Security :: Impersonation With IIS And UNC Virtual Path Share
Oct 28, 2010
It took me 6 hours to figure this one out and I'm wondering if someone can give me an answer why it has to work this way. I have two PCs, one is a webserver win2k 2003 and the other is the file server running Windows XP. Both PCs are on the same company domain therefore they can see each user. The share folder has NETWORK, NETWORK SERVICE, USERS (which include IIS authenticated users), a LOCAL account, and a specific User (which is me) that is given access to read. In my web application, I call a server.mappath. In IIS6.0, anonymous is disabled so users use integrated Windows Authentication. I can see this by verifiying User.Identity.Name.ToString(); Next, I also check WindowsIdentity.GetCurrent().Name.ToString();. In my first run, I set impersonate to true and thats it. Both User.Identity and both Windows.Identity show: mydomainsmith_B as an example.
When trying to access the UNC virtual path whcih has "Always use the authenticated user's credentials when validating access to the network directory" checked. This means , IIS6.0 will pass mydomainsmith_B credentials to the file server. I get an access denied which is verified by a thrown exception. I go back and check the file server and under the security tabs, I did add myself which shows smith_B under the security and for kicks, I'm also under Share tab.
Next, I try to authenticate using a "LOCAL" account on the file server. The local account is called username/password: temp/temp. So I set web.config to impersonate=true, userName=temp password=temp. Okay, so I go back into IIS 6.0 and for the virtual directory, I go to "Connect As" and set Username and password to: temp/temp and un-check "always use the authenticated user's credential". Finally, i reload the page. This time the page shows me:
User.Identity.Name: mydomainsmith_B
WindowsIdentity.GetCurrent().Name: temp
perfect, so now I'm impersonating temp. I click a button to access the UNC path and boom, it all works. So why doesn't my local PC authenticate ME, as MYSELF, which is on the domain, which is on the same domain. Why do I have to impersonate a local account to the file server? Why can't I just impersonate myself? Also, If I disable impersonation, it becomes NT AUTHORITYNETWORK SERVICE. This service also can't access the UNC path even when I have enabled the same security and same share settings.
View 1 Replies
Similar Messages:
Apr 26, 2010
If you use anonymous access + impersonation of a windows domain account to access a file on a network share, is the password sent in clear text?
View 3 Replies
Oct 27, 2010
A month ago I got everything working but now my code has changed and my server may have been misconfigured.
Basically, I'm running IIS 6.0 and Win2k 2003. The webserver will map a network path UNC share at: //wave/test
Also, I have webconfig set up to do: impersonate = true (no username/password defined)
the path //wave/test is another computer that runs Windows XP. Wave is the computer name, test is the folder name. So C: est is the folder to access. The current permissions under C: est on the file server is: Administrator, IUSR_WEB (read-only) and "Wave_user" (read-only)
Back in WinServer 2003, i've added a virtual directory and mapped to \wave est and applied a local username/password for Wave_user. I am able to see/browse all the files in IIS 6.0 and see the files/folders. I call the virtual directory alias: "Waves". Inside Authentication method for this virtual directory, i applied Wave_user and the local password of the local file-server PC , and checked enable anonymous access w/ integrated windows authentication.
Also, back in virtual directory, I set "Connect As" to wave est as username and password as the local password.
When I access the webapplication, using my current local PC credential, and try to access the network share, which in C# is the command: server.mappath@("wave"... i get a Server Error 401. in the browser.
View 2 Replies
Jun 4, 2010
Programmatic impersonation access denied to UNC path
[WebMethod]
View 1 Replies
Jan 29, 2010
We have a web farm and are writing temp files for reports. We set up a file share and are using impersonation to write the temporary report files to that share. We gave the account doing the impersonation full control to the share and the folder itself.The files are writing correctly but are not being deleted.Is there something we're missing with this setup?
View 4 Replies
Oct 7, 2010
I have a code to open PDF file, like this
[Code]....
Over here I have created a folder with name Data inside my solution, so the Server.Mappath("Data") as well the statemet for converting assigning the src property of the IFrame I1 is working properly. But I want to use the files from a folder which resides in a network folder like
View 1 Replies
Jul 3, 2010
I am trying to upload a file Into a MapPath but I am getting a error 'C:/WebSite/userimages/' is a physical path, but a virtual path was expected. My code is:
[Code]....
View 6 Replies
Feb 14, 2010
I am trying to convert the virtual path to a physical path but don't seem to have Server.MapPath or HttpServerUtility.MapPath available in my handler. I add the System.Web namespace with no luck.
string virtualTargetFolder = String.Format("~/UserImages/{0}/Images/", user.ProviderUserKey.ToString());
string physicalTargetFolder = System.Web.HttpServerUtility.MapPath (virtualTargetFolder);
View 2 Replies
Jan 30, 2010
the syntax to convert a virtual path to a physical path.
I wanted to upload a file located in one server and i know only the website name.
View 3 Replies
Jun 21, 2010
How to share data between two virtual directory without using Querystring?
View 6 Replies
Jul 27, 2010
I have 2 different Virtual Directories on my local IIS 7.0 server. I want to do session Management in such a way that Session variable created in one Virtual Directory is easily available in another Virtual Directory. I want to achieve this using SQL Server 2005. Till now I have done the following things
1) In my web.config file I have added the following entry
<sessionState mode="SQLServer" sqlConnectionString="Data Source=11.11.11.11;Integrated Security=False;User ID=uid;pwd=pwd" sqlCommandTimeout="30" >
</sessionState>
2) In SQL Server I have a database called ASPState that has 2 tables ASPStateTempApplications and ASPStateTempSessions and also some Store Procedures
Now If I create Session variable called Session["ProductID"] in Virtual directory A how can I access Session["ProductID"] in Virtual directory B.
View 5 Replies
Mar 3, 2011
Is there a reason Impersonation does not seem to work with a UNC path using File.OpenRead()? I'm utilizing codeproject's Impersonation utility: [URL] I have a user with rights to the share that I'm passing to OpenRead(). This is my code and it's not accessing the file:
try
{
bool canImp = imp.ImpersonateValidUser(impUser, domain, impPwd);
FileStream fs = File.OpenRead(filePath);
logger.Debug("File stream opened...");
byte[] b = new byte[fs.Length];
fs.Read(b, 0, b.Length);
fs.Close();
//code continued
View 1 Replies
Jan 6, 2011
I am new to asp.net and trying to build a top level in asp.net. Actually i want to save .aspx pages in sql server database and excute directly from the database. I search a lot and come to know about VirtualPathprovider class. It is helpful in building cms like what i want but the problem is that i am quite unable to understand the use of this class.
View 1 Replies
Mar 1, 2010
My basic question is, can a virtual directory in IIS point to a physical path that's not on the local machine? For instance, right now I have a virtual path /NaturalGasReport/NYMEX which points to physical path C:Program Files (x86)NymexSettleNATGAS_REPORTNYMEX, but I want it to point to a physical path on a difference PC on the same network. Is this possible? (I know I can just try it out so I apologize for asking but I thought it would be best to get an explanation along with "yes" or "no"). If you want more detail, this is what I need to do. To make a long story short, because of a vendor product we are using that won't run on a 64-bit operating system, I have to run a program called Generate_NGReportData.vbs (it's a vbscript program) on a PC I will call 28. It uses a vendor product which produces jpg files which are graphs of the Natural Gas market. The machine where I wish it could run is called RTEST01 but this machine runs a 64-bit OS and the components won't work there. RTEST01 has the databases. So, I created a datasource on 28 which points to RTEST01's database. The vbs program will read the data, generate the reports, and write one row to a database table on RTEST01. RTEST01 has to run the complimentary program which sends these reports (via email). 28 is not an email server so it can't email the reports. So on RTEST01 I will run Send_NaturalGasReport.vbs. This program creates an email body of html. The html references [URL]NaturalGasReport/NYMEX/" & Day(nymex_update_dt) & ".jpg which is a virtual directory pointing to C:Program Files (x86)NymexSettleNATGAS_REPORTNYMEX. I need it to point to the folder and files on 28.So if my initial question has a simple yes answer then I am all set. If not, examine my architecture and propose an alternative solution.
View 10 Replies
Jun 20, 2010
Request.Path will get the current Path name with file name such as:
C:/......./Personal/Items.aspx
How can I get the only Path name such as:
C:/......./Personal
View 4 Replies
Oct 29, 2010
OK, I've seen a lot of ambiguous errors, but this was is in the top 20 or so. I have a RenderPartial that looks like this:
[Code]....
When the view loads, I get this error:
The relative virtual path '~Areas/User/Views/Shared/ProjectStats.ascx' is not allowed here. That really helps. Why isn't it allowed there? What's wrong with it? Just above it I have other PartialRender calls that work without a problem. They're created exactly the same way. Here's another:
[Code]....
This works fine. I thought maybe it was due to accessing a view from another Area, but I added a partial view to that Area's folder and it still didn't work.
View 3 Replies
Mar 22, 2011
How can i resolve a virtual path to a file into a path, suitable for the browser, from within a generic .ashx handler?
e.g. i want to convert:
~/asp/ClockState.aspx
into
/NextAllowed/asp/ClockState.aspx
If i were a WebForm Page, i could call ResolveUrl:
Page.ResolveUrl("~/asp/ClockState.aspx")
which resolves to:
/NextAllowed/asp/ClockState.aspx
But i'm not a WebForm Page, i'm a generic handler. You know, that IHttpHandler object with all kinds of things injected:
[Code]....
View 1 Replies
Mar 2, 2011
I have successfully created my own virtual path provider to load a user control embedded in an assembly. The problem I am facing is I cannot use any embedded string resource in MyUserControl.ascx:
<Label runat="server" ID="MyLabel" Text="<%Resources: SR, Welcome%>"/>
This will cause IIS to throw a compilation exception at runtime saying the resource SR.Welcome is not found. I guess ASP.NET runtime looks for the string resource SR in the main assembly instead of the one that contains my user control.
View 1 Replies
Nov 18, 2010
To start with then we have a LinkButton whose text is actually an image tag. The image it links to is a Png and resides in a folder in the web directory. This is IIS V6 and win Server 2003.
The path is [URL]
Admin is a virtual directory configured in IIS.
The above url doesn't work but if you change it to [URL] (lowers case 'a') then the image is served, change it back to 'A' and it takes you to login, you log in and it loops back to log in. change to 'a' and voila the image is served. Weirdly this problem doesn't always occur and I have hunted for a resolution for days to no avail.
As requested this is the complete link button
<asp:LinkButton ID="lnkCommitAll" runat="server" CausesValidation="false"><asp:Image ID="imgCommitAll" runat="server" ImageUrl="~/Images/Grid/confirm_16.png" AlternateText="Commit All Changes" /> Commit All</asp:LinkButton>
View 1 Replies
Nov 17, 2010
I am trying to profile the number of "Anonymous Requests" for an ASP.NET web application using perfmon. When I select this key, I have to pick a process of the form _LM_W3SVC_#_ROOT. How do I map the IIS metabase path back to the web application?
View 1 Replies
Mar 5, 2011
I have created a setup for my application which is having both website and desktop application. i m supposed to changes connection string in both the config files at runtime. i used following code :
[code]...
View 2 Replies
Mar 18, 2010
I created a virtual directory in the Visual Web Developer, according to this post:
[URL]
I want the user to upload / download documents in the mvc app to that virtual directory. When a document is uploaded, I'm specifying the path to the document to be stored for later retrieval like so:
~/VirtualDirectoryName/FileContent.docx. But when I try to open that as a link in th app,using ResolveUrl, it appends the port number after localhost like so,[URL], I get a document not found, since it really should be, [URL].
View 1 Replies
Feb 8, 2011
I ahev seen many discussion related to this , but I could not find proper answer , I have live web site set up on IIS 6, and set virtual path MYSite and then phisical path to the web.config file on actual location.
I have copy this site to another server for the purpose of further development, so I need to run production site exactly same as live site , i can do edit in production and update pages to live.
Once I have copied the site give this error virtual path '/includes/menu.htm' maps to another application, which is not allowed
i have master page include menu as html files <!--#include file="../includes/topmenu.htm"-->
I have open site in IIS 7 and add virtual directory and gave a name (not same as live) and choose physical path to the root folder of the site. In IIS 7 I cannot give web.config file for the path, it should be folder. and I have change identity in apppool to Network Service and gave readaccess permission to folder.
View 4 Replies
Oct 26, 2013
I have a website solution where I have among other things some code for a photo album. I know wanted to make a separate website solution with only the photoalbum code. It is however giving me some issues with not finding files, which I believe are caused by not being able to set the virtual path in the website solution. The option is simply not present in the options as you can see on the image on the right.
View 3 Replies
Oct 4, 2010
I have an app that uses impersonation to gain access to a database (on server separate from IIS). The app connects to the database using a trusted connection and seems to be working just fine. However, we get these logon failure events in the security event viewer:
[Code]....
It must have something to do with impersonation because the login failure is for the domain account which my app is impersonating under. But again, the app is working fine so I'm having a hard time figuring out how to stop these logon failures.
View 2 Replies
