Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ASP.net authentication issue?

Posted on 2009-02-14
16
Medium Priority
?
379 Views
Last Modified: 2012-08-13
Morning all. Let me start by saying i don't know much about ASP.net programming so forgive me if this comes across as a lamer... i'm just the guy who's getting hollered at because it does not work.

My company's programmers have setup an ASP website that connects to a remote windows 2003 server file share and lists the folders and files. The users can access the site and open the folders and files.

Occasionally the users will get an access denied message when trying to open the file (folders always work). They will click "ok" on the denied message and then if they try to open the file again it will work.
side note:

The web.config file is setup to impersonate and to use windows authentication. i have included part of the web.config file in the code section.

IIS on the server is configured for integrated windows authentication

looking in the security event log on the file server i can see an "NT Authority\anonymous logon" event id 540 success message at the time the user gets the access denied. right after that i will see a logon from the user using kerberos. I assume this is when they click on the file again.

I have ran a wireshark capture on the file server. From that it looks like when the user is navigation through the folders using the web app the conversation is from workstation to web app to file server. Then when the user clicks on the file to open the conversation changes to between the workstation and file server directly.

the path the user use to access the web app is http://cpapps/reports/reportsicon.aspx.
If the user access the file share directly from a unc path, everything opens file all the time. So i know it's not the NTFS permissions or the file server.

Basically i've spent a lot of time on this and have not really gotten anywhere. I think it's either a timeout (if the user leave the sire open for a while then tries to open a report they definatley get the access denied message) or an authentication configuration issue.

Thanks in advance.
<system.web>
    <identity impersonate="true"/>
    <authentication mode="Windows"/>
    <pages>
      <controls>
        <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      </controls>
    </pages>
    <httpRuntime  executionTimeout="1200"/>
    <sessionState timeout ="60"/>
    <!--
          Set compilation debug="true" to insert debugging
          symbols into the compiled page. Because this
          affects performance, set this value to true only
          during development.
    -->
    <compilation>
      <assemblies>
        <add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
        <add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
        <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <add assembly="CrystalDecisions.CrystalReports.Engine, Version=11.5.3700.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304" />
        <add assembly="CrystalDecisions.Shared, Version=11.5.3700.0, Culture=neutral, PublicKeyToken=692FBEA5521E1304" />
        <add assembly="System.Data.OracleClient, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
      </assemblies>
    </compilation>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    </httpModules>
  </system.web>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
      <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    </handlers>
  </system.webServer>

Open in new window

0
Comment
Question by:CadDeVille
  • 8
  • 8
16 Comments
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23641588
How are the files linked in the webapp?  When a user clicks on a link to open a file, does it try to open "http://cpapps/files/file.doc" for example, or does it try to open "\\cpapps\files\file.doc"

Is the app used internally only?  Is there some sort of check in/check out function when downloading a file or do they just download it?
0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23641632
it looks like it is using the UNC path. I can see a java script execute at the bottom of IE and then i get the file download prompt that says from \\servername\share\......

the app is internal only.

No check-in/out they just open it.

0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23641641
btw.... cpapps is an alias for the web server svr133. the files are opened from a different server svr113.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23641666
Ok, so the user can browse through the folders as intended, and then when they click the link to download the file, which is a UNC path, they get an access denied?

If they are clicking a link that is a UNC path to a completely different server, it wouldn't have anything to do with the web app, that sounds like a security issue on the other server.  When browsing to a UNC path in your browser, it uses the current user's security identity.

If you are on a domain, something you could try doing is mapping a path to the file directory in the login.bat file, and then modify the links.  So if the drive was mapped as S drive, you could change the links to file:///S:/files/file.doc

Mapping the drive should maintain security permissions to the server, which is why I think the user is getting an access denied the first time they try to download the file.
0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23641729
The access denied is not consistent and not always when they first try to open the file. Often they will access the web app go to a file, open and  it to review and discuss with others in the meeting and then they go to open the next file and get the access denied. that's why i think is a timeout issue of some sort.

If the user goes directly to the file server using the unc path, they never get a denied message. the files always open.
0
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23641770
The link is directly to the UNC path isn't it?

So if they click a link, it would open up \\svr113\files\whatever.doc?

Or is the web server trying to open the file on svr113 and serve it through svr133?
0
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23641777
Something you could try, is to create a virtual directory on the IIS machine, point it to the UNC path of the files, and set the user as a domain user that has access to those files.  This way you could go to http://cpapps/files/file.doc and download the file from there... in the back end IIS would connect over to the other server, get the file, and serve it through IIS.   But the links would need to be changed from UNC paths to virtual paths.
0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23641792
I think the web server is trying to open the file for the user.
 
here is a couple screen shots of it when it is working

 

workingreportsicon.doc
0
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23641813
When you hover over the 01 - Entire Sales Log link, does it show the UNC link down in the status bar?  Or does it show a postback function?  If it's a postback, you may need to look at the code behind for MenuFiles to see what it is doing.
0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23641862
it does a dopostback. I'm not sure where the code is for the menufiles. I will get with the programmer on monday and see what i can figure out.

I really do appreciate the input.
0
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23641885
If the asp.net project isn't pre-compiled, you should be able to view it on the server.

If it's in VB
\\cpapps\reports\reporticon.aspx.vb

or if it's in C#
\\cpapps\reports\reporticon.aspx.cs
0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23642163
i've attahced the reportsicon.aspx page.
reporticon.txt
0
 
LVL 15

Expert Comment

by:aibusinesssolutions
ID: 23642179
Is there a reportsicon.aspx.vb file?

Specifically this function: MenuFiles_MenuItemClick

0
 
LVL 1

Author Comment

by:CadDeVille
ID: 23642486
nope. i searched the drive for reportsicon.aspx.vb and came up with nothing. there are some dll files in the bin folder under this site. one of which was referenced in the aspx page. app_web_report.aspx.cdcab7d2.dll.

0
 
LVL 15

Accepted Solution

by:
aibusinesssolutions earned 2000 total points
ID: 23642497
Ok, the web app is pre-compiled into the dll file then, you'll have to ask your developers about it.
0
 
LVL 1

Author Closing Comment

by:CadDeVille
ID: 31546941
That you very much for your time!!! you've helped point me in a good direction to follow.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question