Connecting to a network share

[Matt Dockerty]

Hi,

I'm trying to connect to a network share using a username / password /
domain of my choosing.

I've tried the WindowsIdentity.Impersonate route but can only impersonate
the users on the local machine / domain using this method.

I could go about creating actual mapped drives but I'd much rather connect
temporarily to a UNC share without affecting the system configuration.

I've Googled this one to death. Does anybody have any ideas?

Thanks,
Matt

 

[Scott Allen]

Hi Matt:

I take it the second machine is not in the same domain?

One approach would be to create a local user account on the remote
machine with the same username and password as a user on the web
server.

Mapped drives are a no-no in ASP.NET because they only load for an
interactive user, i.e. a user logged into a visible desktop, which the
asp.net worker process does not.

 

[Matt Dockerty]

Hi Scott,

Thanks for answering. Yes they are completely separate machines. I can
impersonate an interactive user if needs be, the application is secured and
I have free reign over the server it will run on if I need to do anything
hacky, but I was kinda hoping I wouldn't have to.

Beats me why I need to physically impersonate a user, I imagine explorer
doesn't change the account it's running under to view a network share.

The application I'm writing makes files, then using the username, password,
domain in it's database connects out to machines on their admin share and
deploys them (lots of security to think about I know). I'm considering
writing some client software now for the machines it deploys to - C# just
doesn't seem to be up to the task.

Cheers,
Matt

 

[Scott Allen]

Hi Matt:

See inline...

Hi Scott,

Thanks for answering. Yes they are completely separate machines. I can
impersonate an interactive user if needs be, the application is secured and
I have free reign over the server it will run on if I need to do anything
hacky, but I was kinda hoping I wouldn't have to.

There are many options, and most of them are not hacky (mapped drives
are hacky). Impersonation is one option, delegation is another option
- but only if both machines are in a domain. Using mirrored accounts
will certainly work in your environment - did you try that? Do you
need to access the UNC with the client's credentials? Or can you
access the UNC for all incoming web clients with the same credentials?

Beats me why I need to physically impersonate a user, I imagine explorer
doesn't change the account it's running under to view a network share.

It depends on so many factors, for instance, are you running under
IIS5 or IIS6? On IIS5 the default ASPNET account used to execute code
doesn't have network access.

The application I'm writing makes files, then using the username, password,
domain in it's database connects out to machines on their admin share and
deploys them (lots of security to think about I know). I'm considering
writing some client software now for the machines it deploys to - C# just
doesn't seem to be up to the task.

This isn't a problem with C# in particular, you'll find the same
problem in any language or runtime. It works this way because of
Windows security features.

 

[Matt Dockerty]

Hi Scott,

I'll be using the logon details stored in the apps database. Having local
accounts with the same username and password might be the way to do it but
doesn't give the admins much flexibility in keeping their network secure.
Maybe I could temporarily create a local account with no permissions - mmm,
hacky

That's a bit clearer to me now. Thanks for all your help.

Cheers,
Matt

Hi Matt:

See inline...

and
<snip>