Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations dencom on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP.NET / IIS Security Question 1

Status
Not open for further replies.
tadd

tadd

Programmer
Oct 28, 2001
70
US

I'm working on a simple webpage (ASP.NET) with some simple security requirements. One of the things the webpage needs to do is copy a file from the user's workstation to a shared folder on the network. When I run in dev mode (where the website is running on a local instace of IIS on my workstation) the file copies just fine. However, when I exexute the SAME web page (same source code) from the instance of IIS on our company webserver, the file copy fails. The error message returned from the C# code = "Access to the path is denied."

I'm trying to figure out who or what is being denied access to the shared folder. Note the following:

- I am logging in as the same user when the webpage is run from a local instance of IIS as when it is run from the network instance of IIS.

- This user has rights the the folder as configured under the security properties for the folder. This seems to be confirmed by the fact that I am able to copy the file when running the local instance of IIS.

- Anonymous Access has been turned off on both instances of IIS.

- Integrated Windows Authentication has been *Checked* under Authenticated Access on both instances of IIS.


If the same user is trying to execute the file copy in both instances, and the copy is successful when running off the local instance of IIS but not the other, shouldn't this be an IIS configuration issue?

- Another thing to note is that my local instance if IIS is running on XP (IIS v5.1) and the other instance is on Windows Server 2003 (IIS v5.0)

Hope that was clear. Any help is appreciated.
 
Sort by date Sort by votes
I would expact it to fail as you don't have access to the clients machine when dealing with web applications. If you provide an example of how you are trying to do this, this can probably be proved.

If you want to get the contents of a file from a client and save it to the server, the easiest method is to use a file upload control.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
OK so there are obviously some broad web programming concepts I haven't learned yet. That's OK, I'm new to this.

However, I'm wondering why the file copy *works* when I run the app using my local instance of IIS? In both scenarios, I am trying to copy the same file from my local machine to a shared folder on a network. Why would my local instance of IIS have access to the shared network folder, and be able to copy the file there?

More about my code: Basically, I have placed a ASP.NET FileUpload control (System.Web.UI.WebControls.FileUpload) on a web page. Then I have some C# code that performs the copy like so:

FileUpload1.SaveAs("\\\\mydir\\mysub\\myfile.xls");

Thanks.

 
Upvote 0 Downvote
However, I'm wondering why the file copy *works* when I run the app using my local instance of IIS?
Click to expand...
When you are running something from your local machine, anything that accesses the file system, will access the servers file system. It just so happens that the client and the server is in fact also the same machine, so the file will exist.

When you put the application "live" the file anything that accesses the file system, will again, access the servers file system. However, the client is now a different machine and therefore the file probably wont exist.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote
Yes, but when the file copy fails, the error message I get seems to indicate that the problem is related to accessing the network folder - not the local file. Here is the error message that is returned by my C# code:

"Access to the path '\\mydir\mysub\myfile.xls' is denied."

(Where "\\mydir\mysub\" is the shared folder on the network.)

Another point I will reiterate here is that when I allow anonymous access on the network instance of IIS, I am able to copy the file with no errors from my local machine to the shared network folder. ??? I'm really scratching my head here.
 
Upvote 0 Downvote
Another thing to note is that my local instance if IIS is running on XP (IIS v5.1) and the other instance is on Windows Server 2003 (IIS v5.0)
Click to expand...
OK, I think I misunderstood your question a bit. The above quote could be something to do with the problem then as ASP.NET, by default, runs under the ASPNET user on XP and the NETWORK SERVICE user in 2003.

Also, there is an IIS forum here on Tek-Tips so you may want to see if they have any suggestions in case there is something in IIS that hasn't been set correctly.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote

Update: I discovered that our intranet webserver is running Windows 2000 and not Windows 2003 like I thought before. So...

I added some code to display the value of WindowsIdentity.GetCurrent().Name on my page. What is interesting is that the value was not ASPNET as I would have expected. Instead, it was my network user name that I used to log into the page. Shouldn't this value be ASPNET, and what would cause it not to be?

Thanks for any tips...
 
Upvote 0 Downvote
What is interesting is that the value was not ASPNET as I would have expected. Instead, it was my network user name that I used to log into the page. Shouldn't this value be ASPNET, and what would cause it not to be?
Click to expand...

That is the correct behaviour because of these two items:
- Anonymous Access has been turned off on both instances of IIS.

- Integrated Windows Authentication has been *Checked* under Authenticated Access on both instances of IIS.
Click to expand...
They are basically telling the application that the current user is the one that logs in.


____________________________________________________________

Need help finding an answer?

Try the Search Facility or read FAQ222-2244 on how to get better results.

 
Upvote 0 Downvote

Well...hmmm...I know what you are trying to say, but I have another website that has Anonymous Access turned off and Integrated Security turned on, and when I run it, the value stored in WindowsIdentity.GetCurrent().Name = [machine name\ASPNET]

When I read the values of the following, they all contain the network user name I used to log onto the site. (no matter which instance of IIS I am hitting)

User.Identity.Name
Thread.Identity.Name

This conforms to the point you made in your reponse. But like I said, I have one website where WindowsIdentity.GetCurrent().Name returns "ASPNET" and so I think it is slightly different from the other variables somehow.
 
Upvote 0 Downvote
I managed to get this to work by tweaking things slightly. However I still don't understand why it didn't work before. Here's how I got it to work:

- I turned Anonymous Access OFF on the "live" webserver
- I turned Integrated Windows Authentication ON.
- In my web.config file, I set impersonation to TRUE. Within that <identity> tag I specified a username and password. (and I "encrypted" this info using the aspnet_setreg.exe utility.)

The user I am impersonating has full access to the shared folder where I am trying to copy the file, and so the file copy works.


The part that had me confused (and still has me confused actually) has more to do with access to the shared folder as configured using windows security. When I first started working on this, I was logging into the web page as myself, and impersonation was on, so the value returned by WindowsIdentity.Current().User (in my C# code) was my login name. My user account has access to the share folder normally - I can browse to it. But somehow my user account loses access to the folder when executing through the ASP.NET page. That is the part that I can't figure out. Anyways, when I tried impersonating another account that has administrative priviledges on the live webserver, that allowed me to copy the file to the shared folder.

UGH.


 
Upvote 0 Downvote
I'm running into the same issue. Following is a link describing why it wasn't working,
The method suggested doesn't work for me though, as with <identity impersonate="true" userName="test" password="pass" /> would have all requests impersonate with this user.

All my pages need to impersonate the existing user, except for one page where it needs to access files on a different server. Can I configure the web.config's <identity> based on the url page. For example page X use <identity impersonate="true" and page Y user <identity impersonate="true" userName="test" password="pass" />
 
Upvote 0 Downvote
The link below has a section at the bottom on how to impersonate a user within a specific section of code. I have not tried it yet, but I think this is what you are looking for. Let me know if it helps:

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
820
Makumbi256
Makumbi256
snakehips2000
  • Locked
  • Question
Entity Framework, MVC, ASP.NET, ASP.NET Core etc… etc
Replies
0
Views
805
snakehips2000
snakehips2000
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
263
WIREMESH
WIREMESH
WIREMESH
  • Locked
  • Question
ASP.NET 2.0 Webform compilation error
Replies
1
Views
357
jbenson001
jbenson001
Carlvic
  • Locked
  • Question
Things need for ASP.Net
Replies
5
Views
409
Carlvic
Carlvic

Part and Inventory Search

Sponsor

Back
Top