Network sessions are (logon) session bound, that means that when you map
a drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so
you will have to create a use record from within your webservice
specifying the local drive the Fileshare and user credentials with
appropriate privileges to that remote share.
The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share
to a local drive z: using bobby's credentials (bob\bobby is the userid
and BobsPass it's password, note that bob can be a domain name or a
machine name, so here "bob" is the remote machine name and Bobby is a
local user on Bob).
ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...
Note that you should also delete the mapping when done with it (using
"net use z: /delete"), I would also suggest you to map the drive for at
least the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used
UNC paths instead of mapped drives, but I guess the EXE is written to
only access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested
by Dmytro, doesn't work either, the spawned exe will use the parent's
process's credentials NOT those of the impersonating thread.
Willy.
Nirosh said:
Great suggestion Lapshyn,
Yes the first option is already evaluated and has decide as our long
term goal, and with your reply it cofirm that we are in the correct
path.
But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access
the
mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).
What is this mean, I tried to google but I didn't get any clue? could
you provide me little more data..mean time I will try to find a path on
this line..
Thanks,
Nirosh.
message Hi,
Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,
Or
Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).
--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]
Hi All,
Can any one suggest me a best way to do this ..
I have a thrid party tool "EXE" that we need to use with our web
service to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service
the EXE
get the permission of the launching user (mean ASP.NET user) resulting
a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.
I am keeping this open .. please advice me the best approach I can
take here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.
Thanks,
Regards,
Nirosh.
