ASP.Net page Accessing Shared Resource

[baldwin]

Hello,

We are going to have a web application that will be load balanced.
Uploading documents into the same server is not an option. So we need
to create a shared folder in a different machine and the 2 web servers
will be accessing the shared folder. Problem is, how can we access the
shared folder without setting the permissions accesible to anyone? We
read some articles about impersonation (impersonate the aspnet process
to an account who has only access to the shared folder) and right now
we are still struggling to make it work. Is there any other way to
access a shared folder from ASP.net page where the webserver and the
shared folder reside in the different machine?

any help is greatly appreciated.

Thanks,
Baldwin

 

[KJ]

One thing we have done is to create identical virtual directories on
both web servers pointing to the same share. When setting up the
v-dirs, open the properties window, click the "connect as" button, and
enter the appropriate credentials. This make take some trial and error
to get working correctly. One thing also often necessary (when not
impersonating) is to give the ASPNET local server user (for both
servers) read permissions on the shared directory.

Another option is to try the code below which I have used to
successfully do impersonation under Windows auth (.net 1.1):

/// <summary>
/// This is used to programmatically
/// change the user principal on-demand.
///
/// It relies on the old Win32 APIs.
///
/// (This is made obsolete in .NET 2.0)
/// </summary>
public class Impersonation
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);

public bool ImpersonateValidWindowsUser(String userName, String
domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())
{
if(LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}

public void WindowsAuth_Impersonate()
{
impersonationContext =
((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate();
}

public void WindowsAuth_StopImpersonating()
{
impersonationContext.Undo();
}
}

 

[baldwin]

thanks for the code. I will try this.