Impersonate NT user from Anonymous login

Discussion in 'ASP .Net' started by ajamrozek, Feb 3, 2005.

  1. ajamrozek

    ajamrozek Guest

    I have an ASPX page that needs to display data from an Access DB that
    resides on a network resource other than the running server. To access
    the web page itself, I need IIS to have anonymous login set to true,
    but to access the Access DB I need to pass an authenticated network
    user. Not for the DB's sake but for the network directory that it
    resides on.
    Some more environment background: large company with tight server
    control. I don't directly work for the IT dept., so I need to make
    this as easy on IT as possible. Meaning, I can't do any server
    configuration (IIS settings or machine.config) and can not store my
    database on the server. Everything needs to be run from the .Net
    project.
    I've tried the following methods with no success:
    1. <identity impersonate="true" userName="domain\Username"
    password="password"/>
    fails because this user is not setup on the machine running IIS and
    I won't be able too.
    2. set the User name and password in IIS anonymous access config to
    the authenticated user. will not work because I will not be able to
    edit these values in production.
    3. attempted to use API's from MS's KB
    failed because it uses tokens based on the current user, which
    returned 0 for the token so the impersonation never executes.

    thanks,
    Alex Jamrozek
    ajamrozek, Feb 3, 2005
    #1
    1. Advertising

  2. ajamrozek

    Scott Allen Guest

    Approach #1 is, in my opinion, going to be the easiest method going
    forward. What type of error are you seeing in this case?

    --
    Scott
    http://www.OdeToCode.com/blogs/scott/

    On 3 Feb 2005 11:07:51 -0800, "ajamrozek" <> wrote:

    >I have an ASPX page that needs to display data from an Access DB that
    >resides on a network resource other than the running server. To access
    >the web page itself, I need IIS to have anonymous login set to true,
    >but to access the Access DB I need to pass an authenticated network
    >user. Not for the DB's sake but for the network directory that it
    >resides on.
    >Some more environment background: large company with tight server
    >control. I don't directly work for the IT dept., so I need to make
    >this as easy on IT as possible. Meaning, I can't do any server
    >configuration (IIS settings or machine.config) and can not store my
    >database on the server. Everything needs to be run from the .Net
    >project.
    >I've tried the following methods with no success:
    >1. <identity impersonate="true" userName="domain\Username"
    >password="password"/>
    > fails because this user is not setup on the machine running IIS and
    >I won't be able too.
    >2. set the User name and password in IIS anonymous access config to
    >the authenticated user. will not work because I will not be able to
    >edit these values in production.
    >3. attempted to use API's from MS's KB
    > failed because it uses tokens based on the current user, which
    >returned 0 for the token so the impersonation never executes.
    >
    >thanks,
    >Alex Jamrozek
    Scott Allen, Feb 3, 2005
    #2
    1. Advertising

  3. ajamrozek

    ajamrozek Guest

    For some reason it varies between
    -System.Data.OleDb.OleDbException: Unspecified error
    Or
    -The Microsoft Jet database engine
    cannot open the file '(unknown)'. It is already opened exclusively by
    another user, or you need permission to view its data
    ajamrozek, Feb 3, 2005
    #3
  4. Can the IT department make the IIS server a Domain member? if it is a domain
    member then you should be able to authenticate with user: domain\username

    "ajamrozek" <> wrote in message
    news:...
    >I have an ASPX page that needs to display data from an Access DB that
    > resides on a network resource other than the running server. To access
    > the web page itself, I need IIS to have anonymous login set to true,
    > but to access the Access DB I need to pass an authenticated network
    > user. Not for the DB's sake but for the network directory that it
    > resides on.
    > Some more environment background: large company with tight server
    > control. I don't directly work for the IT dept., so I need to make
    > this as easy on IT as possible. Meaning, I can't do any server
    > configuration (IIS settings or machine.config) and can not store my
    > database on the server. Everything needs to be run from the .Net
    > project.
    > I've tried the following methods with no success:
    > 1. <identity impersonate="true" userName="domain\Username"
    > password="password"/>
    > fails because this user is not setup on the machine running IIS and
    > I won't be able too.
    > 2. set the User name and password in IIS anonymous access config to
    > the authenticated user. will not work because I will not be able to
    > edit these values in production.
    > 3. attempted to use API's from MS's KB
    > failed because it uses tokens based on the current user, which
    > returned 0 for the token so the impersonation never executes.
    >
    > thanks,
    > Alex Jamrozek
    >
    Shawn H. Mesiatowsky, Feb 3, 2005
    #4
  5. ajamrozek

    ajamrozek Guest

    There is a possiblity that the IIS server will be on the domain, but I
    want to assume it won't be. I'm developing on a laptop that is not
    part of the domain, which I think mimics the production environment.
    The IIS server will more than likely not be part of the domain as the
    Access DB network resource; same with the clients.
    ajamrozek, Feb 3, 2005
    #5
  6. ajamrozek,
    The error "System.Data.OleDb.OleDbException" look like its from
    the application but "The Microsoft Jet database engine
    cannot open the file '(unknown)'. It is already opened exclusively by
    another user, or you need permission to view its data"

    Seems someone else is using the file!
    But do you have any NTFS permission created for the file?





    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Patrick Olurotimi Ige, Feb 3, 2005
    #6
  7. ajamrozek

    ajamrozek Guest

    yeah i'm not worried so much about the oledbexception as i am about the
    jet database err. I know what's causing it; to open a .mdb file a
    ..ldb file must be created in the same directory. To do this, the app
    needs to be authenticated on the server. It has nothing to do with the
    file being open or what permissions are applied to the file (though
    those things would cause errors of their own also).
    ajamrozek, Feb 4, 2005
    #7
  8. ajamrozek,
    So you got it fixed!!



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Patrick Olurotimi Ige, Feb 4, 2005
    #8
  9. ajamrozek

    ajamrozek Guest

    lol, no. that last post was more of a further qualification of my
    problem, in that, I know what the problem is, I just can't fix it yet.
    ajamrozek, Feb 4, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Maellic
    Replies:
    3
    Views:
    4,308
    Maellic
    Jan 13, 2004
  2. Reporter
    Replies:
    3
    Views:
    470
    Mike Schilling
    May 12, 2007
  3. Bill Belliveau

    DirectoryEntry Impersonate or WindowsIdentity Impersonate?

    Bill Belliveau, Jan 28, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    339
    Joe Kaplan \(MVP - ADSI\)
    Jan 31, 2004
  4. yurps
    Replies:
    1
    Views:
    130
    yurps
    Jan 27, 2005
  5. Replies:
    1
    Views:
    220
Loading...

Share This Page