Ask a Question related to ASP.NET Security, Design and Development.
-
Iain A. Mcleod #1
problem writing a file
Hi,
I'm really stuck with this one - wondering if you can spot the problem?
I think that it's a webserver problem that goes deeper than web.config.
I've not been able to write to a file on a network share via ASP.NET. The
network share is not the same as the webserver.
relevant section of web.config:
<appSettings>
<!-- the location we cannot write to. My staging server
doesn't have write permissions here, but I do if authenticating as
myself -->
<add key="ProjectCollection"
value=\\my_server\userhome\MyAccount\websiteTests\ test.txt />
</appSettings>
<!-- Neither of these work!
I have write perms here for my user accunt and believe that
my staging server has write perms here too
add key="ProjectCollection"
value=\\my_server\commondocuments\websiteTests\tes t.txt />
-->
</appSettings>
<system.web>
<!-- I have also tried "None" here -->
<authentication mode="Windows" />
<!-- I have tried leaving this out -->
<identity impersonate="true" />
<authorization>
<allow users="mydomain\myusername" />
<deny users="*" />
<!-- I have tried allow users="*" but I think that then my server
tries to authenticate as ASPNET. This certainly should not access my home
folder, but should??? access the common share. I believe that my
administrator has set up access privs for my server on the common share. It
doesn't access it however! -->
</authorization>
</system.web>
Relevant code:
Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSearch.Click
'identity we are running as - 2 ways of getting the same
information
' returns my username if I am impersonating and
authenticating in web.config
'however, still cannot write to either folder no
matter what I am impersonating or not
Trace.Write(Page.User.Identity.Name)
Trace.Write(System.Security.Principal.WindowsIdent ity.GetCurrent().Name)
'filename we are trying to write to
Dim strFileName As String =
ConfigurationSettings.AppSettings("ProjectCollecti on")
Trace.Write(strFileName)
'fails here. This creates a file in location specified by
Config setting above
Dim fs As FileStream = New FileStream(strFileName,
FileMode.Append)
Dim w As New StreamWriter(fs)
w.WriteLine("Test")
w.Close()
fs.Close()
End Sub
Any Ideas?
Many thanks
Sorry for long post
Iain
Iain A. Mcleod Guest
-
Writing a text file to the file system
Using Visual Studio C# When I ran the following code: System.IO; private void Button1_Click(object sender, System.EventArgs e) {... -
Problem writing to file.....charset I think
I am having a problem writing to a file. I am trying to write the following to a file <cfset text = "#chr(1)##chr(0)##chr(8)#"> <cffile... -
writing rotation data to a file problem
dear forum, i tried to write the camera position and rotation to a file, so i can use it in another programm. i am doing the following things:... -
publishing Shockwave: problem writing file
When publishing a DirectorMX movie with linked castlibs as a Shockwave, I get this Director error: Problem writing file: 'c:\myFolder\myDirFile':... -
A failure occurred writing to the resources file. Access is denied. -- RESX file is locked? -- WHY?
Hi. This is an error that comes up fairly regularly when trying to run the "Rebuild All" command in a Solution that contains more than one... -
Dominick Baier #2 problem writing a file
hi,
i don't know if you are running on w2k3 or w2k and if you intend to impersonate or not...
here are the 2 scenarios
1. no impersonation
Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server (w2k3). The local ASPNET account has no network credentials on another machine -> use a domain account instead. The Network Service account has the credentials of the machine (MachineName$) when in Active Directory or none if stand-alone. Also here - use a domain account or a account that matches on both machines
2. impersonation
if you are impersonating you are doing a second hop with the client credentials. your machine/service account has to be trusted for delegation to achieve this.
---
Dominick Baier - DevelopMentor
[url]http://www.leastprivilege.com[/url]
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>
Hi,
I'm really stuck with this one - wondering if you can spot the problem?
I think that it's a webserver problem that goes deeper than web.config.
I've not been able to write to a file on a network share via ASP.NET. The
network share is not the same as the webserver.
relevant section of web.config:
<appSettings>
<!-- the location we cannot write to. My staging server
doesn't have write permissions here, but I do if authenticating as
myself -->
<add key="ProjectCollection"
value=\\my_server\userhome\MyAccount\websiteTests\ test.txt />
</appSettings>
<!-- Neither of these work!
I have write perms here for my user accunt and believe that
my staging server has write perms here too
add key="ProjectCollection"
value=\\my_server\commondocuments\websiteTests\tes t.txt />
-->
</appSettings>
<system.web>
<!-- I have also tried "None" here -->
<authentication mode="Windows" />
<!-- I have tried leaving this out -->
<identity impersonate="true" />
<authorization>
<allow users="mydomain\myusername" />
<deny users="*" />
<!-- I have tried allow users="*" but I think that then my server
tries to authenticate as ASPNET. This certainly should not access my home
folder, but should??? access the common share. I believe that my
administrator has set up access privs for my server on the common share. It
doesn't access it however! -->
</authorization>
</system.web>
Relevant code:
Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSearch.Click
'identity we are running as - 2 ways of getting the same
information
' returns my username if I am impersonating and
authenticating in web.config
'however, still cannot write to either folder no
matter what I am impersonating or not
Trace.Write(Page.User.Identity.Name)
Trace.Write(System.Security.Principal.WindowsIdent ity.GetCurrent().Name)
'filename we are trying to write to
Dim strFileName As String =
ConfigurationSettings.AppSettings("ProjectCollecti on")
Trace.Write(strFileName)
'fails here. This creates a file in location specified by
Config setting above
Dim fs As FileStream = New FileStream(strFileName,
FileMode.Append)
Dim w As New StreamWriter(fs)
w.WriteLine("Test")
w.Close()
fs.Close()
End Sub
Any Ideas?
Many thanks
Sorry for long post
Iain
[microsoft.public.dotnet.framework.aspnet.security]
Dominick Baier Guest
-
Iain A. Mcleod #3 Re: problem writing a file
Thanks for your prompt reply Dominick
I'm not sure which is the case as I am not the server administrator - they
are away :-(
But I'm a bit confused as to the machine account needing to be trusted for
delegation?
Is this an option in IIS admin?
Regards
Iain
"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...impersonate or not...> hi,
>
> i don't know if you are running on w2k3 or w2k and if you intend to(w2k3). The local ASPNET account has no network credentials on another>
> here are the 2 scenarios
>
> 1. no impersonation
>
> Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server
machine -> use a domain account instead. The Network Service account has the
credentials of the machine (MachineName$) when in Active Directory or none
if stand-alone. Also here - use a domain account or a account that matches
on both machinescredentials. your machine/service account has to be trusted for delegation>
> 2. impersonation
>
> if you are impersonating you are doing a second hop with the client
to achieve this.nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>>
>
>
> ---
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
>It>
> Hi,
> I'm really stuck with this one - wondering if you can spot the problem?
> I think that it's a webserver problem that goes deeper than web.config.
> I've not been able to write to a file on a network share via ASP.NET. The
> network share is not the same as the webserver.
>
> relevant section of web.config:
> <appSettings>
> <!-- the location we cannot write to. My staging server
> doesn't have write permissions here, but I do if authenticating as
> myself -->
> <add key="ProjectCollection"
> value=\\my_server\userhome\MyAccount\websiteTests\ test.txt />
> </appSettings>
> <!-- Neither of these work!
> I have write perms here for my user accunt and believe that
> my staging server has write perms here too
> add key="ProjectCollection"
> value=\\my_server\commondocuments\websiteTests\tes t.txt />
> -->
> </appSettings>
> <system.web>
> <!-- I have also tried "None" here -->
> <authentication mode="Windows" />
>
> <!-- I have tried leaving this out -->
> <identity impersonate="true" />
>
> <authorization>
> <allow users="mydomain\myusername" />
> <deny users="*" />
> <!-- I have tried allow users="*" but I think that then my server
> tries to authenticate as ASPNET. This certainly should not access my home
> folder, but should??? access the common share. I believe that my
> administrator has set up access privs for my server on the common share.> doesn't access it however! -->
> </authorization>
> </system.web>
> Relevant code:
> Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles btnSearch.Click
> 'identity we are running as - 2 ways of getting the same
> information
> ' returns my username if I am impersonating and
> authenticating in web.config
> 'however, still cannot write to either folder no
> matter what I am impersonating or not
> Trace.Write(Page.User.Identity.Name)
>
> Trace.Write(System.Security.Principal.WindowsIdent ity.GetCurrent().Name)
> 'filename we are trying to write to
> Dim strFileName As String =
> ConfigurationSettings.AppSettings("ProjectCollecti on")
> Trace.Write(strFileName)
> 'fails here. This creates a file in location specified by
> Config setting above
> Dim fs As FileStream = New FileStream(strFileName,
> FileMode.Append)
> Dim w As New StreamWriter(fs)
> w.WriteLine("Test")
> w.Close()
> fs.Close()
> End Sub
> Any Ideas?
> Many thanks
> Sorry for long post
> Iain
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
Iain A. Mcleod Guest
-
Dominick Baier #4 Re: problem writing a file
if you are impersonating depends on the impersonate=true/false switch in web.config.
trust for delegation is a active directory setting.
---
Dominick Baier - DevelopMentor
[url]http://www.leastprivilege.com[/url]
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<u9SE2XNpEHA.3460@TK2MSFTNGP15.phx.gbl>
Thanks for your prompt reply Dominick
I'm not sure which is the case as I am not the server administrator - they
are away :-(
But I'm a bit confused as to the machine account needing to be trusted for
delegation?
Is this an option in IIS admin?
Regards
Iain
"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...impersonate or not...> hi,
>
> i don't know if you are running on w2k3 or w2k and if you intend to(w2k3). The local ASPNET account has no network credentials on another>
> here are the 2 scenarios
>
> 1. no impersonation
>
> Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server
machine -> use a domain account instead. The Network Service account has the
credentials of the machine (MachineName$) when in Active Directory or none
if stand-alone. Also here - use a domain account or a account that matches
on both machinescredentials. your machine/service account has to be trusted for delegation>
> 2. impersonation
>
> if you are impersonating you are doing a second hop with the client
to achieve this.nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>>
>
>
> ---
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
>It>
> Hi,
> I'm really stuck with this one - wondering if you can spot the problem?
> I think that it's a webserver problem that goes deeper than web.config.
> I've not been able to write to a file on a network share via ASP.NET. The
> network share is not the same as the webserver.
>
> relevant section of web.config:
> <appSettings>
> <!-- the location we cannot write to. My staging server
> doesn't have write permissions here, but I do if authenticating as
> myself -->
> <add key="ProjectCollection"
> value=\\my_server\userhome\MyAccount\websiteTests\ test.txt />
> </appSettings>
> <!-- Neither of these work!
> I have write perms here for my user accunt and believe that
> my staging server has write perms here too
> add key="ProjectCollection"
> value=\\my_server\commondocuments\websiteTests\tes t.txt />
> -->
> </appSettings>
> <system.web>
> <!-- I have also tried "None" here -->
> <authentication mode="Windows" />
>
> <!-- I have tried leaving this out -->
> <identity impersonate="true" />
>
> <authorization>
> <allow users="mydomain\myusername" />
> <deny users="*" />
> <!-- I have tried allow users="*" but I think that then my server
> tries to authenticate as ASPNET. This certainly should not access my home
> folder, but should??? access the common share. I believe that my
> administrator has set up access privs for my server on the common share.> doesn't access it however! -->
> </authorization>
> </system.web>
> Relevant code:
> Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles btnSearch.Click
> 'identity we are running as - 2 ways of getting the same
> information
> ' returns my username if I am impersonating and
> authenticating in web.config
> 'however, still cannot write to either folder no
> matter what I am impersonating or not
> Trace.Write(Page.User.Identity.Name)
>
> Trace.Write(System.Security.Principal.WindowsIdent ity.GetCurrent().Name)
> 'filename we are trying to write to
> Dim strFileName As String =
> ConfigurationSettings.AppSettings("ProjectCollecti on")
> Trace.Write(strFileName)
> 'fails here. This creates a file in location specified by
> Config setting above
> Dim fs As FileStream = New FileStream(strFileName,
> FileMode.Append)
> Dim w As New StreamWriter(fs)
> w.WriteLine("Test")
> w.Close()
> fs.Close()
> End Sub
> Any Ideas?
> Many thanks
> Sorry for long post
> Iain
>
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
[microsoft.public.dotnet.framework.aspnet.security]
Dominick Baier Guest
-
Iain A. Mcleod #5 Re: problem writing a file
Thanks again for the reply.
How can I find out if trust for delegation is enabled? Is it enabled on a
machine specific basis, and if so, is it the webserver or the smb server
providing that share which should have trust enabled?
Regards
Iain
"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:O7XGdROpEHA.3668@TK2MSFTNGP15.phx.gbl...web.config.> if you are impersonating depends on the impersonate=true/false switch innntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<u9SE2XNpEHA.3460@TK2MSFTNGP15.phx.gbl>>
> trust for delegation is a active directory setting.
>
>
>
> ---
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
>they>
> Thanks for your prompt reply Dominick
>
> I'm not sure which is the case as I am not the server administrator -for> are away :-(
> But I'm a bit confused as to the machine account needing to be trustedServer> delegation?
> Is this an option in IIS admin?
>
> Regards
> Iain
>
> "Dominick Baier" <dotnet@leastprivilege.com> wrote in message
> news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...> impersonate or not...> > hi,
> >
> > i don't know if you are running on w2k3 or w2k and if you intend to> >
> > here are the 2 scenarios
> >
> > 1. no impersonation
> >
> > Your asp.net app runs under the ASPNET (wk2/xp) account or Networkthe> (w2k3). The local ASPNET account has no network credentials on another
> machine -> use a domain account instead. The Network Service account hasnone> credentials of the machine (MachineName$) when in Active Directory ormatches> if stand-alone. Also here - use a domain account or a account thatdelegation> on both machines> credentials. your machine/service account has to be trusted for> >
> > 2. impersonation
> >
> > if you are impersonating you are doing a second hop with the clientnntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>> to achieve this.>> >
> >
> >
> > ---
> > Dominick Baier - DevelopMentor
> > [url]http://www.leastprivilege.com[/url]
> >
> >The> >
> > Hi,
> > I'm really stuck with this one - wondering if you can spot the problem?
> > I think that it's a webserver problem that goes deeper than web.config.
> > I've not been able to write to a file on a network share via ASP.NET.home> > network share is not the same as the webserver.
> >
> > relevant section of web.config:
> > <appSettings>
> > <!-- the location we cannot write to. My staging server
> > doesn't have write permissions here, but I do if authenticating as
> > myself -->
> > <add key="ProjectCollection"
> > value=\\my_server\userhome\MyAccount\websiteTests\ test.txt />
> > </appSettings>
> > <!-- Neither of these work!
> > I have write perms here for my user accunt and believe that
> > my staging server has write perms here too
> > add key="ProjectCollection"
> > value=\\my_server\commondocuments\websiteTests\tes t.txt />
> > -->
> > </appSettings>
> > <system.web>
> > <!-- I have also tried "None" here -->
> > <authentication mode="Windows" />
> >
> > <!-- I have tried leaving this out -->
> > <identity impersonate="true" />
> >
> > <authorization>
> > <allow users="mydomain\myusername" />
> > <deny users="*" />
> > <!-- I have tried allow users="*" but I think that then my server
> > tries to authenticate as ASPNET. This certainly should not access myshare.> > folder, but should??? access the common share. I believe that my
> > administrator has set up access privs for my server on the commonTrace.Write(System.Security.Principal.WindowsIdent ity.GetCurrent().Name)> It> > doesn't access it however! -->
> > </authorization>
> > </system.web>
> > Relevant code:
> > Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles btnSearch.Click
> > 'identity we are running as - 2 ways of getting the same
> > information
> > ' returns my username if I am impersonating and
> > authenticating in web.config
> > 'however, still cannot write to either folder no
> > matter what I am impersonating or not
> > Trace.Write(Page.User.Identity.Name)
> >
> >>> > 'filename we are trying to write to
> > Dim strFileName As String =
> > ConfigurationSettings.AppSettings("ProjectCollecti on")
> > Trace.Write(strFileName)
> > 'fails here. This creates a file in location specified by
> > Config setting above
> > Dim fs As FileStream = New FileStream(strFileName,
> > FileMode.Append)
> > Dim w As New StreamWriter(fs)
> > w.WriteLine("Test")
> > w.Close()
> > fs.Close()
> > End Sub
> > Any Ideas?
> > Many thanks
> > Sorry for long post
> > Iain
> >
> >
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
Iain A. Mcleod Guest
-
Dominick Baier #6 Re: problem writing a file
hi,
check out the machine settings in active directory users and computers.
---
Dominick Baier - DevelopMentor
[url]http://www.leastprivilege.com[/url]
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<uTN5laOpEHA.3988@tk2msftngp13.phx.gbl>
Thanks again for the reply.
How can I find out if trust for delegation is enabled? Is it enabled on a
machine specific basis, and if so, is it the webserver or the smb server
providing that share which should have trust enabled?
Regards
Iain
"Dominick Baier" <dotnet@leastprivilege.com> wrote in message
news:O7XGdROpEHA.3668@TK2MSFTNGP15.phx.gbl...web.config.> if you are impersonating depends on the impersonate=true/false switch innntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<u9SE2XNpEHA.3460@TK2MSFTNGP15.phx.gbl>>
> trust for delegation is a active directory setting.
>
>
>
> ---
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
>they>
> Thanks for your prompt reply Dominick
>
> I'm not sure which is the case as I am not the server administrator -for> are away :-(
> But I'm a bit confused as to the machine account needing to be trustedServer> delegation?
> Is this an option in IIS admin?
>
> Regards
> Iain
>
> "Dominick Baier" <dotnet@leastprivilege.com> wrote in message
> news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...> impersonate or not...> > hi,
> >
> > i don't know if you are running on w2k3 or w2k and if you intend to> >
> > here are the 2 scenarios
> >
> > 1. no impersonation
> >
> > Your asp.net app runs under the ASPNET (wk2/xp) account or Networkthe> (w2k3). The local ASPNET account has no network credentials on another
> machine -> use a domain account instead. The Network Service account hasnone> credentials of the machine (MachineName$) when in Active Directory ormatches> if stand-alone. Also here - use a domain account or a account thatdelegation> on both machines> credentials. your machine/service account has to be trusted for> >
> > 2. impersonation
> >
> > if you are impersonating you are doing a second hop with the clientnntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>> to achieve this.>> >
> >
> >
> > ---
> > Dominick Baier - DevelopMentor
> > [url]http://www.leastprivilege.com[/url]
> >
> >The> >
> > Hi,
> > I'm really stuck with this one - wondering if you can spot the problem?
> > I think that it's a webserver problem that goes deeper than web.config.
> > I've not been able to write to a file on a network share via ASP.NET.home> > network share is not the same as the webserver.
> >
> > relevant section of web.config:
> > <appSettings>
> > <!-- the location we cannot write to. My staging server
> > doesn't have write permissions here, but I do if authenticating as
> > myself -->
> > <add key="ProjectCollection"
> > value=\\my_server\userhome\MyAccount\websiteTests\ test.txt />
> > </appSettings>
> > <!-- Neither of these work!
> > I have write perms here for my user accunt and believe that
> > my staging server has write perms here too
> > add key="ProjectCollection"
> > value=\\my_server\commondocuments\websiteTests\tes t.txt />
> > -->
> > </appSettings>
> > <system.web>
> > <!-- I have also tried "None" here -->
> > <authentication mode="Windows" />
> >
> > <!-- I have tried leaving this out -->
> > <identity impersonate="true" />
> >
> > <authorization>
> > <allow users="mydomain\myusername" />
> > <deny users="*" />
> > <!-- I have tried allow users="*" but I think that then my server
> > tries to authenticate as ASPNET. This certainly should not access myshare.> > folder, but should??? access the common share. I believe that my
> > administrator has set up access privs for my server on the commonTrace.Write(System.Security.Principal.WindowsIdent ity.GetCurrent().Name)> It> > doesn't access it however! -->
> > </authorization>
> > </system.web>
> > Relevant code:
> > Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
> > System.EventArgs) Handles btnSearch.Click
> > 'identity we are running as - 2 ways of getting the same
> > information
> > ' returns my username if I am impersonating and
> > authenticating in web.config
> > 'however, still cannot write to either folder no
> > matter what I am impersonating or not
> > Trace.Write(Page.User.Identity.Name)
> >
> >>> > 'filename we are trying to write to
> > Dim strFileName As String =
> > ConfigurationSettings.AppSettings("ProjectCollecti on")
> > Trace.Write(strFileName)
> > 'fails here. This creates a file in location specified by
> > Config setting above
> > Dim fs As FileStream = New FileStream(strFileName,
> > FileMode.Append)
> > Dim w As New StreamWriter(fs)
> > w.WriteLine("Test")
> > w.Close()
> > fs.Close()
> > End Sub
> > Any Ideas?
> > Many thanks
> > Sorry for long post
> > Iain
> >
> >
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
[microsoft.public.dotnet.framework.aspnet.security]
Dominick Baier Guest
-
Re: problem writing a file
Hi dominick
I've found out why it wsan't working... Apparently our
staging server didn't have write permissions to the
share. Our live server did. I've just created a temp.
directory on our staging server for testing and can use
impersonation.
Many thanks for your help, it's made things a lot clearer.
Regards
Iainand computers.>-----Original Message-----
>hi,
>
>
>
> check out the machine settings in active directory usersnntp://news.microsoft.com/microsoft.public.dotnet.framework>
>
>
> ---
> Dominick Baier - DevelopMentor
> [url]http://www.leastprivilege.com[/url]
>
>
..aspnet.security/<uTN5laOpEHA.3988@tk2msftngp13.phx.gbl>Is it enabled on a>
> Thanks again for the reply.
>
> How can I find out if trust for delegation is enabled?or the smb server> machine specific basis, and if so, is it the webservermessage> providing that share which should have trust enabled?
>
> Regards
> Iain
>
>
>
> "Dominick Baier" <dotnet@leastprivilege.com> wrote inimpersonate=true/false switch in> news:O7XGdROpEHA.3668@TK2MSFTNGP15.phx.gbl...> > if you are impersonating depends on thenntp://news.microsoft.com/microsoft.public.dotnet.framework> web.config.>> >
> > trust for delegation is a active directory setting.
> >
> >
> >
> > ---
> > Dominick Baier - DevelopMentor
> > [url]http://www.leastprivilege.com[/url]
> >
> >
..aspnet.security/<u9SE2XNpEHA.3460@TK2MSFTNGP15.phx.gbl>administrator -> >
> > Thanks for your prompt reply Dominick
> >
> > I'm not sure which is the case as I am not the serverneeding to be trusted> they> > are away :-(
> > But I'm a bit confused as to the machine accountmessage> for> > delegation?
> > Is this an option in IIS admin?
> >
> > Regards
> > Iain
> >
> > "Dominick Baier" <dotnet@leastprivilege.com> wrote inif you intend to> > news:%23muBcHNpEHA.1460@TK2MSFTNGP12.phx.gbl...> > > hi,
> > >
> > > i don't know if you are running on w2k3 or w2k andaccount or Network> > impersonate or not...> > >
> > > here are the 2 scenarios
> > >
> > > 1. no impersonation
> > >
> > > Your asp.net app runs under the ASPNET (wk2/xp)credentials on another> Server> > (w2k3). The local ASPNET account has no networkService account has> > machine -> use a domain account instead. The NetworkActive Directory or> the> > credentials of the machine (MachineName$) when inaccount that> none> > if stand-alone. Also here - use a domain account or awith the client> matches> > on both machines> > >
> > > 2. impersonation
> > >
> > > if you are impersonating you are doing a second hoptrusted for> > credentials. your machine/service account has to benntp://news.microsoft.com/microsoft.public.dotnet.framework> delegation>> > to achieve this.> >> > >
> > >
> > >
> > > ---
> > > Dominick Baier - DevelopMentor
> > > [url]http://www.leastprivilege.com[/url]
> > >
> > >
..aspnet.security/<#EFytMMpEHA.3900@TK2MSFTNGP10.phx.gbl>can spot the problem?> > >
> > > Hi,
> > > I'm really stuck with this one - wondering if youdeeper than web.config.> > > I think that it's a webserver problem that goesshare via ASP.NET.> > > I've not been able to write to a file on a networkserver> The> > > network share is not the same as the webserver.
> > >
> > > relevant section of web.config:
> > > <appSettings>
> > > <!-- the location we cannot write to. My stagingauthenticating as> > > doesn't have write permissions here, but I do ifvalue=\\my_server\userhome\MyAccount\websiteTests\ test.txt> > > myself -->
> > > <add key="ProjectCollection"
> > >
/>believe that> > > </appSettings>
> > > <!-- Neither of these work!
> > > I have write perms here for my user accunt andvalue=\\my_server\commondocuments\websiteTests\tes t.txt />> > > my staging server has write perms here too
> > > add key="ProjectCollection"
> > >then my server> > > -->
> > > </appSettings>
> > > <system.web>
> > > <!-- I have also tried "None" here -->
> > > <authentication mode="Windows" />
> > >
> > > <!-- I have tried leaving this out -->
> > > <identity impersonate="true" />
> > >
> > > <authorization>
> > > <allow users="mydomain\myusername" />
> > > <deny users="*" />
> > > <!-- I have tried allow users="*" but I think thatshould not access my> > > tries to authenticate as ASPNET. This certainlybelieve that my> home> > > folder, but should??? access the common share. Ion the common> > > administrator has set up access privs for my serverSystem.Object, ByVal e As> share.> > It> > > doesn't access it however! -->
> > > </authorization>
> > > </system.web>
> > > Relevant code:
> > > Private Sub btnSearch_Click(ByVal sender Assame> > > System.EventArgs) Handles btnSearch.Click
> > > 'identity we are running as - 2 ways of getting the(System.Security.Principal.WindowsIdentity.GetCurr ent> Trace.Write> > > information
> > > ' returns my username if I am impersonating and
> > > authenticating in web.config
> > > 'however, still cannot write to either folder no
> > > matter what I am impersonating or not
> > > Trace.Write(Page.User.Identity.Name)
> > >
> > >
().Name)("ProjectCollection")> > > 'filename we are trying to write to
> > > Dim strFileName As String =
> > > ConfigurationSettings.AppSettingsspecified by> > > Trace.Write(strFileName)
> > > 'fails here. This creates a file in location>> >> > > Config setting above
> > > Dim fs As FileStream = New FileStream(strFileName,
> > > FileMode.Append)
> > > Dim w As New StreamWriter(fs)
> > > w.WriteLine("Test")
> > > w.Close()
> > > fs.Close()
> > > End Sub
> > > Any Ideas?
> > > Many thanks
> > > Sorry for long post
> > > Iain
> > >
> > >
> > >
> > > [microsoft.public.dotnet.framework.aspnet.security]
> >
> >
> > [microsoft.public.dotnet.framework.aspnet.security]
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
>.
>Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
