Bunty said:Joe,
I came across the message this message in the messageboard.
If I understood it correctly, Did you mean that we can not implement
impersonation in ASP.Net process either?
I am trying to impersonate a windows user in the Asp.Net application for
copying files from the Remote directory to another another remote
directory
on the same server. Impersonation seems to be working fine.
But it is raising the exception 'Could not find the file "...."'. I am
sure
that the file exists in that folder but still getting the same error.
Here is the complete error message:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Could not find file "\\remotecomputer\cs\Asset\x.txt".
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.
Exception Details: System.IO.FileNotFoundException: Could not find file
"\\remotecomputer\cs\Asset\x.txt".
Source Error:
An unhandled exception was generated during the execution of the current
web
request. Information regarding the origin and location of the exception
can
be identified using the exception stack trace below.
Stack Trace:
[FileNotFoundException: Could not find file
"\\remotecomputer\cs\Asset\x.txt".]
System.IO.__Error.WinIOError(Int32 errorCode, String str) +181
System.IO.File.InternalCopy(String sourceFileName, String destFileName,
Boolean overwrite) +314
System.IO.File.Copy(String sourceFileName, String destFileName) +7
SampleDailies.createclip.CreateFile() in C:\test\filecopy.aspx.vb:159
SampleDailies.createclip.Page_Load(Object sender, EventArgs e) in
C:\test\filecopy.aspx.vb:28
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
ASP.NET
Version:1.1.4322.2032
Thanks in advance,
Bunty
Joe Kaplan (MVP - ADSI) said:Do a search in this group or microsoft.public.dotnet.security with Google
for a thread that discussed using WMI to do this.
Essentially, you can't use impersonation and the standard .NET Process
class
to do this as it doesn't pick up the impersonated identity and will alway
use the process identity. Other people have tried calling
CreateProcessWithLogonW or the AsUser or WithTokenW via p/invoke and
haven't
had much luck either. The WMI approach seems to work very well.
You do need the users plaintext password for this though I'm pretty sure.
You definitely need a primary token one way or the other.
Best of luck,
Joe K.
Joe Kaplan (MVP - ADSI) said:No, the message below was in regards to a discussion about launching an
external process from within ASP.NET under a different security context than
the worker process account.
I think what you are trying to do is impersonation in order use the current
security context to do something to a file on a remote drive. I'm not a
super expert on this, but typically, these issues have to do with double hop
problems that are fixed by implementing Kerberos delegation.
The problem is usually that you impersonate the logged on user, but because
you used Windows Integrated Auth in IIS, the token created for that user is
an impersonation token and it cannot "hop" to a different machine. As a
result, the caller on the remote machine is actually the anonymous user, not
the user in question. You can verify that by turning on object access
auditing in the remote machine's local security policy and setting the SACL
on the file to allow audits.
Joe K.
Bunty said:Joe,
I came across the message this message in the messageboard.
If I understood it correctly, Did you mean that we can not implement
impersonation in ASP.Net process either?
I am trying to impersonate a windows user in the Asp.Net application for
copying files from the Remote directory to another another remote
directory
on the same server. Impersonation seems to be working fine.
But it is raising the exception 'Could not find the file "...."'. I am
sure
that the file exists in that folder but still getting the same error.
Here is the complete error message:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Could not find file "\\remotecomputer\cs\Asset\x.txt".
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.
Exception Details: System.IO.FileNotFoundException: Could not find file
"\\remotecomputer\cs\Asset\x.txt".
Source Error:
An unhandled exception was generated during the execution of the current
web
request. Information regarding the origin and location of the exception
can
be identified using the exception stack trace below.
Stack Trace:
[FileNotFoundException: Could not find file
"\\remotecomputer\cs\Asset\x.txt".]
System.IO.__Error.WinIOError(Int32 errorCode, String str) +181
System.IO.File.InternalCopy(String sourceFileName, String destFileName,
Boolean overwrite) +314
System.IO.File.Copy(String sourceFileName, String destFileName) +7
SampleDailies.createclip.CreateFile() in C:\test\filecopy.aspx.vb:159
SampleDailies.createclip.Page_Load(Object sender, EventArgs e) in
C:\test\filecopy.aspx.vb:28
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
ASP.NET
Version:1.1.4322.2032
Thanks in advance,
Bunty
Joe Kaplan (MVP - ADSI) said:Do a search in this group or microsoft.public.dotnet.security with Google
for a thread that discussed using WMI to do this.
Essentially, you can't use impersonation and the standard .NET Process
class
to do this as it doesn't pick up the impersonated identity and will alway
use the process identity. Other people have tried calling
CreateProcessWithLogonW or the AsUser or WithTokenW via p/invoke and
haven't
had much luck either. The WMI approach seems to work very well.
You do need the users plaintext password for this though I'm pretty sure.
You definitely need a primary token one way or the other.
Best of luck,
Joe K.
I want an asp.net buttonclick_onserver event to run a process as a
given domain user on the server. What is the easiest way to do this.
For some reason "LogonUser" fails with "Unknown user or password"
LocalMachine/Administrator also failed.
Bunty said:Joe,
Thanks for your reply,
I am impersonating using a domain user which has all the permissions on
the
share we are trying to access. Is it not impersonating at all?
Error too does not sound like a permission error?
Bhupendra
Joe Kaplan (MVP - ADSI) said:No, the message below was in regards to a discussion about launching an
external process from within ASP.NET under a different security context
than
the worker process account.
I think what you are trying to do is impersonation in order use the
current
security context to do something to a file on a remote drive. I'm not a
super expert on this, but typically, these issues have to do with double
hop
problems that are fixed by implementing Kerberos delegation.
The problem is usually that you impersonate the logged on user, but
because
you used Windows Integrated Auth in IIS, the token created for that user
is
an impersonation token and it cannot "hop" to a different machine. As a
result, the caller on the remote machine is actually the anonymous user,
not
the user in question. You can verify that by turning on object access
auditing in the remote machine's local security policy and setting the
SACL
on the file to allow audits.
Joe K.
Bunty said:Joe,
I came across the message this message in the messageboard.
If I understood it correctly, Did you mean that we can not implement
impersonation in ASP.Net process either?
I am trying to impersonate a windows user in the Asp.Net application
for
copying files from the Remote directory to another another remote
directory
on the same server. Impersonation seems to be working fine.
But it is raising the exception 'Could not find the file "...."'. I am
sure
that the file exists in that folder but still getting the same error.
Here is the complete error message:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Could not find file "\\remotecomputer\cs\Asset\x.txt".
Description: An unhandled exception occurred during the execution of
the
current web request. Please review the stack trace for more information
about
the error and where it originated in the code.
Exception Details: System.IO.FileNotFoundException: Could not find file
"\\remotecomputer\cs\Asset\x.txt".
Source Error:
An unhandled exception was generated during the execution of the
current
web
request. Information regarding the origin and location of the exception
can
be identified using the exception stack trace below.
Stack Trace:
[FileNotFoundException: Could not find file
"\\remotecomputer\cs\Asset\x.txt".]
System.IO.__Error.WinIOError(Int32 errorCode, String str) +181
System.IO.File.InternalCopy(String sourceFileName, String
destFileName,
Boolean overwrite) +314
System.IO.File.Copy(String sourceFileName, String destFileName) +7
SampleDailies.createclip.CreateFile() in C:\test\filecopy.aspx.vb:159
SampleDailies.createclip.Page_Load(Object sender, EventArgs e) in
C:\test\filecopy.aspx.vb:28
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.2032;
ASP.NET
Version:1.1.4322.2032
Thanks in advance,
Bunty
:
Do a search in this group or microsoft.public.dotnet.security with
for a thread that discussed using WMI to do this.
Essentially, you can't use impersonation and the standard .NET Process
class
to do this as it doesn't pick up the impersonated identity and will
alway
use the process identity. Other people have tried calling
CreateProcessWithLogonW or the AsUser or WithTokenW via p/invoke and
haven't
had much luck either. The WMI approach seems to work very well.
You do need the users plaintext password for this though I'm pretty
sure.
You definitely need a primary token one way or the other.
Best of luck,
Joe K.
I want an asp.net buttonclick_onserver event to run a process as a
given domain user on the server. What is the easiest way to do this.
For some reason "LogonUser" fails with "Unknown user or password"
LocalMachine/Administrator also failed.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.