Impersonate

[zino]

on Windows Xp and in ASP net 2.0 application,
I followed the example under the following link:
http://msdn2.microsoft.com/en-us/li...cipal.windowsidentity.impersonate(VS.71).aspx

to save an Excel file, but I keep getting Access denied error.
(I have administartor privilege and I impersonate a domain account
(otherUser) that have administrator permissions too where the Excel file is
being saved)

note: without impersonation the code works fine under my account.

the web config file is set to :
<authentication mode="Windows"/>
<identity impersonate="true">

and "Integrated Windows Authentication" is the only thing checked in IIS

the web page :
sub Page_Load()
dim xl As myExcel = New myExcel()
xl.SaveExcel("c\test.xls")
end sub

class myExcel
function SaveExcel(filePath As String) As Boolean
dim xl As Excel.Application
dim wb As Excel.Workbook
.... .. . . ' code omitted

dim myImpersonate As New cls_impersonate
if myImpersonate.StartImpersonation(otherUser, otherPwd) Then
wb.SaveAs(filePath, FileFormat:=Excel.XlFileFormat.xlExcel7) '
generate Access is denied error
else
' ... .. .. .
end if
myImpersonate.UndoImpersonation()
end function

end class


class cls_impersonate
Private _impersonatedUser As WindowsImpersonationContext
Private _tokenHandle As New IntPtr(0)

function StartImpersonation(otherUser as string, otherPwd as string) as
boolean
'.. same as in the MSDN example and impersonation succeed without any error.
' but the following:
' WindowsIdentity.GetCurrent().Name --> return --> domain\otherUser
' while
' httpcontext.Current.User.Identity.Name --> return --> domain\myName
' which I don't understand
end function

sub UndoImpersonation
Me._impersonatedUser.Undo()
If Not System.IntPtr.op_Equality(Me._tokenHandle, IntPtr.Zero) Then
CloseHandle(Me._tokenHandle)
end sub
end class


thanks for help

 

[Steven Cheng[MSFT]]

Hi Zino,

From your description, you're encountering Access Denied error when try
saving a Excel document in ASP.NET webapplication, correcct?

Regarding on the problem you mentioned, I think the account is the first
thing we should check, I suggest try the following things first:

** use filemon tool to verify the Access Denied error and the problem
account

** run the same code with the same account (as in your asp.net application)
in a winform or console application to see whether it works.

** Also, instead of excel file, you can try a normal txt file to see
whether the problem is specfic to the office automation code.

BTW, I saw that you've enabled "impersonate" in web.config file as below:

<authentication mode="Windows"/>
<identity impersonate="true">


then, why did you also use code to programmatically do the impersonation?
You should either impersonate through the web.config setting or use code.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[zino]

Hi Steven,

I solved it by placing the "if myImpersonate.StartImpersonation" statement
at the begining of the function, instead of waiting until the
"workbook.SaveAs"
as:
function SaveExcel(filePath As String) As Boolean
if myImpersonate.StartImpersonation then
dim xl As Excel.Application
dim wb As Excel.Workbook
.... .. .. .
workbook.saveAs(.. . ..


The application need to capture the logged user NT domain account to
compare it against a one saved in a back end SQL database.
The user must have an NT domain account + must be registered within the
application in order to use it.
There is a common function (accessible to any user) that extract a value
from a sql table, and stream it as Excel file to the user.
I don't know how to stream the Excel file without saving it first on the
hard drive, therfore I created an account that have write permissions to save
the Excel file.
instead of assigning this WRITE permissions to every user.
and that's why you see Windows Authentication and impersonate=true are
enabled. In fact the authentication type is kind of Form Authentication.

How can I stream excel without saving it first on the hard drive ?

 

[Steven Cheng[MSFT]]

Thanks for your reply Zino,

As you mentioned:

===================
There is a common function (accessible to any user) that extract a value
from a sql table, and stream it as Excel file to the user.
===================

so the excel files are stored as binary content in the database? If so, is
it doable here that you directory transfer the binary content to the target
user. Also, what's y our current code that stream out the excel file? For
ASP.NET page, I know that you can directly write out binary content into
page's response stream instead of through a physical file on disk. For
example:

==========
Response.Clear();
Response.ContentType = "application/pdf";
Response.BinaryWrite( byte array here...)
Response.End()
==========

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: =?Utf-8?B?emlubw==?= <[email protected]>
References: <[email protected]>

 

[zino]

the value to be displayed in the Excel file is saved in the sql table as
varchar(4000).
What I need is something like :

sub Page_Load
dim xl As Excel.Application =New Excel.Application
dim wbs As Excel.Workbooks=xl.Workbooks
dim wb As Excel.Workbook
wb = wbs.Add()

response.Clear()
response.ContentType = "application/vnd.ms-excel"
response.BinaryWrite((New UnicodeEncoding).GetBytes(wb )) ' it is incorrect
this way, but that's how and what I need... .. (be able to pass the workbook
directly)

response.End()

 

[Steven Cheng[MSFT]]

Hi Zino,

I've performed some further research, I'm afraid so far the Office
Automation interface only provide file based save approach which restrict
the code in your application have to save the excel object to file
first(Unless you directly save excel object in database).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

 

[zino]

Thank you for your feedback.