Windows authentication with impersonation - network resource access fails

[srivalli chavali via DotNetMonster.com]

Hi,

I have a question regd. Windows authentication and network file access.
My asp.net application doesn't use any of the .NET's authentication schemes
(Forms, Windows or Passport) yet.
I have a login page where the users would supply their credentials and the
business logic compares these

credentials against SQLServer database and allows/denies access to the
website.
So far so good.

But now, my application needs to access some files located on the Domain
network.
The first thing that came in my mind is Impersonation.

I did change my web.config file to use Windows authentication as follows...

<authentication mode="Windows" />

<authorization>
<allow users="*" />
</authorization>

<identity impersonate="true"
userName="domainName\loginID"
password="password"
/>

This "domainName\loginID" account HAS full rights over the network resource.

Now I have UNCHECKED Allow Anonymous Access in IIS.

But I still cannot access the file on the network.

It errors out at the Response.Redirect
("//networkPath/folder1/subFolder1/fileName");
as Page cannot be displayed.

I have checked the User.Identity.Name and it looks correct (domainName\
loginID)
Even the User.Identity.AuthenticationType is good (NTLM)

I'm surely missing something critical.

Any help in this regards is greatly appreciated.

Thanks in advance,
Srivalli.

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[Dominick Baier [DevelopMentor]]

this has nothing (at least primarily) to do with impersonation -

a Response.Redirect sends a "moved" message to the browser - and gives him the new location of the file, in your case the browser tries to open the file "//networkPath/folder1/subFolder1/fileName" - is this reachable from the client??

in IIS you can map virtual directories to network locations, e.g. the vdir "/share" could point to "//networkPath/folder1/subFolder1" - so a Response.Redirect to "/share/fileName" would work.

give that a try.



---
Dominick Baier - DevelopMentor
[url]http://www.leastprivilege.com[/url]

nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<9042d637c00c4ee6b30c8441d83365f0@DotNetMonster.co m>

Hi,

I have a question regd. Windows authentication and network file access.
My asp.net application doesn't use any of the .NET's authentication schemes
(Forms, Windows or Passport) yet.
I have a login page where the users would supply their credentials and the
business logic compares these

credentials against SQLServer database and allows/denies access to the
website.
So far so good.

But now, my application needs to access some files located on the Domain
network.
The first thing that came in my mind is Impersonation.

I did change my web.config file to use Windows authentication as follows...

<authentication mode="Windows" />

<authorization>
<allow users="*" />
</authorization>

<identity impersonate="true"
userName="domainName\loginID"
password="password"
/>

This "domainName\loginID" account HAS full rights over the network resource.

Now I have UNCHECKED Allow Anonymous Access in IIS.

But I still cannot access the file on the network.

It errors out at the Response.Redirect
("//networkPath/folder1/subFolder1/fileName");
as Page cannot be displayed.

I have checked the User.Identity.Name and it looks correct (domainName\
loginID)
Even the User.Identity.AuthenticationType is good (NTLM)

I'm surely missing something critical.

Any help in this regards is greatly appreciated.

Thanks in advance,
Srivalli.

--
Message posted via [url]http://www.dotnetmonster.com[/url]

[microsoft.public.dotnet.framework.aspnet.security]