network (drive) access/impersonate identity problem

  • Thread starter Thread starter Peter O'Reilly
  • Start date Start date
P

Peter O'Reilly

I am experiencing difficulty access a mapped network drive in an ASP.NET
application.

While using the .Net framework v 1.1 implementation of
System.IO.Directory.Exists(), it fails to recognize a mapped network drive.

This is true if the path specified uses a mapped drive letter or is
expressed as a UNC address. I have also tried the drive letter and UNC
paths with and without trailing backslashes, respectively.

No luck with ASP.NET, but it does work when I create a simple C# console
test harness application. This indicates to me to be a security concern with
ASP.NET. Funny thing is - no exception is returned. For all combinations,
System.IO.Directory.Exists returns false. (If so, this behavior is very
inconsistent with the System.Security thrown for things like trying to write
to a file, execute code on another machine, etc.)

The following knowledge base article:
307901: INFO: Permissions to Connect to a Remote Access Database from
ASP.NET
http://support.microsoft.com/default.aspx?scid=kb;en-us;307901&Product=aspnet

recommends using impersonation, but an error occurs even before the 1st line
of my ASP.NET code is executed.
No windows event is logged either.

How do I get the ASP.NET worker process to recognize another machine's hard
drive, folders and files?

Any help is appreciated. Thanks!
 
you can not check for the existance of a file you do not have access
permission to, false is always returned, if an error was thown, you would
know that the file exists.

to access a network share from asp.net, you need to run under a domain
enabled primary secuirty token, the easiest way to do this is to use
impersonation in your web config as the article explained

<identity impersonate="true" userName="<supplied username>"
password="<supplied password>" />

where the user name is a domain account with permission to the resouce. all
users of your web site will have the same access permissions to the network
resource.

-- bruce (sqlwork.com)
 
you can not check for the existence of a file you do not have access
permission to, false is always returned, if an error was thrown, you would
know that the file exists.
Sorry, not so. It could be an authentication error thrown which is one step
before performing an authorization check. Subtle difference here and
querying a directory's existence is analogous to executing a database query,
e.g. you need permission to connect before querying. No knowledge of the
directories existence or DB data is gained when throwing such an error.
to access a network share from asp.net, you need to run under a domain
enabled primary security token, the easiest way to do this is to use
impersonation in your web config as the article explained

<identity impersonate="true" userName="<supplied username>"
password="<supplied password>" />

where the user name is a domain account with permission to the resouce. all
users of your web site will have the same access permissions to the network
resource.

Yes, I'm aware of that. However as I mentioned before it is not working for
me as mentioned before.
To provide more detail...I am using the same userName and password used to
map to the network drive
and access its folders. I've also tried prefixing the username with the nt
domain name it is associated with to no avail. I've tried a few other
accounts to no avail.

Now turning off custom errors, I get the following parse error message:

Could not create Windows user token from the credentials specified in the
config file. Error from the operating system 'A required privilege is not
held by the client. '

Which sizing up the MS knowledge base, it documents:
PRB: Per Request Impersonation Does Not Work on Windows 2000 with ASP.NET
http://support.microsoft.com/default.aspx?scid=kb;en-us;810204

Their recommended workaround solution, just specify <identity
impersonate="true"/>, e.g. impersonating IIS is not going to work for me.
Upgrading to Win 03 is not an option at this time either.

Is this issue fixed in Service Pack 3 of Win2k?
 
Back
Top