Ask a Question related to ASP.NET Security, Design and Development.
-
Raterus #1
Accessing network files from an external process
Here is a good problem I'm hoping someone can help me with. Let me start out with my configuration.
I have an asp.net application, integrated windows authentication. Delegation is set up on my webserver to allow access to remote resources, it works great from within asp.net.
I'm trying to work in an external command-line program, which will access files on the network. For this I'm using System.Diagnostics.Process. I'm positive I've set this up correctly to run the command, but the error I'm receiving from the program is that it can't open files that I'm setting in command line parameters. If I run the exact same command w/parameters by hand, it works great, and I know the files I'm specifying do infact exist.
Sounds like a security problem to me, I have identity impersonate="true" set, also my Authentication mode is set to "Windows" in web.config.
How can I allow this external process to execute under the same context as my authenticated user, so this process can access any network files my asp.net application can?
Thanks for any help!
--Michael
Raterus Guest
-
Start external Process under different user account in ASP.NET???
Does anyone know how to get Process.Start() to use the security context of the user that my ASP.NET app is impersonating? It seems that it is... -
Links To External Files On A Network
I'm trying to create a pdf with 5.0.5 as a sort of catalogue that has links that open autocad files on a network drive. It works fine on a local... -
Help with accessing network resources
Simply, I wish to return System.IO.File.Exists ("\\myserver_1\myshare\myfolder\myfile.doc") within an ASP.NET web application that sits on... -
Start external process from ASP.Net
Hello: I am currently having problems with an ASP.NET page...I've never programmed in ASP or HTML so all of this is new to me. I have a table that... -
Fetch a external process.
Hello All I'm completely new to ASP.Net. I need to write a page to fetch an external call which actually call a Java program to download a... -
avnrao #2 Re: Accessing network files from an external process
when you impersonate the logged in user and access some external process,
external process does not run under impersonated user. rather it runs under
the configured identity (ASPNet account).
you need to explicitly impersonate by calling LogonUser.
check the code here :
[url]http://www.informit.com/articles/article.asp?p=169580&seqNum=2[/url]
Av.
"Raterus" <raterus@spam.org> wrote in message
news:OZQMvuGNEHA.2532@TK2MSFTNGP10.phx.gbl...
Here is a good problem I'm hoping someone can help me with. Let me start
out with my configuration.
I have an asp.net application, integrated windows authentication.
Delegation is set up on my webserver to allow access to remote resources, it
works great from within asp.net.
I'm trying to work in an external command-line program, which will access
files on the network. For this I'm using System.Diagnostics.Process. I'm
positive I've set this up correctly to run the command, but the error I'm
receiving from the program is that it can't open files that I'm setting in
command line parameters. If I run the exact same command w/parameters by
hand, it works great, and I know the files I'm specifying do infact exist.
Sounds like a security problem to me, I have identity impersonate="true"
set, also my Authentication mode is set to "Windows" in web.config.
How can I allow this external process to execute under the same context as
my authenticated user, so this process can access any network files my
asp.net application can?
Thanks for any help!
--Michael
avnrao Guest
-
Raterus #3 Re: Accessing network files from an external process
I ended up working around my problem by this, it will only work in certain situations though. The external process I was trying to run only needed access to certain "secure" files, I copied these files from the secure resources to a temporary folder on the webserver, then ran the external process using these copied files. After I was done I deleted them. Worked great, and I avoided the mess of using all these LogonUser/SecurityDelegation/DuplicateTokenEx stuff!
"Chung" <anonymous@discussions.microsoft.com> wrote in message news:1F5F9D85-4F18-4EA6-B6D6-5566F358DCBC@microsoft.com...> I am having exact the same problem as Raterus had. The problem occurs when network file is being accessed by the external program, invoked from within the Asp.net code. I had no problem as a test to read the file by directly coding it in C#. Clearly, the external program when spawned using System.Diagnostics.Process namespace does not run against the impersonated client credential.
> From the information that I have been gathering so far, we have to use the function CreateProcessAsUser and pass to it a primary token, which can be achieved by calling DuplicateTokenEx to convert the impersonating token into a primary one. However, one of the parameters used in DuplicateTokenEx might have to be set a SecurityDelegation to allow the process to access network-based resource. Unfortunately, I do not have much luck using this method so far. I could never pass the call to duplicate the token.
>
> With respect the LogonUser, in my opinion, we cannot use this function if we do not have the user password and we do not want to pass this password around. This is the prime reason why impersonation is used.
>
> Again, I am still stuck with my problem similar to this and also happy to hear other people's comments.
>
> ChungRaterus Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
