Reading a file in my ASP.NET app

[David Thielen]

Hi;

I had assumed that what I am asking here was a common request - but I am not
finding anything on this.

In my ASP.NET app a user can enter an xml file that we then pull in as data.
Needless to say we don't want them able to get the
\\hr\payroll\executive_salaries.xml - unless it is the authorized person in
HR.

So we require a username & password with which to access a file. For http(s)
and ftp this is fine as you can pass an ICredentials to the XmlDocument
resolver.

But the files that are on a share - how should we be doing this? I don't
want to use the rights of the user running the app as it will allow too much
for some users and not enough for others.

Or am I totally missing something here?

???

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm

 

[Steven Cheng[MSFT]]

Hello Dave,

I've also found you post this question in some other threads and Walter and
Peter has worked with you there. For your scenario, do you mean there is
some protected file in your internal fileshare, and in your ASP.NET web
application, you'll render out these files to client user based on their
authentication identity, correct?

If this is the case, why don't you use forms authentication to authenticate
the user and use custom role to identify whether the authenticated user has
sufficient permission to access the files on the remote share. And for your
ASP.NET web application, you can always using a fixed account to access the
file share to read the files and flush the content to client. Do you think
this is workable in your scenario?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Steven Cheng[MSFT]]

Thanks for your reply Dave,

If the users are in the same domain with the webserver and file server, we
can programmatically impersonate our application to run under that account
and access the file share. However, if they're not in the same domain or
trusted domain, impersonate won't work and we will unable to act as the
client user(with username password) and access the remote share. For the
limited scenario, you may consider use a trusted account to retrieve the
resource(and need to check whether the account has permission in your own
code logic)

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Steven Cheng[MSFT]]

Hi Dave,

Yes, use net use is one means to link a remote share with user credentials
valid on remote machine. However, it is not quite good to be used
programmaticaly in concurrent environment(multi-threading application) as
you said.

Are your web application's client users/machines in the same intranet
environment or do they have direct network access to the remote directory.
If so, I recommend that your web application directly redirect them to the
remote share so that their security authentication won't need to be
transferreed through the webserver. Elsewise, you will still limit to the
custom file access authroization approach(with a fixed account to access
the remote share).

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.