ASP.NET impersonation - getfiles() problem

[float]

Hi all,

I've got problem with listing files in UNC path. Result is: Access to
the path '\\serwername\path' is denied. I'm using IIS 5.1 on WinXP
Pro. All machines in one domain. Impersonation is on.

web.config:
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows"/>
</system.web>

Integrated Windows authentication checked and Anonymous access
unchecked in IIS configuration.

I've been googling on this one for a few days now and checked various
configurations - none worked. The strange thing is that when trying
this on a serwer machine it works fine, but any other machine gets
error. The other thing is: when I hardcoded my domain account and
password in the web.config all works excelent (on every machine).

If anyone got any clue what I'm doing wrong please help - I've just
run out of ideas.

Marcin

 

[MarcinM]

... any one?

 

[Anthony Jones]

Hi all,

I've got problem with listing files in UNC path. Result is: Access to
the path '\\serwername\path' is denied. I'm using IIS 5.1 on WinXP
Pro. All machines in one domain. Impersonation is on.

web.config:
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows"/>
</system.web>

Integrated Windows authentication checked and Anonymous access
unchecked in IIS configuration.

I've been googling on this one for a few days now and checked various
configurations - none worked. The strange thing is that when trying
this on a serwer machine it works fine, but any other machine gets
error. The other thing is: when I hardcoded my domain account and
password in the web.config all works excelent (on every machine).

If anyone got any clue what I'm doing wrong please help - I've just
run out of ideas.

A machine must be trusted and configured for delegation. IOW the file
server doesn't trust your failing machines to access its resources on behalf
of another user.

See:-

http://technet2.microsoft.com/windo...a055-43f7-b9be-20599b694a311033.mspx?mfr=true

 

[float]

A machine must be trusted and configured for delegation. IOW the file
server doesn't trust your failing machines to access its resources on behalf
of another user.

See:-

http://technet2.microsoft.com/windowsserver/en/library/b207ee9c-a055-...

Anthony,
Thanks for the reply. I've just talked to my domain admin - a sad info
is that I will not be able to "allow my computer to be trusted fo
delegation" because of inside security procedures (bla, bla, bla). The
good neews is that if You are right, and I understand You correctly
this error will be no longer if I put my web site on the serwer
instead of my local machine. (serwers in one domain are trusting each
other by default, doesn't they?)
I will post as soon as I get my hands on the serwer.
Thanks again.

 

[Norman Yuan]

Anthony,
Thanks for the reply. I've just talked to my domain admin - a sad info
is that I will not be able to "allow my computer to be trusted fo
delegation" because of inside security procedures (bla, bla, bla). The
good neews is that if You are right, and I understand You correctly
this error will be no longer if I put my web site on the serwer
instead of my local machine. (serwers in one domain are trusting each
other by default, doesn't they?)

Maybe, maybe not. You still need to let your domain administrator to make it
happen.

As alternative, you could specify a domain username/password in web.config,
so that there is no need fo user identity jump from user->web server->file
location, like this:

<identity impersonate="true" user="domainName\userName" password="Password"
/>

 

[Anthony Jones]

Maybe, maybe not. You still need to let your domain administrator to make it
happen.

As alternative, you could specify a domain username/password in web.config,
so that there is no need fo user identity jump from user->web server->file
location, like this:

<identity impersonate="true" user="domainName\userName" password="Password"
/>

I wouldn't recommend that. Better to ensure servers are entrusted for
delegation as is appropriate (I'm sure there would be no objection to that).
This allows you to maintain better control over who has access to what using
standard windows security. It also doesn't require that a valid username
/password pair be stored in this way which would make any Administrator
nervous.

 

[float]

I wouldn't recommend that. Better to ensure servers are entrusted for
delegation as is appropriate (I'm sure there would be no objection to that).
This allows you to maintain better control over who has access to what using
standard windows security. It also doesn't require that a valid username
/password pair be stored in this way which would make any Administrator
nervous.

Norman,
Thanks for your reply - I tried that a few days back, and it
worked .
Unfortunately I can not use that solution for two reasons - both
mentioned in Anthony reply
(open user ID and pass, and above all access control to recources via
domain groups).
Hopefully I'll get access to test serwer tomorrow - I hope it will
work.
cheers

 

[float]

Norman,
Thanks for your reply - I tried that a few days back, and it
worked .
Unfortunately I can not use that solution for two reasons - both
mentioned in Anthony reply
(open user ID and pass, and above all access control to recources via
domain groups).
Hopefully I'll get access to test serwer tomorrow - I hope it will
work.
cheers

Hello again,
Damned IIS 6.0 still doesn't work as expected. I got access to Win
2003 serv. with IIS 6.0 (all in Active Directory) - tried to configure
it to windows integrated security, and almost succeded . Almost make
difference... After a few days of googling and Microsoft Tech.
searching I was able to launch a simple htm page. However when I try
run any .aspx page I got prompt for user and pass and then (after 3x)
"HTTP error 401.1 Denied by invalid user credentials". The strange
thing is I got this error even when trying to launch aspx page that
does not exists (?)...
To be honest I've just gave up. I've asked for help one of our AD
admins - we'll see what happens, but if he fails than 2 weeks of my
work is wasted.
Cheers.

 

[float]

Hello again,
Damned IIS 6.0 still doesn't work as expected. I got access to Win
2003 serv. with IIS 6.0 (all in Active Directory) - tried to configure
it to windows integrated security, and almost succeded . Almost make
difference... After a few days of googling and Microsoft Tech.
searching I was able to launch a simple htm page. However when I try
run any .aspx page I got prompt for user and pass and then (after 3x)
"HTTP error 401.1 Denied by invalid user credentials". The strange
thing is I got this error even when trying to launch aspx page that
does not exists (?)...
To be honest I've just gave up. I've asked for help one of our AD
admins - we'll see what happens, but if he fails than 2 weeks of my
work is wasted.
Cheers.

Forgot to say that I tried MS troubleshooting:
http://support.microsoft.com/kb/907273 - but no luck...