ASP.NET 2.0 with UNC share - security restriction & impersonation




Web Server Platform: IIS 6.0 on Windows Server 2003, dotNet 2.0

UNC Share: located on remote server in same domain, Windows File

Application is ASP.NET 2.0 and must retrieve certain HTML pages and
images from the UNC share. The virtual directory which points to a
UNC share is set to run under a domain account. This account has the
appropriate access to the various .net-related directories on the web
server, because I ran the aspnet_regiis -ga <account> command.

In the web.config file, I am using impersonation under the same
account listed above.

My goal is to restrict the viewing of this web application to a
restricted internal audience. Therefor I have the IIS security set
Windows authentication only, and have restricted security on the
folder level to the web files.

I'm trying to restrict access to this folder with NTFS permissions,
but the ASP.NET domain account I'm using must obviously have read
access to the web application and UNC share. I removed the
"<LocalMachine>\Users" read access, but re-added "Network",
"Interactive" and "Network Service" read access.

How can I use ASP.NET impersonation to connect to a UNC share, but
still restrict access with Windows permissions? There must be a
better way than my approach. Your help is appreciated.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question