gaining access to a share

Discussion in 'ASP .Net Security' started by Lachlan James, Feb 14, 2005.

  1. Hi,

    I want to create a folder on a network share from within
    my ASP.NET application. The app uses a custom
    authentication mechanism which creates a Principal object
    after looking up an external system.

    It seems whenever the Directory.CreateDirectory() method
    executes I get an UnauthorizedAccessException exception. I
    suspect this is because the ASPNET account is a local
    account which is unknown to the computer where the share
    resides.

    How can I progamatically gain access to that share to
    create the dir?

    I do not want to configure impersonation in the web.config
    as I fear this is less secure.

    Thanks, Lachlan
    Lachlan James, Feb 14, 2005
    #1
    1. Advertising

  2. Lachlan James

    Paul Clement Guest

    On Mon, 14 Feb 2005 08:04:42 -0800, "Lachlan James" <> wrote:

    ¤ Hi,
    ¤
    ¤ I want to create a folder on a network share from within
    ¤ my ASP.NET application. The app uses a custom
    ¤ authentication mechanism which creates a Principal object
    ¤ after looking up an external system.
    ¤
    ¤ It seems whenever the Directory.CreateDirectory() method
    ¤ executes I get an UnauthorizedAccessException exception. I
    ¤ suspect this is because the ASPNET account is a local
    ¤ account which is unknown to the computer where the share
    ¤ resides.
    ¤
    ¤ How can I progamatically gain access to that share to
    ¤ create the dir?
    ¤
    ¤ I do not want to configure impersonation in the web.config
    ¤ as I fear this is less secure.

    You need to understand how delegation works so you can choose which authentication method best suits
    your configuration:

    http://msdn.microsoft.com/library/d...y/en-us/vsent7/html/vxconaspnetdelegation.asp
    http://support.microsoft.com/default.aspx?scid=kb;en-us;810572


    Paul ~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Feb 14, 2005
    #2
    1. Advertising

  3. Hi Paul,

    Thanks for your reply. Unfortunately we are using a custom
    authentication system for this particular application
    because the built in ones don't fulfil our needs. This
    means using windows authentication & impersonation is not
    possible. Besides that, it is not recommended to do it
    that way for security reasons.

    However towards the end of the article you posted it
    mentioned using COM+ serviced components to achieve this,
    so that's what I have done. I have a serviced component
    which I call from my asp.net app. The serviced component
    runs under a custom account which has access to the
    network share. This is the easiest & most secure way to do
    this I think.

    For anyone else that is interested in doing this, below is
    a great article which explains how to do it and why it is
    the only viable option.

    http://www.15seconds.com/issue/030926.htm

    Lachlan


    >-----Original Message-----
    >On Mon, 14 Feb 2005 08:04:42 -0800, "Lachlan James"

    <> wrote:
    >
    >¤ Hi,

    >¤ I want to create a folder on a network share from

    within
    >¤ my ASP.NET application. The app uses a custom
    >¤ authentication mechanism which creates a Principal

    object
    >¤ after looking up an external system.

    >¤ It seems whenever the Directory.CreateDirectory()

    method
    >¤ executes I get an UnauthorizedAccessException

    exception. I
    >¤ suspect this is because the ASPNET account is a local
    >¤ account which is unknown to the computer where the

    share
    >¤ resides.

    >¤ How can I progamatically gain access to that share to
    >¤ create the dir?

    >¤ I do not want to configure impersonation in the

    web.config
    >¤ as I fear this is less secure.
    >
    >You need to understand how delegation works so you can

    choose which authentication method best suits
    >your configuration:
    >
    >http://msdn.microsoft.com/library/default.asp?

    url=/library/en-us/vsent7/html/vxconaspnetdelegation.asp
    >http://support.microsoft.com/default.aspx?scid=kb;en-

    us;810572
    >
    >
    >Paul ~~~
    >Microsoft MVP (Visual Basic)
    >.
    >
    Lachlan James, Feb 15, 2005
    #3
  4. Lachlan James

    Paul Clement Guest

    On Tue, 15 Feb 2005 03:36:08 -0800, "Lachlan James" <> wrote:

    ¤ Hi Paul,
    ¤
    ¤ Thanks for your reply. Unfortunately we are using a custom
    ¤ authentication system for this particular application
    ¤ because the built in ones don't fulfil our needs. This
    ¤ means using windows authentication & impersonation is not
    ¤ possible. Besides that, it is not recommended to do it
    ¤ that way for security reasons.
    ¤
    ¤ However towards the end of the article you posted it
    ¤ mentioned using COM+ serviced components to achieve this,
    ¤ so that's what I have done. I have a serviced component
    ¤ which I call from my asp.net app. The serviced component
    ¤ runs under a custom account which has access to the
    ¤ network share. This is the easiest & most secure way to do
    ¤ this I think.
    ¤
    ¤ For anyone else that is interested in doing this, below is
    ¤ a great article which explains how to do it and why it is
    ¤ the only viable option.
    ¤
    ¤ http://www.15seconds.com/issue/030926.htm
    ¤
    ¤ Lachlan

    Yes I still use this type of mechanism for ASP and Visual Basic 6.0 components, although I kind of
    moved away from COM+ since I moved to .NET.


    Paul ~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Feb 15, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jerry Camel

    Gaining Access to an Identity value

    Jerry Camel, Feb 12, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    291
    Chris Jackson
    Feb 13, 2004
  2. EventHelix.com

    Re: gaining OOP/C++ experience?

    EventHelix.com, Apr 1, 2004, in forum: C++
    Replies:
    0
    Views:
    399
    EventHelix.com
    Apr 1, 2004
  3. Dave Keen
    Replies:
    6
    Views:
    6,490
    Dave Keen
    Jul 21, 2006
  4. Replies:
    14
    Views:
    554
    Harry George
    Dec 4, 2006
  5. Saraswati lakki
    Replies:
    0
    Views:
    1,298
    Saraswati lakki
    Jan 6, 2012
Loading...

Share This Page