How to create file on network share from ASP.NET

Discussion in 'ASP .Net' started by =?Utf-8?B?QW5kcmU=?=, Jul 20, 2005.

  1. Hi,

    I have ASP.NET application running on standalone (not part of the domain)
    Windows 2003. I use forms authentication for my application. The problem I
    have is that I need to create and read files on Windows domain network shared
    drives and also on shared via Samba Unix drives, which is equivalent to
    writing/reading to the workgroup computer. Please point, if possible, to
    detailed step by step description of what needs to be done. Thank you.

    Regards,
     
    =?Utf-8?B?QW5kcmU=?=, Jul 20, 2005
    #1
    1. Advertising

  2. Hi Andre,

    You can certainly use the System.IO classes to create files on a network
    drive in the same way that you would create them on a local machine drive.
    You can use a UNC path if you wish, or a mapped drive. The rules are the
    same. The only differences would be:

    1. Security: Use an Active Directory domain account with the proper
    permissions. Use impersonation if necessary.
    2. Unix drives: You may have some issues with the files themselves,
    especially if they are text files. Carriage returns are different on Unix
    systems. The system may be using ASCII instead of Unicode text encoding as
    well.

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    The sun never sets on
    the Kingdom of Heaven

    "Andre" <> wrote in message
    news:...
    > Hi,
    >
    > I have ASP.NET application running on standalone (not part of the domain)
    > Windows 2003. I use forms authentication for my application. The problem I
    > have is that I need to create and read files on Windows domain network
    > shared
    > drives and also on shared via Samba Unix drives, which is equivalent to
    > writing/reading to the workgroup computer. Please point, if possible, to
    > detailed step by step description of what needs to be done. Thank you.
    >
    > Regards,
    >
     
    Kevin Spencer, Jul 20, 2005
    #2
    1. Advertising

  3. Hi Kevin,

    My problem is that I don't understand how impersanation can help me. My web
    server (means any accounts on it) does not permissions to read/write to
    shared directories. Administrators of Unix and Windows domain created for me
    appropriate accounts for access to shares - means on Unix was created user
    asp with password asp which can access shared folder. From Windows Explorer
    on my PC I can connect to this shared folder using provided username and
    password. But this username and password are from remote box not the local
    one, which means that LogonUser will not work for me as it can be used only
    to login to local computer (at least that is what documentation says).

    Could you please help with the issue that I need to login to another box
    using another box'es account and not the local one?

    Thanks a lot.
    "Kevin Spencer" wrote:

    > Hi Andre,
    >
    > You can certainly use the System.IO classes to create files on a network
    > drive in the same way that you would create them on a local machine drive.
    > You can use a UNC path if you wish, or a mapped drive. The rules are the
    > same. The only differences would be:
    >
    > 1. Security: Use an Active Directory domain account with the proper
    > permissions. Use impersonation if necessary.
    > 2. Unix drives: You may have some issues with the files themselves,
    > especially if they are text files. Carriage returns are different on Unix
    > systems. The system may be using ASCII instead of Unicode text encoding as
    > well.
    >
    > --
    > HTH,
    >
    > Kevin Spencer
    > Microsoft MVP
    > ..Net Developer
    > The sun never sets on
    > the Kingdom of Heaven
    >
    > "Andre" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I have ASP.NET application running on standalone (not part of the domain)
    > > Windows 2003. I use forms authentication for my application. The problem I
    > > have is that I need to create and read files on Windows domain network
    > > shared
    > > drives and also on shared via Samba Unix drives, which is equivalent to
    > > writing/reading to the workgroup computer. Please point, if possible, to
    > > detailed step by step description of what needs to be done. Thank you.
    > >
    > > Regards,
    > >

    >
    >
    >
     
    =?Utf-8?B?QW5kcmU=?=, Jul 21, 2005
    #3
  4. Hi, Andre.

    re:
    > Could you please help with the issue that I need to login to
    > another box using another box's account and not the local one?


    <identity impersonate="true" name="domain\user" password="pwd"/>

    should allow you to run ASP.NET while impersonating the
    domain account which has permissions to read/write the other box.

    For that, of course, both the other box and your box
    need to be members of the same domain.





    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Andre" <> wrote in message
    news:...
    > Hi Kevin,
    >
    > My problem is that I don't understand how impersanation can help me. My web
    > server (means any accounts on it) does not permissions to read/write to
    > shared directories. Administrators of Unix and Windows domain created for me
    > appropriate accounts for access to shares - means on Unix was created user
    > asp with password asp which can access shared folder. From Windows Explorer
    > on my PC I can connect to this shared folder using provided username and
    > password. But this username and password are from remote box not the local
    > one, which means that LogonUser will not work for me as it can be used only
    > to login to local computer (at least that is what documentation says).
    >
    > Could you please help with the issue that I need to login to another box
    > using another box'es account and not the local one?
    >
    > Thanks a lot.


    > "Kevin Spencer" wrote:


    >> Hi Andre,
    >>
    >> You can certainly use the System.IO classes to create files on a network
    >> drive in the same way that you would create them on a local machine drive.
    >> You can use a UNC path if you wish, or a mapped drive. The rules are the
    >> same. The only differences would be:
    >>
    >> 1. Security: Use an Active Directory domain account with the proper
    >> permissions. Use impersonation if necessary.
    >> 2. Unix drives: You may have some issues with the files themselves,
    >> especially if they are text files. Carriage returns are different on Unix
    >> systems. The system may be using ASCII instead of Unicode text encoding as
    >> well.
    >>
    >> --
    >> HTH,
    >>
    >> Kevin Spencer
    >> Microsoft MVP
    >> ..Net Developer
    >> The sun never sets on
    >> the Kingdom of Heaven
    >>
    >> "Andre" <> wrote in message
    >> news:...
    >> > Hi,
    >> >
    >> > I have ASP.NET application running on standalone (not part of the domain)
    >> > Windows 2003. I use forms authentication for my application. The problem I
    >> > have is that I need to create and read files on Windows domain network
    >> > shared
    >> > drives and also on shared via Samba Unix drives, which is equivalent to
    >> > writing/reading to the workgroup computer. Please point, if possible, to
    >> > detailed step by step description of what needs to be done. Thank you.
    >> >
    >> > Regards,
     
    Juan T. Llibre, Jul 21, 2005
    #4
  5. Andre,

    You might also want to acquire access programmatically.

    Read this article :
    http://www.netomatix.com/ImpersonateUser.aspx
    and download and study the sample code provided.



    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Andre" <> wrote in message
    news:...
    > Hi Kevin,
    >
    > My problem is that I don't understand how impersanation can help me. My web
    > server (means any accounts on it) does not permissions to read/write to
    > shared directories. Administrators of Unix and Windows domain created for me
    > appropriate accounts for access to shares - means on Unix was created user
    > asp with password asp which can access shared folder. From Windows Explorer
    > on my PC I can connect to this shared folder using provided username and
    > password. But this username and password are from remote box not the local
    > one, which means that LogonUser will not work for me as it can be used only
    > to login to local computer (at least that is what documentation says).
    >
    > Could you please help with the issue that I need to login to another box
    > using another box'es account and not the local one?
    >
    > Thanks a lot.
    > "Kevin Spencer" wrote:
    >
    >> Hi Andre,
    >>
    >> You can certainly use the System.IO classes to create files on a network
    >> drive in the same way that you would create them on a local machine drive.
    >> You can use a UNC path if you wish, or a mapped drive. The rules are the
    >> same. The only differences would be:
    >>
    >> 1. Security: Use an Active Directory domain account with the proper
    >> permissions. Use impersonation if necessary.
    >> 2. Unix drives: You may have some issues with the files themselves,
    >> especially if they are text files. Carriage returns are different on Unix
    >> systems. The system may be using ASCII instead of Unicode text encoding as
    >> well.
    >>
    >> --
    >> HTH,
    >>
    >> Kevin Spencer
    >> Microsoft MVP
    >> ..Net Developer
    >> The sun never sets on
    >> the Kingdom of Heaven
    >>
    >> "Andre" <> wrote in message
    >> news:...
    >> > Hi,
    >> >
    >> > I have ASP.NET application running on standalone (not part of the domain)
    >> > Windows 2003. I use forms authentication for my application. The problem I
    >> > have is that I need to create and read files on Windows domain network
    >> > shared
    >> > drives and also on shared via Samba Unix drives, which is equivalent to
    >> > writing/reading to the workgroup computer. Please point, if possible, to
    >> > detailed step by step description of what needs to be done. Thank you.
    >> >
    >> > Regards,
    >> >

    >>
    >>
    >>
     
    Juan T. Llibre, Jul 21, 2005
    #5
  6. Hi Juan,

    Thank you for your reply, but my point is exactly that both computers ARE
    NOT members of the same domain - one is standalone Win2003 and another is
    external domain member and I can not put both onto the same domain. Is there
    any other way to do it?

    Thank you.


    > You might also want to acquire access programmatically.
    >
    > Read this article :
    > http://www.netomatix.com/ImpersonateUser.aspx
    > and download and study the sample code provided.
    >
    >
    >
    > Juan T. Llibre
    > ASP.NET MVP
    > http://asp.net.do/foros/
    > Foros de ASP.NET en Español
    > Ven, y hablemos de ASP.NET...
    > ======================
    >
    > "Andre" <> wrote in message
    > news:...
    > > Hi Kevin,
    > >
    > > My problem is that I don't understand how impersanation can help me. My web
    > > server (means any accounts on it) does not permissions to read/write to
    > > shared directories. Administrators of Unix and Windows domain created for me
    > > appropriate accounts for access to shares - means on Unix was created user
    > > asp with password asp which can access shared folder. From Windows Explorer
    > > on my PC I can connect to this shared folder using provided username and
    > > password. But this username and password are from remote box not the local
    > > one, which means that LogonUser will not work for me as it can be used only
    > > to login to local computer (at least that is what documentation says).
    > >
    > > Could you please help with the issue that I need to login to another box
    > > using another box'es account and not the local one?
    > >
    > > Thanks a lot.
    > > "Kevin Spencer" wrote:
    > >
    > >> Hi Andre,
    > >>
    > >> You can certainly use the System.IO classes to create files on a network
    > >> drive in the same way that you would create them on a local machine drive.
    > >> You can use a UNC path if you wish, or a mapped drive. The rules are the
    > >> same. The only differences would be:
    > >>
    > >> 1. Security: Use an Active Directory domain account with the proper
    > >> permissions. Use impersonation if necessary.
    > >> 2. Unix drives: You may have some issues with the files themselves,
    > >> especially if they are text files. Carriage returns are different on Unix
    > >> systems. The system may be using ASCII instead of Unicode text encoding as
    > >> well.
    > >>
    > >> --
    > >> HTH,
    > >>
    > >> Kevin Spencer
    > >> Microsoft MVP
    > >> ..Net Developer
    > >> The sun never sets on
    > >> the Kingdom of Heaven
    > >>
    > >> "Andre" <> wrote in message
    > >> news:...
    > >> > Hi,
    > >> >
    > >> > I have ASP.NET application running on standalone (not part of the domain)
    > >> > Windows 2003. I use forms authentication for my application. The problem I
    > >> > have is that I need to create and read files on Windows domain network
    > >> > shared
    > >> > drives and also on shared via Samba Unix drives, which is equivalent to
    > >> > writing/reading to the workgroup computer. Please point, if possible, to
    > >> > detailed step by step description of what needs to be done. Thank you.
    > >> >
    > >> > Regards,
    > >> >
    > >>
    > >>
    > >>

    >
    >
    >
     
    =?Utf-8?B?QW5kcmU=?=, Jul 21, 2005
    #6
  7. re:
    > both computers ARE NOT members of the same domain


    I think that, if that's the case, you're out of luck.

    You might want to talk to your network admin
    about joining your machine to the network.

    What would prevent that ?
    ( If you need to access the shared drive's file system... )

    My question to you is : how do you have *shared drives*
    if the machines are not on the same network ?

    That sounds a bit counter-intuitive to me.




    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Andre" <> wrote in message
    news:...
    > Hi Juan,
    >
    > Thank you for your reply, but my point is exactly that both computers ARE
    > NOT members of the same domain - one is standalone Win2003 and another is
    > external domain member and I can not put both onto the same domain. Is there
    > any other way to do it?
    >
    > Thank you.
    >
    >
    >> You might also want to acquire access programmatically.
    >>
    >> Read this article :
    >> http://www.netomatix.com/ImpersonateUser.aspx
    >> and download and study the sample code provided.
    >>
    >>
    >>
    >> Juan T. Llibre
    >> ASP.NET MVP
    >> http://asp.net.do/foros/
    >> Foros de ASP.NET en Español
    >> Ven, y hablemos de ASP.NET...
    >> ======================
    >>
    >> "Andre" <> wrote in message
    >> news:...
    >> > Hi Kevin,
    >> >
    >> > My problem is that I don't understand how impersanation can help me. My web
    >> > server (means any accounts on it) does not permissions to read/write to
    >> > shared directories. Administrators of Unix and Windows domain created for me
    >> > appropriate accounts for access to shares - means on Unix was created user
    >> > asp with password asp which can access shared folder. From Windows Explorer
    >> > on my PC I can connect to this shared folder using provided username and
    >> > password. But this username and password are from remote box not the local
    >> > one, which means that LogonUser will not work for me as it can be used only
    >> > to login to local computer (at least that is what documentation says).
    >> >
    >> > Could you please help with the issue that I need to login to another box
    >> > using another box'es account and not the local one?
    >> >
    >> > Thanks a lot.
    >> > "Kevin Spencer" wrote:
    >> >
    >> >> Hi Andre,
    >> >>
    >> >> You can certainly use the System.IO classes to create files on a network
    >> >> drive in the same way that you would create them on a local machine drive.
    >> >> You can use a UNC path if you wish, or a mapped drive. The rules are the
    >> >> same. The only differences would be:
    >> >>
    >> >> 1. Security: Use an Active Directory domain account with the proper
    >> >> permissions. Use impersonation if necessary.
    >> >> 2. Unix drives: You may have some issues with the files themselves,
    >> >> especially if they are text files. Carriage returns are different on Unix
    >> >> systems. The system may be using ASCII instead of Unicode text encoding as
    >> >> well.
    >> >>
    >> >> --
    >> >> HTH,
    >> >>
    >> >> Kevin Spencer
    >> >> Microsoft MVP
    >> >> ..Net Developer
    >> >> The sun never sets on
    >> >> the Kingdom of Heaven
    >> >>
    >> >> "Andre" <> wrote in message
    >> >> news:...
    >> >> > Hi,
    >> >> >
    >> >> > I have ASP.NET application running on standalone (not part of the domain)
    >> >> > Windows 2003. I use forms authentication for my application. The problem I
    >> >> > have is that I need to create and read files on Windows domain network
    >> >> > shared
    >> >> > drives and also on shared via Samba Unix drives, which is equivalent to
    >> >> > writing/reading to the workgroup computer. Please point, if possible, to
    >> >> > detailed step by step description of what needs to be done. Thank you.
    >> >> >
    >> >> > Regards,
     
    Juan T. Llibre, Jul 21, 2005
    #7
  8. Hi Andre,

    You can certainly impersonate a member of any domain, as long as you supply
    that user's credentials. It's simply a matter of identifying the domain as
    well as the user.

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    The sun never sets on
    the Kingdom of Heaven

    "Andre" <> wrote in message
    news:...
    > Hi Juan,
    >
    > Thank you for your reply, but my point is exactly that both computers ARE
    > NOT members of the same domain - one is standalone Win2003 and another is
    > external domain member and I can not put both onto the same domain. Is
    > there
    > any other way to do it?
    >
    > Thank you.
    >
    >
    >> You might also want to acquire access programmatically.
    >>
    >> Read this article :
    >> http://www.netomatix.com/ImpersonateUser.aspx
    >> and download and study the sample code provided.
    >>
    >>
    >>
    >> Juan T. Llibre
    >> ASP.NET MVP
    >> http://asp.net.do/foros/
    >> Foros de ASP.NET en Español
    >> Ven, y hablemos de ASP.NET...
    >> ======================
    >>
    >> "Andre" <> wrote in message
    >> news:...
    >> > Hi Kevin,
    >> >
    >> > My problem is that I don't understand how impersanation can help me. My
    >> > web
    >> > server (means any accounts on it) does not permissions to read/write to
    >> > shared directories. Administrators of Unix and Windows domain created
    >> > for me
    >> > appropriate accounts for access to shares - means on Unix was created
    >> > user
    >> > asp with password asp which can access shared folder. From Windows
    >> > Explorer
    >> > on my PC I can connect to this shared folder using provided username
    >> > and
    >> > password. But this username and password are from remote box not the
    >> > local
    >> > one, which means that LogonUser will not work for me as it can be used
    >> > only
    >> > to login to local computer (at least that is what documentation says).
    >> >
    >> > Could you please help with the issue that I need to login to another
    >> > box
    >> > using another box'es account and not the local one?
    >> >
    >> > Thanks a lot.
    >> > "Kevin Spencer" wrote:
    >> >
    >> >> Hi Andre,
    >> >>
    >> >> You can certainly use the System.IO classes to create files on a
    >> >> network
    >> >> drive in the same way that you would create them on a local machine
    >> >> drive.
    >> >> You can use a UNC path if you wish, or a mapped drive. The rules are
    >> >> the
    >> >> same. The only differences would be:
    >> >>
    >> >> 1. Security: Use an Active Directory domain account with the proper
    >> >> permissions. Use impersonation if necessary.
    >> >> 2. Unix drives: You may have some issues with the files themselves,
    >> >> especially if they are text files. Carriage returns are different on
    >> >> Unix
    >> >> systems. The system may be using ASCII instead of Unicode text
    >> >> encoding as
    >> >> well.
    >> >>
    >> >> --
    >> >> HTH,
    >> >>
    >> >> Kevin Spencer
    >> >> Microsoft MVP
    >> >> ..Net Developer
    >> >> The sun never sets on
    >> >> the Kingdom of Heaven
    >> >>
    >> >> "Andre" <> wrote in message
    >> >> news:...
    >> >> > Hi,
    >> >> >
    >> >> > I have ASP.NET application running on standalone (not part of the
    >> >> > domain)
    >> >> > Windows 2003. I use forms authentication for my application. The
    >> >> > problem I
    >> >> > have is that I need to create and read files on Windows domain
    >> >> > network
    >> >> > shared
    >> >> > drives and also on shared via Samba Unix drives, which is equivalent
    >> >> > to
    >> >> > writing/reading to the workgroup computer. Please point, if
    >> >> > possible, to
    >> >> > detailed step by step description of what needs to be done. Thank
    >> >> > you.
    >> >> >
    >> >> > Regards,
    >> >> >
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Kevin Spencer, Jul 21, 2005
    #8
  9. =?Utf-8?B?QW5kcmU=?=

    Scott Allen Guest

    One technique I've used in the past is to use mirrored account. Set up
    an account on both machines - same username, same password. Then
    ASP.NET can impersonate the account on the server and be authenticated
    / authorized on the remote machine.

    --
    Scott
    http://www.OdeToCode.com/blogs/scott/


    On Thu, 21 Jul 2005 06:35:05 -0700, "Andre"
    <> wrote:

    >Hi Juan,
    >
    >Thank you for your reply, but my point is exactly that both computers ARE
    >NOT members of the same domain - one is standalone Win2003 and another is
    >external domain member and I can not put both onto the same domain. Is there
    >any other way to do it?
    >
    >Thank you.
    >
     
    Scott Allen, Jul 21, 2005
    #9
  10. Guys,

    Thank you very much for your answers/suggestions.

    Scott,
    Does you suggestion mean that Windows will always try to login using current
    (impersonated) credentials first? What if my impersonated credentials are
    domain related, is it going to be a problem? Sorry for dumb questions I am
    not an expert in Windows security.

    Kevin,
    Does you suggestion mean, that it is domain, which webserver belongs to, you
    are talking about? Can impersonte user of another domain (I have domain name,
    username and password for that domain, but server is not part of that domain)?

    Juan,
    There are various reasons (not of a technical matter) which prevent our
    web-server to be joined with the other domain. Machines are on the same
    physical network, but webserver is maintained by one company and domain by
    another. So all I have from the domain managed box is the domain name, share
    name, username and password on THAT domain and I need to create export files
    using those credentials. I can do this from Windows GUI - access that share
    using provided credentials so it is should not a problem via .Net too.

    I am currently looking at using WNetAddConnection2 function to map external
    drives locally and write onto local drives. Is it a good idea?

    Thanks & Regards,

    Andre.


    "Scott Allen" wrote:

    > One technique I've used in the past is to use mirrored account. Set up
    > an account on both machines - same username, same password. Then
    > ASP.NET can impersonate the account on the server and be authenticated
    > / authorized on the remote machine.
    >
    > --
    > Scott
    > http://www.OdeToCode.com/blogs/scott/
    >
    >
    > On Thu, 21 Jul 2005 06:35:05 -0700, "Andre"
    > <> wrote:
    >
    > >Hi Juan,
    > >
    > >Thank you for your reply, but my point is exactly that both computers ARE
    > >NOT members of the same domain - one is standalone Win2003 and another is
    > >external domain member and I can not put both onto the same domain. Is there
    > >any other way to do it?
    > >
    > >Thank you.
    > >

    >
    >
     
    =?Utf-8?B?QW5kcmU=?=, Jul 22, 2005
    #10
  11. Hi Andre,

    > Does you suggestion mean, that it is domain, which webserver belongs to,
    > you
    > are talking about? Can impersonte user of another domain (I have domain
    > name,
    > username and password for that domain, but server is not part of that
    > domain)?


    Of course it is possible to impersonate a user of a different domain or
    Workgroup within the same LAN, and even across the Internet. Our LAN, for
    example, is comprised of several different domains and Workgroups. I can, as
    a network administrator, access any of these machines, and perform any kind
    of operation on them, from my local machine, using Windows Explorer, Event
    Viewer, IIS Admin snap-in, Remote Desktop, and a large variety of other
    applications. Sometimes I have to provide a different set of credentials,
    such as domain credentials, in order to do so. As an ASP.Net application is
    also an application, it can certainly do the same. It's "simply" a matter of
    knowing how. The following (and related) article(s) should give you the
    ammunition you need to implement this in your app:

    http://www.15seconds.com/issue/041208.htm

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    The sun never sets on
    the Kingdom of Heaven

    "Andre" <> wrote in message
    news:...
    > Guys,
    >
    > Thank you very much for your answers/suggestions.
    >
    > Scott,
    > Does you suggestion mean that Windows will always try to login using
    > current
    > (impersonated) credentials first? What if my impersonated credentials are
    > domain related, is it going to be a problem? Sorry for dumb questions I am
    > not an expert in Windows security.
    >
    > Kevin,
    > Does you suggestion mean, that it is domain, which webserver belongs to,
    > you
    > are talking about? Can impersonte user of another domain (I have domain
    > name,
    > username and password for that domain, but server is not part of that
    > domain)?
    >
    > Juan,
    > There are various reasons (not of a technical matter) which prevent our
    > web-server to be joined with the other domain. Machines are on the same
    > physical network, but webserver is maintained by one company and domain by
    > another. So all I have from the domain managed box is the domain name,
    > share
    > name, username and password on THAT domain and I need to create export
    > files
    > using those credentials. I can do this from Windows GUI - access that
    > share
    > using provided credentials so it is should not a problem via .Net too.
    >
    > I am currently looking at using WNetAddConnection2 function to map
    > external
    > drives locally and write onto local drives. Is it a good idea?
    >
    > Thanks & Regards,
    >
    > Andre.
    >
    >
    > "Scott Allen" wrote:
    >
    >> One technique I've used in the past is to use mirrored account. Set up
    >> an account on both machines - same username, same password. Then
    >> ASP.NET can impersonate the account on the server and be authenticated
    >> / authorized on the remote machine.
    >>
    >> --
    >> Scott
    >> http://www.OdeToCode.com/blogs/scott/
    >>
    >>
    >> On Thu, 21 Jul 2005 06:35:05 -0700, "Andre"
    >> <> wrote:
    >>
    >> >Hi Juan,
    >> >
    >> >Thank you for your reply, but my point is exactly that both computers
    >> >ARE
    >> >NOT members of the same domain - one is standalone Win2003 and another
    >> >is
    >> >external domain member and I can not put both onto the same domain. Is
    >> >there
    >> >any other way to do it?
    >> >
    >> >Thank you.
    >> >

    >>
    >>
     
    Kevin Spencer, Jul 22, 2005
    #11
  12. Hi, Andre.

    You can use "mirrored" local accounts (that is, accounts with matching
    usernames and passwords on two computers). You need to use this
    approach when the computers are in separate domains with no trust
    relationship or when the computers are separated by a firewall and you
    cannot open the ports required for NTLM or Kerberos authentication.

    See :
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp

    In the "ASP.NET Worker Process Identity" section
    you'll find precise instructions for setting up mirrored accounts.




    Juan T. Llibre
    ASP.NET MVP
    http://asp.net.do/foros/
    Foros de ASP.NET en Español
    Ven, y hablemos de ASP.NET...
    ======================

    "Andre" <> wrote in message
    news:...
    > Guys,
    >
    > Thank you very much for your answers/suggestions.
    >
    > Scott,
    > Does you suggestion mean that Windows will always try to login using current
    > (impersonated) credentials first? What if my impersonated credentials are
    > domain related, is it going to be a problem? Sorry for dumb questions I am
    > not an expert in Windows security.
    >
    > Kevin,
    > Does you suggestion mean, that it is domain, which webserver belongs to, you
    > are talking about? Can impersonte user of another domain (I have domain name,
    > username and password for that domain, but server is not part of that domain)?
    >
    > Juan,
    > There are various reasons (not of a technical matter) which prevent our
    > web-server to be joined with the other domain. Machines are on the same
    > physical network, but webserver is maintained by one company and domain by
    > another. So all I have from the domain managed box is the domain name, share
    > name, username and password on THAT domain and I need to create export files
    > using those credentials. I can do this from Windows GUI - access that share
    > using provided credentials so it is should not a problem via .Net too.
    >
    > I am currently looking at using WNetAddConnection2 function to map external
    > drives locally and write onto local drives. Is it a good idea?
    >
    > Thanks & Regards,
    >
    > Andre.
    >
    >
    > "Scott Allen" wrote:
    >
    >> One technique I've used in the past is to use mirrored account. Set up
    >> an account on both machines - same username, same password. Then
    >> ASP.NET can impersonate the account on the server and be authenticated
    >> / authorized on the remote machine.
    >>
    >> --
    >> Scott
    >> http://www.OdeToCode.com/blogs/scott/
    >>
    >>
    >> On Thu, 21 Jul 2005 06:35:05 -0700, "Andre"
    >> <> wrote:
    >>
    >> >Hi Juan,
    >> >
    >> >Thank you for your reply, but my point is exactly that both computers ARE
    >> >NOT members of the same domain - one is standalone Win2003 and another is
    >> >external domain member and I can not put both onto the same domain. Is there
    >> >any other way to do it?
    >> >
    >> >Thank you.
    >> >

    >>
    >>
     
    Juan T. Llibre, Jul 25, 2005
    #12
  13. =?Utf-8?B?QW5kcmU=?=

    homertbush

    Joined:
    Mar 5, 2008
    Messages:
    1
    Essentially what he's saying is that you can create two local account on both machines with the same user names and passwords.

    You can then impersonate the local account with the ASP.NET worker process and access the other machine with the same rights as the local account created there.

    This is a common way to get around lack of domain trusts or lack of domain accounts at all.

    There's a post here that discusses it.
    http://blog.tylerholmes.com/2008/03/work-around-when-impersonating.html
     
    homertbush, Mar 5, 2008
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cowboy \(Gregory A. Beamer\)

    Re: Running ASP.NET application from network share

    Cowboy \(Gregory A. Beamer\), Jul 25, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    599
    Cowboy \(Gregory A. Beamer\)
    Jul 25, 2003
  2. Mike S
    Replies:
    0
    Views:
    435
    Mike S
    Aug 4, 2003
  3. Steve Roszko

    Access Network Share with ASP.NET

    Steve Roszko, Oct 22, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    795
    Steve Roszko
    Oct 22, 2003
  4. JR
    Replies:
    8
    Views:
    463
    Steven Cheng[MSFT]
    Apr 28, 2004
  5. Saraswati lakki
    Replies:
    0
    Views:
    1,349
    Saraswati lakki
    Jan 6, 2012
Loading...

Share This Page