Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.NET usage of UNC paths (worker process)

Status
Not open for further replies.
onpnt

onpnt

Programmer
Dec 11, 2001
7,778
US
The short story is I'm attempting to access a remote resource from within an ASP.NET app via UNC path by the GetFiles() method. After much reading I see that even knowing I have full impersonation and the use of windows integrated authentication set the worker process plays a big role in this type of remote access. So in all that I created a new application pool to run under a domain account that has access to the local and remote servers. I set the GP as such so the domain account has permissions to impersonate and a few other MS stated requirements to use the account as an identity to the worker process. Nothing works however and even knowing the event log is showing the worker process running now under the domain account I still cannot access the remote files via UNC paths.

Here's the exact config to now
IIS 6 settings anonymous unchecked and integrated windows authentication ticked. Application pool runs under a domain account for the identity and verified as such in the task manager. This domain account is a domain admin (for testing only).
web.config
Code: 
<identity impersonate="true" />
<authentication mode="Windows"/>
machine.config
Code: 
<processModel autoConfig="true"/>

Any insight to what I'm doing wrong or what ASP.NEt is doing to make this difficult would be greatly appreciated. Thanks all!

I’ve been working on this pretty much all night so I apologize if I failed to provide info that is needed. Please ask for whatever you need for other settings or events

This thread is very similar
but I didn't see much of a resolution in it.

____________ signature below ______________
The worst mistake you'll ever make is to do something simply the way you know how while ignoring the way it should be done
 
Sort by date Sort by votes
Hi Ted,

Impersonation can be a bit of a pain just because it's very hard to debug. About the best message you ever get is "access denied" but that usually doesn't help.

In a previous application, I had a similar setup and ended up impersonating the user in code instead as it gave a bit more freedom and tended to be easier to debug.

There's an MSDN article on it here:


Maybe that'll work for you?


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.
 
Upvote 0 Downvote
I have a feeling I've done something else incorrectly. Of course when I debug or run the site locally it works fine. That always drives me nuts. When I impersonate the user in the code and write the identity to the screen it is showing the correct user (myself in this case) but still fails to access the remote folder by unc path.

I'll keep searching for my error. I'm sure the 2 days without sleep have something to do with it ;-)


here's the changes I tried on impersonating in the code.
Code: 
            Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
            Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

            currentWindowsIdentity = CType(User.Identity, System.Security.Principal.WindowsIdentity)
            impersonationContext = currentWindowsIdentity.Impersonate()

            For Each f In SourceFiles.GetFiles()

I'll double check that any config files are not interfering with this as well.

Thanks for the help Mark

____________ signature below ______________
The worst mistake you'll ever make is to do something simply the way you know how while ignoring the way it should be done
 
Upvote 0 Downvote
I ended up creating a workaround for this. I pulled the directory that was remote onto the web server for now. This application is internal for now so there wasn't a security problem.

However this will be placed on a DMZ soon so I will revisit it and post back with my debug results and hopefully a solution to why my exact configuration was not working. I'm also visiting the concept of creating a virtual directory for remote access to the files once this is on the DMZ along with a combination of local and windows level security. We're working through the SSL VPN configuration now so I'll be able to post back a solution soon.

Thanks again.

____________ signature below ______________
The worst mistake you'll ever make is to do something simply the way you know how while ignoring the way it should be done
 
Upvote 0 Downvote
Yeah, let us know how it goes Ted. I'm a bit puzzled to what it could be though...


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
852
Makumbi256
Makumbi256
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
830
snakehips2000
snakehips2000
AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
1K
AhmedAzizBarbary
AhmedAzizBarbary
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
293
WIREMESH
WIREMESH
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
393
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top