Impersonation Errors
-
I want impersonation turned on in my web application so the users domain credentials get used to access network resources. in my web.config I added: It worked on my localhost on my dev box. I copied it to the web server and it failed. Errors reported that it couldn't see the shares it was trying reach which needed impersonation to function. I remote desktoped into the webserver and tried to view it on localhost and it worked! So what more can I do to resolve impersonations when the user isnt on the local machine? The only code in use that needs the impersonation is a File.Copy(@"\\server\share$\file.txt", Server.MapPath(Request.ServerVariables["SCRIPT_MAP"]+@"\mynewfile.txt"), true); -- modified at 11:39 Monday 5th December, 2005
-
I want impersonation turned on in my web application so the users domain credentials get used to access network resources. in my web.config I added: It worked on my localhost on my dev box. I copied it to the web server and it failed. Errors reported that it couldn't see the shares it was trying reach which needed impersonation to function. I remote desktoped into the webserver and tried to view it on localhost and it worked! So what more can I do to resolve impersonations when the user isnt on the local machine? The only code in use that needs the impersonation is a File.Copy(@"\\server\share$\file.txt", Server.MapPath(Request.ServerVariables["SCRIPT_MAP"]+@"\mynewfile.txt"), true); -- modified at 11:39 Monday 5th December, 2005
Did you grant the account that is running asp_net service access to the directory? "People who never make mistakes, never do anything." My Blog
-
I want impersonation turned on in my web application so the users domain credentials get used to access network resources. in my web.config I added: It worked on my localhost on my dev box. I copied it to the web server and it failed. Errors reported that it couldn't see the shares it was trying reach which needed impersonation to function. I remote desktoped into the webserver and tried to view it on localhost and it worked! So what more can I do to resolve impersonations when the user isnt on the local machine? The only code in use that needs the impersonation is a File.Copy(@"\\server\share$\file.txt", Server.MapPath(Request.ServerVariables["SCRIPT_MAP"]+@"\mynewfile.txt"), true); -- modified at 11:39 Monday 5th December, 2005
If I remember correctly, you shouldn't use anonymous logon, and leave Windows authentication set. In the project where I worked, we needed to use basic authentication as well, so when the user tried to enter the site, they were requested their login/password pair to access, not a login page but the login asked by internet explorer itself. Hope this helps. daniero
-
Did you grant the account that is running asp_net service access to the directory? "People who never make mistakes, never do anything." My Blog
im avoiding using the local machines aspnet service account because it doesn't have premissions out in the enterprise domain and I could never talk the IT security guys into adding it. Thats why I was trying to turn impersonate on. but doesn't do it. but does work. But I dont really want it using my premissions coded in there... I want it to use the current users credentials -- modified at 19:45 Monday 5th December, 2005
-
If I remember correctly, you shouldn't use anonymous logon, and leave Windows authentication set. In the project where I worked, we needed to use basic authentication as well, so when the user tried to enter the site, they were requested their login/password pair to access, not a login page but the login asked by internet explorer itself. Hope this helps. daniero
i dont use anonymous... They have to be in a certain group to even reach the site. So I have it set for windows auth similar to the following.
-
I want impersonation turned on in my web application so the users domain credentials get used to access network resources. in my web.config I added: It worked on my localhost on my dev box. I copied it to the web server and it failed. Errors reported that it couldn't see the shares it was trying reach which needed impersonation to function. I remote desktoped into the webserver and tried to view it on localhost and it worked! So what more can I do to resolve impersonations when the user isnt on the local machine? The only code in use that needs the impersonation is a File.Copy(@"\\server\share$\file.txt", Server.MapPath(Request.ServerVariables["SCRIPT_MAP"]+@"\mynewfile.txt"), true); -- modified at 11:39 Monday 5th December, 2005
Hi there, IMHO, you may try using the sample code below to get the current account that your ASP.NET application is impersonating and check if it has enough permissions.
System.Security.Principal.WindowsIdentity.GetCurrent().Name
For more information, you can see http://support.microsoft.com/kb/306158/[^]
-
i dont use anonymous... They have to be in a certain group to even reach the site. So I have it set for windows auth similar to the following.
One problem with that authorization is that it is saying
allow usersinstead ofallow rolesalso you should usedeny users="?"so that it denies anyone that isnt authorized, sayingdeny users="*"will deny everybody. There is some work that needs to be done to allow the web server to pass that authenticated user account across after you gain access to the page. That will need to be a question for a server admin. There is the whole 2 hop rule which means that the server is not setup to delegate the user account forward. I hope this helps some. Cleako