ASP.NET way of handling the "Network" Token issue KB207671

  • Thread starter Thread starter kellygreer1
  • Start date Start date
K

kellygreer1

I'm writing an .ashx page that needs to be able to write files to a
network share.

Example:
string fullPath = @"\\someserver\someshare\log.txt";
File.WriteAllText(fullPath,"test");

I seem to be running into that old Network Token issue from Classic
ASP. I had solved this in the past by writing a .COM component to
impersonate the same user as the requester but as a "real" token
instead of the network crippled token.

What is the proper way to solve this in ASP.NET ? Do something with
the current thread? Kick up a new thread with new rights? I saw the
impersonate web.config stuff but this doesn't seem to be quite what I
am looking for.

A reference to the issue
http://support.microsoft.com/kb/207671

Thanks in advance,
Kelly Greer
(e-mail address removed)
replace nospam with yahoo
 
the simplest is to make the app pool identity a domain account with network
permission. otherwise you can change the thread identity perform the action
and restore the identity.

..net can call the winapi (LogonUser, CreateToken), to get the token, an then
use .net to imperonate (air code).

// save current

WindowsIdenity oldId = WindowsIdentity.Current;

// impersonate desired id

IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
LogonUser(userName, domain, password, 3, 0, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
(new WindowsIdentity(tokenDuplicate))Impersonate();

// do code here

// restore identity

oldId.Impersonate();


-- bruce (sqlwork.com)
 
the simplest is to make the app pool identity a domain account with network
permission. otherwise you can change the thread identity perform the action
and restore the identity.

.net can call the winapi (LogonUser, CreateToken), to get the token, an then
use .net to imperonate (air code).

// save current

WindowsIdenity oldId = WindowsIdentity.Current;

// impersonate desired id

IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
LogonUser(userName, domain, password, 3, 0, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
(new WindowsIdentity(tokenDuplicate))Impersonate();

// do code here

// restore identity

oldId.Impersonate();

-- bruce (sqlwork.com)

Does this issue also cause problems calling web services? Just got a
401 error trying to call a standard SharePoint List WebService on a
another machine.

Even using code list this:
WssWebService.Lists lst = new WssWebService.Lists();
lst.UseDefaultCredentials = false;
System.Net.NetworkCredential nc = new System.Net.NetworkCredential();
nc.UserName = "SOMENET\\svc_account";
nc.Password = "1$Somepassw0rd";
lst.Credentials = nc;

Thanks for the other info ... that will help me solve the file copy/
write issue.

Kelly
 
Back
Top