pivar
asked on
Webapp showing files on fileshare with impersonation
Hi,
I have a webapp that shows files from a fileshare. The authenticated windows user has permissions to read from the share, but the ASP.NET process hasn't. So I have this code with impersonation which works on my development environment. But in production environment it doesn't. Looking in the security event viewer on the fileserver I can see that it is the ANONYMOUS LOGON account which logs on to the fileserver.
Can you spot where I go wrong or perhaps suggest an alternative solution. Mind you, I can't change permissions on the share.
Thanks,
peter
I have a webapp that shows files from a fileshare. The authenticated windows user has permissions to read from the share, but the ASP.NET process hasn't. So I have this code with impersonation which works on my development environment. But in production environment it doesn't. Looking in the security event viewer on the fileserver I can see that it is the ANONYMOUS LOGON account which logs on to the fileserver.
Can you spot where I go wrong or perhaps suggest an alternative solution. Mind you, I can't change permissions on the share.
Thanks,
peter
WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext ctx = null;
try {
// Start impersonating.
ctx = winId.Impersonate();
// Now impersonating.
// Access resources using the identity of the authenticated user.
FileStream fs = new FileStream(uri, FileMode.Open, FileAccess.Read, FileShare.Read);
Response.ContentType = "application/pdf";
byte[] buf = new byte[1024];
int i;
while ((i = fs .Read(buf, 0, buf.Length)) > 0) Response.OutputStream.Write(buf, 0, i);
Response.Flush();
Response.Close();
} catch (Exception ex) {
// Prevent exceptions from propagating.
} finally {
// Revert impersonation.
if (ctx != null) ctx.Undo();
}
// Back to running under the default ASP.NET process identity.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, the link put me on the right track. Delegation was already set, but there was some user/kerberos settings which I had to change.
ASKER
Thanks.