Professional Web Applications Themes

ASP.NET and directory security - ASP.NET Security

Hi all, I come from a win forms background, and am building a web site that needs to interface to a FOXPRO database (DBF files). My problem is as follows: I have created a virtual directory on the same machine as where the DBF files are located. I have created a share for the DBF files, and I've given the <SERVER>\ASPNET account access to this folder where they are residing. My code to connect to the folder where the DBF files are located is basically as follows: 1. Connect to a DLL which authenticates our users according to <USERNAME>, <PASSWORD> ...

  1. #1

    Default ASP.NET and directory security

    Hi all,

    I come from a win forms background, and am building a web site that needs to
    interface to a FOXPRO database (DBF files). My problem is as follows:

    I have created a virtual directory on the same machine as where the DBF files
    are located. I have created a share for the DBF files, and I've given the
    <SERVER>\ASPNET account access to this folder where they are residing.

    My code to connect to the folder where the DBF files are located is basically
    as follows:
    1. Connect to a DLL which authenticates our users according to <USERNAME>,
    <PASSWORD> and <DIRECTORY> where the DBF files are.
    2. IF the connect is successful, continue processing any queries through
    Visual FoxPro OLEDB PRovider 8.0 to the data.

    This works fine if I am testing on the machine locally, i.e the web project
    is opened on the machine - in this case my development machine - and it
    connects to the Foxpro Database folder - also on my development machine -
    successfully.

    If I try to connect to that same database and project from another machine I
    get security warning, " the specified file does not exist" . I use System.IO.
    File.Exists to see if I can access one of the files in the folder specified,
    but get access denied.

    What do I need to setup in terms of permissions to access a FOLDER on another
    machine via asp.net, or what do I need to do?

    Thanks in advance
    Q

    --
    Message posted via http://www.dotnetmonster.com

    quintesv Guest

  2. #2

    Default Re: ASP.NET and directory security

    Q,

    I want to clarify your situation.

    1. You have setup the DBF files on machine creating a shared directory and
    giving the MACHINE\ASPNET user access to that directory?

    2. You are experiencing errors while trying to access that share from an
    ASP.NET application hosted on a different machine?

    3. Are you using a mapped drive (i.e. G:\someshare) or a UNC share (i.e.
    \\servername\shomeshare) to access the DBF files?

    One possible solution would be to use a UNC share and take advantage of
    impersonation (make sure the username and password are the same on machine A
    and B).

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconImpersonation.asp

    Your answers to the questions should help shed more light on your situation.

    Thanks,

    Todd Casey

    "quintesv via DotNetMonster.com" <u26933uwe> wrote in message
    news:.. 


    Todd Guest

  3. #3

    Default Re: ASP.NET and directory security

    Hi Todd,

    In response to your questions:

    1. I have created a shared directory on my development machine, which is also
    the machine hosting the asp.net application. ASPNET has access to that
    directory and it works fine if i open the web app via http:
    //localhost/webapp/page.aspx.

    2. I am experiencing problems accessing the share created on my development
    machine if I connect to the asp.net project -on my development machine- from
    another PC. Say forexample I am connecting to my machine from a colleagues pc
    using the url http://quintesv//webapp.page.aspx. Quintesv would have been
    localhost in (1) above.

    3.I am using a UNC to access the files. I am looking at impersonation, but
    havent been successful yet.

    I've seen examples using impersonation using logonuser, but i want to be able
    to use the current users logon information. All users will be accessing this
    page from an intranet - for now - so using the domain\username should be ok.
    Or am i wrong?

    I've tried

    bool returnValue = LogonUser("domain\user", "<PC to access>",
    "<Password>",
    LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
    ref tokenHandle);

    but it says invalid user name or password.

    Thats where I am right now..


    Todd Casey wrote: 
    >[quoted text clipped - 35 lines] [/ref]

    --
    Message posted via DotNetMonster.com
    http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net-security/200609/1

    quintesv Guest

  4. #4

    Default Re: ASP.NET and directory security

    Q,

    You might possibly want to look into using programmatic impersonation.
    http://west-wind.com/weblog/posts/1572.aspx

    If you have the files in the a shared directory, the share permissions have
    the ASPNET user with the correct permissions, and you are accessing the
    files via UNC you should be set.

    Although, it looks like you are trying to perform some additional logic to
    authenticate the user beyond what I described above. Are all of the users
    part of a domain? If all users are part of the same domain then why not use
    "Windows Integrated Security" and disable anonymous access in IIS? Are you
    also wanting to use the user's credentials as part of the OLEDB connection
    string?

    You said that this is working on your machine but not on your colleagues
    machine. Are you using the same username/password when you are attempting to
    login on your dev and your colleagues pc? If you are not part of a domain
    then does the account that you are trying to use to login as exist on your
    development machine? When you say that you are connecting to the asp.net
    project on your machine from a colleagues pc do you mean opening the site in
    a browser or opening the project in VS using the remote site option?

    Todd Casey


    "quintesv via DotNetMonster.com" <u26933uwe> wrote in message
    news:.. 
    >>[quoted text clipped - 35 lines] [/ref]
    >
    > --
    > Message posted via DotNetMonster.com
    > http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net-security/200609/1
    >[/ref]


    Todd Guest

Similar Threads

  1. Directory Security
    By Craig in forum ASP.NET Security
    Replies: 7
    Last Post: November 11th, 01:35 PM
  2. File and directory security
    By DRobertR in forum Macromedia ColdFusion
    Replies: 4
    Last Post: June 16th, 05:59 PM
  3. Directory Security
    By Alen in forum Coldfusion - Advanced Techniques
    Replies: 0
    Last Post: June 2nd, 08:04 PM
  4. Replies: 1
    Last Post: July 4th, 12:23 AM
  5. Replies: 1
    Last Post: May 21st, 03:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139