problem writing a file

D

Dominick Baier

hi,

i don't know if you are running on w2k3 or w2k and if you intend to impersonate or not...

here are the 2 scenarios

1. no impersonation

Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server (w2k3). The local ASPNET account has no network credentials on another machine -> use a domain account instead. The Network Service account has the credentials of the machine (MachineName$) when in Active Directory or none if stand-alone. Also here - use a domain account or a account that matches on both machines

2. impersonation

if you are impersonating you are doing a second hop with the client credentials. your machine/service account has to be trusted for delegation to achieve this.



---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#[email protected]>

Hi,
I'm really stuck with this one - wondering if you can spot the problem?
I think that it's a webserver problem that goes deeper than web.config.
I've not been able to write to a file on a network share via ASP.NET. The
network share is not the same as the webserver.

relevant section of web.config:
<appSettings>
<!-- the location we cannot write to. My staging server
doesn't have write permissions here, but I do if authenticating as
myself -->
<add key="ProjectCollection"
value=\\my_server\userhome\MyAccount\websiteTests\test.txt />
</appSettings>
<!-- Neither of these work!
I have write perms here for my user accunt and believe that
my staging server has write perms here too
add key="ProjectCollection"
value=\\my_server\commondocuments\websiteTests\test.txt />
-->
</appSettings>
<system.web>
<!-- I have also tried "None" here -->
<authentication mode="Windows" />

<!-- I have tried leaving this out -->
<identity impersonate="true" />

<authorization>
<allow users="mydomain\myusername" />
<deny users="*" />
<!-- I have tried allow users="*" but I think that then my server
tries to authenticate as ASPNET. This certainly should not access my home
folder, but should??? access the common share. I believe that my
administrator has set up access privs for my server on the common share. It
doesn't access it however! -->
</authorization>
</system.web>
Relevant code:
Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSearch.Click
'identity we are running as - 2 ways of getting the same
information
' returns my username if I am impersonating and
authenticating in web.config
'however, still cannot write to either folder no
matter what I am impersonating or not
Trace.Write(Page.User.Identity.Name)

Trace.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
'filename we are trying to write to
Dim strFileName As String =
ConfigurationSettings.AppSettings("ProjectCollection")
Trace.Write(strFileName)
'fails here. This creates a file in location specified by
Config setting above
Dim fs As FileStream = New FileStream(strFileName,
FileMode.Append)
Dim w As New StreamWriter(fs)
w.WriteLine("Test")
w.Close()
fs.Close()
End Sub
Any Ideas?
Many thanks
Sorry for long post
Iain



[microsoft.public.dotnet.framework.aspnet.security]
 
I

Iain A. Mcleod

Thanks for your prompt reply Dominick

I'm not sure which is the case as I am not the server administrator - they
are away :-(
But I'm a bit confused as to the machine account needing to be trusted for
delegation?
Is this an option in IIS admin?

Regards
Iain

Dominick Baier said:
hi,

i don't know if you are running on w2k3 or w2k and if you intend to impersonate or not...

here are the 2 scenarios

1. no impersonation

Your asp.net app runs under the ASPNET (wk2/xp) account or Network Server
Click to expand...
(w2k3). The local ASPNET account has no network credentials on another
machine -> use a domain account instead. The Network Service account has the
credentials of the machine (MachineName$) when in Active Directory or none
if stand-alone. Also here - use a domain account or a account that matches
on both machines
2. impersonation

if you are impersonating you are doing a second hop with the client
Click to expand...
credentials. your machine/service account has to be trusted for delegation
to achieve this.
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/ said:
Hi,
I'm really stuck with this one - wondering if you can spot the problem?
I think that it's a webserver problem that goes deeper than web.config.
I've not been able to write to a file on a network share via ASP.NET. The
network share is not the same as the webserver.

relevant section of web.config:
<appSettings>
<!-- the location we cannot write to. My staging server
doesn't have write permissions here, but I do if authenticating as
myself -->
<add key="ProjectCollection"
value=\\my_server\userhome\MyAccount\websiteTests\test.txt />
</appSettings>
<!-- Neither of these work!
I have write perms here for my user accunt and believe that
my staging server has write perms here too
add key="ProjectCollection"
value=\\my_server\commondocuments\websiteTests\test.txt />
-->
</appSettings>
<system.web>
<!-- I have also tried "None" here -->
<authentication mode="Windows" />

<!-- I have tried leaving this out -->
<identity impersonate="true" />

<authorization>
<allow users="mydomain\myusername" />
<deny users="*" />
<!-- I have tried allow users="*" but I think that then my server
tries to authenticate as ASPNET. This certainly should not access my home
folder, but should??? access the common share. I believe that my
administrator has set up access privs for my server on the common share. It
doesn't access it however! -->
</authorization>
</system.web>
Relevant code:
Private Sub btnSearch_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnSearch.Click
'identity we are running as - 2 ways of getting the same
information
' returns my username if I am impersonating and
authenticating in web.config
'however, still cannot write to either folder no
matter what I am impersonating or not
Trace.Write(Page.User.Identity.Name)

Trace.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
'filename we are trying to write to
Dim strFileName As String =
ConfigurationSettings.AppSettings("ProjectCollection")
Trace.Write(strFileName)
'fails here. This creates a file in location specified by
Config setting above
Dim fs As FileStream = New FileStream(strFileName,
FileMode.Append)
Dim w As New StreamWriter(fs)
w.WriteLine("Test")
w.Close()
fs.Close()
End Sub
Any Ideas?
Many thanks
Sorry for long post
Iain



[microsoft.public.dotnet.framework.aspnet.security]
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

problem writing a file 0
Writing to a network share 3
Writing a text file to the file system 2
Need help writing a file to the server. 1
Writing to a remote file 6
Problem Writing a File from a Web Service 4
Need help with writing a file to a Network path (UPN) 1
Writing a text file to the file system 0

Members online

Total: 77 (members: 2, guests: 75)
Robots: 131

Forum statistics

Threads
473,996
Messages
2,570,238
Members
46,826
Latest member
robinsontor

Latest Threads

Top