P
Peter Afonin
Hello:
When I try to access a SQL server or a network share from an ASP.Net
application that I run on my computer, I run into security problems (for
instance, I cannot execute DTS package using Trusted connection or get a
file information using FileInfo class). This is probably because my
application is running under PETER\ASPNET account, where PETER is my
computer's name. I can solve this problem by using Impersonation.
However, when I specify Impersonation in Web.config, it usually creates some
problems when I move my application to the server. So I prefer to
impersonate my application programmatically and then cancel it:
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
.............................................................................
......................
impersonationContext.Undo()
Ususally this works OK, but this time the line
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
is producing an "Invalid Cast" error. I've noticed that User.Identity is
actually an empty string.
What could be wrong? Is there another way to solve these security issues
besides using Impersonation? I cannot add PETER\ASPNET account to the SQL
server or to the network share permissions.
I would greatly appreciate your suggestions.
Thank you,
When I try to access a SQL server or a network share from an ASP.Net
application that I run on my computer, I run into security problems (for
instance, I cannot execute DTS package using Trusted connection or get a
file information using FileInfo class). This is probably because my
application is running under PETER\ASPNET account, where PETER is my
computer's name. I can solve this problem by using Impersonation.
However, when I specify Impersonation in Web.config, it usually creates some
problems when I move my application to the server. So I prefer to
impersonate my application programmatically and then cancel it:
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
.............................................................................
......................
impersonationContext.Undo()
Ususally this works OK, but this time the line
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
is producing an "Invalid Cast" error. I've noticed that User.Identity is
actually an empty string.
What could be wrong? Is there another way to solve these security issues
besides using Impersonation? I cannot add PETER\ASPNET account to the SQL
server or to the network share permissions.
I would greatly appreciate your suggestions.
Thank you,