Security :: Access The Network Shared Foldder From The Application Without Any Security?
Feb 17, 2010
i developed an asp.net(2.0) applicaions which contains the attachments of the clients . these attachments are saved in the shared folder and retrive the file when the user requests.if i maintain the application and the shared folders in the same system it will work properly.if i maintain the application in one server and the file folder in the other server i face a lot of security issus like1.Access Denied2.Couldnot find the part of the path......for this i made an common account for the application server and the file server and also set impersonation to true.Even the i got the couldnot find the part of the path error.i already gave the everyone with full control to the shared folder and i added the common account and gave it to full controlIs there is any alternate for the save and retrive the files to and from the shared folder.
I have a few computers (with Vista Business OS) connected in a private network. A C#.NET application running on one computer is currently able to access the network shared folders without problems. However, I am trying to get an ASP.NET application on that computer to access the same folders but I am getting "Access denied" errors. I added NETWORK SERVICE to all the shared folders' security (with full control) but it still gives the same errors.
I am trying to access a shared folder which is located on a different server rather than on the asp.net server.
I configured windows authentication and set impersonation to true. Also try with enable/disable basic authentication.
I have tried the following:
with a mapped driveshared folder access (\sharedfolder)virtual directory pointing to shared folder with pass through configuration. However none of the above works. I am getting "Access Denied" error when trying with shared folder and virtual directory. In the case of mapped drive getting "Not Found" error.
Server A exists on domain A and server B exists on domain B. From server A I need to output file names that exist on shared folder on server B. I tried the following with no success (Access denied error):
DirectoryInfo dir = new DirectoryInfo(@"\serversharedFolder");
After some Googling I found that I need to use personlization to impersonate an existing user on Server B that has access to that shared folder. I used a C# personlization class as explained on codeproject (http://www.codeproject.com/KB/cs/cpimpersonation1.aspx). I supply the domain, the user, and the password and hope to get access to the shared folder BUT the error I see now is"Login failure: unknown user or bad password".
I am 100% sure that the domain, user, and password I supplied are correct. When trying to access the share via windows explorer from server A I am prompted for a username and password. After entering domainusername and the password I have access to the folder. So I know that the credentials I supplied are correct.
Am I going about this the right way? I have full access to server A and B so maybe there is an easier way to accomplish my goal.
I wrote a web service sometime back, and uploaded to one of our network Server's IIS. The webservice needs to access a network folder, which was working perfectly fine till a month ago. Now, when we use the webservice in our .Net application, it fails with the exception message "Access to the path '\<networkMachine ><Folder >' was denied" (may be some group policies changed). But when I run the webservice from my local machine's Visual Studio debugger, it can access that folder. What could be different on the server's IIS w.r.t. my service? Why was it able to access the network folder before but not now? Please note that I can manually access that shared network folder from my machine, and also when I remote desktop to that <networkMachine> from windows explorer.
I saw in the task manager on the server that the IIS process w3wp.exe is running under 'NETWORK SERVICE' account. Though the network folder is not shared specifically with this account, but that has given read & execute access to 'Everyone'. Then what is the problem that it cannot access the folder. By accessing I mean creating a 'DirectoryInfo' object of the path '\<networkMachine ><Folder >' and reading all the subfolders - just read.
In my application, first, i have not connected to iis server, and trying to access secondary path at this time it is accessing that path. but when it is connected to IIS server, it is giving unathourizedaccess exception.
I've been researching and I've spent pratically all day on this. Here's my issue. The website uses forms authentication that we authenticate against active directory. I've been attempting to access files we have on a network share and push them down to the user (when they request them) in an http response. I keep getting "Access to the path <unc path> is denied".
Here's the code:
[Code]....
Things I've tried:1) When I add the "Computer" to the permissions of the folder it works and I dont even need to emulate a user (essentially just commenting out this code), but I'm not sure we want to explicitly give the computer access to some of our network shares 2) I've verified it's the correct username and password for the active directory account and that they have permissions on these network shares 3) I've fooled around with the WebProxy class with no luck (as I'm not entirely familiar with it) 4) I've tried impersonating the user by creating a windows token and passing the token as credentials (i've done this with similar websites) with no luck, plus this seemed a bit complicated for something I figured would be relatively easy.Its almost as if, the WebClient class isn't even using the credentials i've passed it.We've got it working now, but only by giving the "Computer" specific permissions on the network shares, which we'd like to avoid.
We have an issue with an internal application, where accessing it from LAN (private n/w) works fine, while access from external n/w throws up erratic behavior.
The Current System :
an aspx page (asp version 1.0) hosted on the IIS server (6.1). The front end is a vb form that connects to a sql 2000 database.
Users' credentials authorized using NTLM security.
Access from an external n/w - a reverse proxy configured with an ISA server 2006 to authenticate credentials.
Domain Controller - Windows Server 2008 R2 x64
The issue when accessed from external n/w :
everytime an entry from a drop-down is selected from an Ajax enabled control, instead of the fields populating, the page gets refreshed and the content of the box are cleared.
Also, clicking on other items that normally hyperlink to other pages, results in nothing happening.
Upon investigation, we realized that :
Everytime it fails, a string - "&AuthResend" followed by an alpha numeric string is attached, which attempts to authenticate the user's credentials everytime a request is made to the server.
ISA error logs yielded the following error msg :
"12210 Internet Server API ( ISAPI ) has finished handling the request. Contact your system administrator. "
This behavior is inconsistent except when accessed from Google Chrome, where it fails each time.
We have applied all the recommended hot fixes from Microsoft's KB pages.
when I am trying to run the asp.net application from the shared location(not from the local machine), I have encountered a security exception as 'request for the permission of type 'system.web.aspnet hosting permission'. I have given the full trust rights to share folder.. but still I have got the same error..
i am currently developing an asp.net mvc 2 web application and i would like to create new foldersprogrammatically with access rights, in order to enable loged on users upload their image files.My question has to do with how to assign write access using Directory.CreateDirectory function and assigning DirectorySecurity rules (meaning for which user should i enable user rights, etc...). Note that the hosting envirnoment uses IIS 7.
i would like to be able to do is to, lets say i have 10 users running a web application , how can i get the names of all these users. There names , logon times and any other info availabel.
i would like to get this data into a dataset and just bind to a gridview .
My ASP.NET MVC 2 application runs under built-in local NETWORK SERVICE account. I want to set up access permissions for the folder which resides in another computer, but in the same domain. I located that folder right-clicked to open its properties form, clicked to Security tab and pressed Add button which displayed Add user form with correct domain name in the location field. I referred to the account with following syntax:
<domain name><server name>$
because I learned that NETWORK SERVICE account uses machine account when connected to other computers in the domain. However, the system couldn't find the account, so refuses to add the account. Without the domain name it adds a user, but that user seems to be local user, not web server's NETWORK SERVICE account. What am I doing wrong?
By the way, the above syntax worked when I created login for the sql server which is different computer from the web server.
I have two diffrent webforms (ASP.NET 2.0) applications that both uses the built-in membership provider of asp.net. The two application uses the same database, but is diffrentiated by ApplicationName.
One application is sort of an admintool (AdminApp) of the other application (UserApp). I am now looking for a way to login to the UserApp from the AdminApp and sort-of impersonate a given user.
I have built an interface to automatically login a user to the UserApp (URL with querystring), but I need to be able to access the username of the refered user in the AdminApp. I was hoping for something like this would work:
Membership.GetApplication("AdminApp").GetUser();
...but I am unable to find something that works.
Is there a solution for my problem? Should I use some other approach?
/D
PS. A fallback solution wouuld ofcourse be to send a username in the auto-login-url-querystring, but that doesn't really sound solid.
I am using Visual Studio 2008 Pro SP1. Every time I try to access the security tab in Web Application Administration Tools I get this message:
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may in diagnosing the problem: Unable to connect to SQL Server database.
I am trying to find a good pattern to use for user access validation.
Basically on a webforms application I had a framework which used user roles to define access, ie, users were assigned into roles, and "pages" were granted access to a page. I had a table in the database with all the pages listed in it. Pages could have child pages that got their access inherited from the parent.
When defining access, I assigned the roles access to the pages. Users in the role then had access to the pages. It is fairly simple to manage as well. The way I implemented this was on a base class that every page inherited. On pageload/init I would check the page url and validate access and act appropriately.
However I am now working on a MVC application and need to implement something similar, however I can't find a good way to make my previous solution work. Purely because I don't have static pages as url paths. Also I am not sure how best to approach this as I now have controllers rather then aspx pages.
I have looked at the MVCSitemapprovider, but that does not work off a database, it needs a sitemap file. I need control of changing user persmissions on the fly.
How can I access the cache of one web application/domain from another web application/domain?Here is my scenario. I need to verify/check the existence of a certain object in one web application/domain's cache from another web application/domain.
I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.
The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.
How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.
The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.
I need to implement Code Access Security, and URL based security using the roles & types...
For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).
I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.
I am currently using the web.config to deny/allow access to the directories/pages.
e.g.
/Areas/Admin/web.config
[Code]....
Is it possible to force the user to be apart of 2 roles with this technique?
We have ported an existing ASP app to ASP.NET and are now having problems printing from the server to network printers, e.g. to\hereprintername.
This used to work with our ASP app, and printing to server-locally installed printers still works.
I suspect that there is some security or Group Policy object that must be changed to allow printing from an ASP.NET web application to a network printer?
Or perhaps, accessing Active Directory from an ASP.NET application is a problem?
I have few websites based on the WebForms and one based on MVC. All websites have the same settings for forms authentication in web config.The problem is that once logged in to WebForms website, I have to re-login for MVC websites, but when I log out from MVC website, I am automatically logged out from WebForms websites.How can I pass information to the MVC website that user was successfully logged in when using WebForms.
My web.config contains passwords to my database and smtp and i want to tighten up the security, i want to protect the passwords fully so if a hacker or webhost employee accessed all the webserver files the passwords cannot be easily accessed
I run on a shared host so using encryption could be an issue as i havnt got full IIS access - i havnt gone down that road yet to look fully into it
I was thinking it might be easier and secure enough if i moved the connection strings & passwords from the web.config into a referenced .dll which was protected by a professional obfuscation tool