gaining access to a share

[Lachlan James]

Hi,

I want to create a folder on a network share from within
my ASP.NET application. The app uses a custom
authentication mechanism which creates a Principal object
after looking up an external system.

It seems whenever the Directory.CreateDirectory() method
executes I get an UnauthorizedAccessException exception. I
suspect this is because the ASPNET account is a local
account which is unknown to the computer where the share
resides.

How can I progamatically gain access to that share to
create the dir?

I do not want to configure impersonation in the web.config
as I fear this is less secure.

Thanks, Lachlan

 

[Paul Clement]

¤ Hi,
¤
¤ I want to create a folder on a network share from within
¤ my ASP.NET application. The app uses a custom
¤ authentication mechanism which creates a Principal object
¤ after looking up an external system.
¤
¤ It seems whenever the Directory.CreateDirectory() method
¤ executes I get an UnauthorizedAccessException exception. I
¤ suspect this is because the ASPNET account is a local
¤ account which is unknown to the computer where the share
¤ resides.
¤
¤ How can I progamatically gain access to that share to
¤ create the dir?
¤
¤ I do not want to configure impersonation in the web.config
¤ as I fear this is less secure.

You need to understand how delegation works so you can choose which authentication method best suits
your configuration:

http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconaspnetdelegation.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;810572


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)

 

[Lachlan James]

Hi Paul,

Thanks for your reply. Unfortunately we are using a custom
authentication system for this particular application
because the built in ones don't fulfil our needs. This
means using windows authentication & impersonation is not
possible. Besides that, it is not recommended to do it
that way for security reasons.

However towards the end of the article you posted it
mentioned using COM+ serviced components to achieve this,
so that's what I have done. I have a serviced component
which I call from my asp.net app. The serviced component
runs under a custom account which has access to the
network share. This is the easiest & most secure way to do
this I think.

For anyone else that is interested in doing this, below is
a great article which explains how to do it and why it is
the only viable option.

http://www.15seconds.com/issue/030926.htm

Lachlan

-----Original Message-----

¤ Hi,
¤
¤ I want to create a folder on a network share from within
¤ my ASP.NET application. The app uses a custom
¤ authentication mechanism which creates a Principal object
¤ after looking up an external system.
¤
¤ It seems whenever the Directory.CreateDirectory() method
¤ executes I get an UnauthorizedAccessException exception. I
¤ suspect this is because the ASPNET account is a local
¤ account which is unknown to the computer where the share
¤ resides.
¤
¤ How can I progamatically gain access to that share to
¤ create the dir?
¤
¤ I do not want to configure impersonation in the web.config
¤ as I fear this is less secure.

You need to understand how delegation works so you can

choose which authentication method best suits

 

[Paul Clement]

¤ Hi Paul,
¤
¤ Thanks for your reply. Unfortunately we are using a custom
¤ authentication system for this particular application
¤ because the built in ones don't fulfil our needs. This
¤ means using windows authentication & impersonation is not
¤ possible. Besides that, it is not recommended to do it
¤ that way for security reasons.
¤
¤ However towards the end of the article you posted it
¤ mentioned using COM+ serviced components to achieve this,
¤ so that's what I have done. I have a serviced component
¤ which I call from my asp.net app. The serviced component
¤ runs under a custom account which has access to the
¤ network share. This is the easiest & most secure way to do
¤ this I think.
¤
¤ For anyone else that is interested in doing this, below is
¤ a great article which explains how to do it and why it is
¤ the only viable option.
¤
¤ http://www.15seconds.com/issue/030926.htm
¤
¤ Lachlan

Yes I still use this type of mechanism for ASP and Visual Basic 6.0 components, although I kind of
moved away from COM+ since I moved to .NET.


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)