Impersonation issues

[Tom Wells]

My server admin and I are trying to figure out how to get impersonation
working to be able to upload a file from the client browser thru the web
server to a network file server. My network ID for testing is twells. Our
domain for testing is dev.com. If I don't have impersonation set in
web.config the user ID shown by
System.Security.Principal.WindowsIdentity.GetCurrent().Name is
"twells/ASPNET" which does not exist on our network. If I set <identity
impersonate="true"/> in web.config the the user ID is "twells_IUSR1" which
also does not exist on our network. If I set <identity impersonate="true"
UserName="twells" Password="MyDevPass5"/> (MyDevPass5 is my dev password) I
get a web.config syntax error. I've tried several variations on "twells"
such as "twells/dev.com" or "twells\dev.com" or "dev.com/twells" or
"dev.com\twells", but I get the same error. Om MSDN I can't find anything
useful that explains why this is happening or how to fix it.

Any help is greatly appreciated.
Thanks!
Tom

 

[William F. Robertson, Jr.]

We had the same problem with communication between our file server and
webserver. We didn't want to take the impersonation route as we have a user
pool of 20,000 users and that gets hard to maintain.

On the webserver we have the "aspnet" local account that runs the website.
One the fileserver we created a "aspnet" local account that has permissions
on the file server.

We manually set the passwords for both "webserver/aspnet" and
"fileserver/aspnet" account to the same. We also changed the machine.config
file, manually setting the machine (aspnet) password.

When the webserver tries to make a connection to the fileserver, it passes
his name/pass combination and the file server authenticated successfully and
the webserver can now browse the fileserver.

I am not sure if this is the direction you are looking for, but it will work
for your situation, unless of course you are using Domain accounts for
permissions on the actual directories.

HTH,

bill

 

[bruce barker]

you are on the correct track, but have bad syntax (web.config is case
sensitive) try:

<identity impersonate="true" userName="twells" password="MyDevPass5"/>

note: as twells is a local account, then you need a matching local account
on the fileserver with the same password. you could switch to a domain
account. also asp.net supports encrypting the password in the registry if
having it in the web.config is an issue. if twells is a domain then use:

<identity impersonate="true" userName="domain\twells"
password="MyDevPass5"/>

note: <identity impersonate="true"> causes the identity to be the iis
identity associated with the request. if the site is anonymous it will be
the iusr account. if the site is not anonymous it will the login entered at
the browser. you will not be able to access the fileserver with is login
unless you use basic or kerboeros, as nt creditals can not be forwarded (1
hop rule).

-- bruce (sqlwork.com)


where "domain" is your domain name (
| My server admin and I are trying to figure out how to get impersonation
| working to be able to upload a file from the client browser thru the web
| server to a network file server. My network ID for testing is twells.
Our
| domain for testing is dev.com. If I don't have impersonation set in
| web.config the user ID shown by
| System.Security.Principal.WindowsIdentity.GetCurrent().Name is
| "twells/ASPNET" which does not exist on our network. If I set <identity
| impersonate="true"/> in web.config the the user ID is "twells_IUSR1" which
| also does not exist on our network. If I set <identity impersonate="true"
| UserName="twells" Password="MyDevPass5"/> (MyDevPass5 is my dev password)
I
| get a web.config syntax error. I've tried several variations on "twells"
| such as "twells/dev.com" or "twells\dev.com" or "dev.com/twells" or
| "dev.com\twells", but I get the same error. Om MSDN I can't find anything
| useful that explains why this is happening or how to fix it.
|
| Any help is greatly appreciated.
| Thanks!
| Tom
|
|