app tier is not on a domain,
I am unable to impersonate a domain account to access the share. I am
able to map a network drive to the share from the app tier by
connecting as a domain account but I have been unable to do the same
using ASP.Net. I have tried impersonating a domain account via the
web.config and also via the code.

I have managed to get a POC working by creating a local account on the
app tier and then creating the same account on the file server. If I
set my app to impersonate this local user I am able to save the file
successfully but when I try to impersonate a domain account the
authentication fails.

Has anybody else experienced a similar issue? Is there a way I can
impersonate a domain account on the app tier even though it is not on
the domain?

References:
- Problem using ASP.Net Impersonation to access UNC share
  - From: joe . nicholas1

Prev by Date: Problem using ASP.Net Impersonation to access UNC share
Next by Date: Re: Permissions on a shared folder
Previous by thread: Problem using ASP.Net Impersonation to access UNC share
Index(es):
- Date
- Thread

Relevant Pages

Re: Problem using ASP.Net Impersonation to access UNC share
... The issue that I'm having is that as our app tier is not on a domain, ... I am unable to impersonate a domain account to access the share. ... app tier and then creating the same account on the file server. ...
(microsoft.public.dotnet.general)
Problem using ASP.Net Impersonation to access UNC share
... The issue that I'm having is that as our app tier is not on a domain, ... I am unable to impersonate a domain account to access the share. ... app tier and then creating the same account on the file server. ...
(microsoft.public.inetserver.iis.security)
Problem using ASP.Net Impersonation to access UNC share
... The issue that I'm having is that as our app tier is not on a domain, ... I am unable to impersonate a domain account to access the share. ... app tier and then creating the same account on the file server. ...
(microsoft.public.dotnet.general)
Re: Domain could not be contacted problem
... running under a domain account so that you don't have to supply credentials ... and a server name, or you can supply a server or domain name and supply ... To impersonate a domain account, you generally do this by enabling ... All of the IIS security settings are configured via the IIS MMC on the ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Domain could not be contacted problem
... running under a domain account so that you don't have to supply credentials ... and a server name, or you can supply a server or domain name and supply ... To impersonate a domain account, you generally do this by enabling ... All of the IIS security settings are configured via the IIS MMC on the ...
(microsoft.public.dotnet.framework.aspnet.webservices)