impersonation

Discussion in 'ASP .Net Security' started by Bad Beagle, Apr 28, 2005.

  1. Bad Beagle

    Bad Beagle Guest

    IIS 6.0

    Our developer created a asp.net application. I keep getting an error on the
    website:

    Exception Details: System.UnauthorizedAccessException: Access to the path
    "D:\Websites\intradev\peoplefind_net\csv\20050428103335.csv" is denied.

    I have used filemon and found that it is trying to access that directory
    structure using nt authority\network service. I need it to use the local
    aspnet account. How can I force it to use the aspnet account?
     
    Bad Beagle, Apr 28, 2005
    #1
    1. Advertising

  2. Bad Beagle

    Brock Allen Guest

    If you are running in IIS6, then by default your code is running as "Network
    Service". You can change the security DACL on the target file to allow MACHINENAME$
    access tot he file and it should work for you. The ASPNET account is only
    used (again, by default) when you're running on an IIS5 or 5.1 box -- so
    Windows 2000 or XP. If you really want your application in IIS6 to run as
    ASPNET, you can change the identity in the IIS admin tool for the AppPool
    that your app has been configured as. But every other app in the same AppPool
    will also be affected. If you choose this approach, then you might want to
    create a seperate AppPool specifically for your application.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > IIS 6.0
    >
    > Our developer created a asp.net application. I keep getting an error
    > on the website:
    >
    > Exception Details: System.UnauthorizedAccessException: Access to the
    > path "D:\Websites\intradev\peoplefind_net\csv\20050428103335.csv" is
    > denied.
    >
    > I have used filemon and found that it is trying to access that
    > directory structure using nt authority\network service. I need it to
    > use the local aspnet account. How can I force it to use the aspnet
    > account?
    >
     
    Brock Allen, Apr 28, 2005
    #2
    1. Advertising

  3. Hello Brock,

    Machine$ is only relevant if you are accessing remote files. You can indeed
    ACL local files directly with "NT AUTHORITY\NETWORK SERVICE"

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > If you are running in IIS6, then by default your code is running as
    > "Network Service". You can change the security DACL on the target file
    > to allow MACHINENAME$ access tot he file and it should work for you.
    > The ASPNET account is only used (again, by default) when you're
    > running on an IIS5 or 5.1 box -- so Windows 2000 or XP. If you really
    > want your application in IIS6 to run as ASPNET, you can change the
    > identity in the IIS admin tool for the AppPool that your app has been
    > configured as. But every other app in the same AppPool will also be
    > affected. If you choose this approach, then you might want to create a
    > seperate AppPool specifically for your application.
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >> IIS 6.0
    >>
    >> Our developer created a asp.net application. I keep getting an error
    >> on the website:
    >>
    >> Exception Details: System.UnauthorizedAccessException: Access to the
    >> path "D:\Websites\intradev\peoplefind_net\csv\20050428103335.csv" is
    >> denied.
    >>
    >> I have used filemon and found that it is trying to access that
    >> directory structure using nt authority\network service. I need it to
    >> use the local aspnet account. How can I force it to use the aspnet
    >> account?
    >>
     
    Dominick Baier [DevelopMentor], Apr 28, 2005
    #3
  4. Bad Beagle

    Brock Allen Guest

    > Machine$ is only relevant if you are accessing remote files. You can
    > indeed ACL local files directly with "NT AUTHORITY\NETWORK SERVICE"


    Oh good point. For some reason I just assumed he was accessing a network
    share, but a mapped drive wouldn't make any sense from ASP.NET anyway. Duh.

    Yeah, listen to what Dom says -- he knows best :)

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen
     
    Brock Allen, Apr 28, 2005
    #4
  5. Bad Beagle

    Bad Beagle Guest

    Thanks guys!
    "Brock Allen" <> wrote in message
    news:...
    >> Machine$ is only relevant if you are accessing remote files. You can
    >> indeed ACL local files directly with "NT AUTHORITY\NETWORK SERVICE"

    >
    > Oh good point. For some reason I just assumed he was accessing a network
    > share, but a mapped drive wouldn't make any sense from ASP.NET anyway.
    > Duh.
    >
    > Yeah, listen to what Dom says -- he knows best :)
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >
    >
    >
    >
     
    Bad Beagle, Apr 28, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kelly D. Jones

    Problem with impersonation and delegation

    Kelly D. Jones, Sep 4, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,826
  2. Pramod

    Impersonation code

    Pramod, May 12, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    2,664
  3. Raymond Basque

    Re: ASP.NET Fails after SP4 with Impersonation

    Raymond Basque, Jun 27, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    529
  4. Bassel Tabbara [MSFT]

    RE: ASP.NET Fails after SP4 with Impersonation

    Bassel Tabbara [MSFT], Jun 27, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    510
    Michael Kennedy [UB]
    Jun 28, 2003
  5. Hidulf
    Replies:
    1
    Views:
    456
    Michael Kennedy [UB]
    Jun 30, 2003
Loading...

Share This Page