Solved

ASP.NET 2010 Impersonation question

Posted on 2013-01-03
12
348 Views
Last Modified: 2013-01-04
I have modified an existing ASP.NET application and for some reason I cannot publish the app. The IIS guy asked me to overwrite the project directory on the server with my updated files. Now, there seems to be a permissions thing because I cannot run the app on the server. I can however run from my local. The question I am being asked now is if I am using impersonation?

This is the email I actually received
"Currently the app is enabled for anonymous authentication, which means every connection is using the local NETWORK SERVICE account, an account that doesn’t have network privileges.

If it’s working, then there is something in the code making it work, probably impersonating a network account."


Anyway, I am very new to asp development so any help would be appreciated.
0
Comment
Question by:jknj72
  • 6
  • 4
  • 2
12 Comments
 
LVL 12

Expert Comment

by:Jared_S
ID: 38740124
IIS is assigning a user to your application - by default it's the NETWORK SERVICE account.

You can change it, but how you change it will depend on what you want to do.

You'll make your changes in the web.config file. There are several "right" answers here, so the best thing to do would probably be to read these and then decide which method fits your needs.

http://msdn.microsoft.com/en-us/library/eeyk640h(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/907hb5w9(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/9wff0kyh(v=vs.100).aspx
0
 

Author Comment

by:jknj72
ID: 38740179
Ok I will read the links you provided. FYI, I dont have anything in my web.config that would assign impersonation.
I wanted to let you know the next correspondence I just got:

Question
>>Is there a 'whatever' account/user group?  If it’s a user group, please send me the list of people assigned to it.  
'whatever' should have access to the shares specified below.  

Answer
>>'whatever' is an account and it already has those permissions to the objects.

Forward to me
>>
Can you please check if the application is using that account to get to the shares?   I still believe the application is doing impersonation.

Im not sure what to do from here but I will read on...
0
 

Author Comment

by:jknj72
ID: 38740237
I also wanted to include this. I logged in from my machine, with my username and password,  and I got this error when trying to access a file on the network. Keep in mind I can physically go onto the network and open the file? Which leads me to think that I may be I am impersonating?

See image attachedAccess Denied
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 12

Expert Comment

by:Jared_S
ID: 38740311
Did you log in to the site or debug the site from VS on your machine?
The first would cause this error, the second shouldn't. Anyone who logs into the site will be running the site on the server as the NETWORK SERVICE account unless you configure it otherwise.

So technically YOU aren't impersonating but the application is.

If you debug the site in VS on your local machine, it runs under your credentials.

A couple of quick solutions would be to
give the asp.net NETWORK USER limited rights as an active directory user
or you could use impersonation in your application (in web.config) and run the application as an active directory user who has the proper rights.
Either of those two things should get you up and running.
0
 

Author Comment

by:jknj72
ID: 38740368
I am logging into the app from my machine.

How do I do what you suggest?
0
 

Author Comment

by:jknj72
ID: 38740371
Oh and I dont think I want to use impersonation
0
 
LVL 9

Expert Comment

by:sognoct
ID: 38740392
you should add to that folder the rights for reading to NETWORK SERVICE user
0
 
LVL 12

Accepted Solution

by:
Jared_S earned 500 total points
ID: 38740586
I'd expect that you will want to use windows authentication with impersonation with delegation. (So any windows user on your network can access the site, and any resources that you designate).

These links go over set up in detail:

http://msdn.microsoft.com/en-us/library/ff647405.aspx  (explains logon types, and setup of web.config)

http://msdn.microsoft.com/en-us/library/ms998351.aspx (explains active directory setup)

They're both worth reading closely, and would be the recommended method.

If you want to just use the NETWORK SERVICES account, then your network admin should be able to get this working by adding the NT AUTHORITY/NETWORK SERVICES account to active directory as a user and then making it part of your user-group (I'm assuming that the access to that directory is granted by user group).
0
 

Author Comment

by:jknj72
ID: 38741137
They actually created a group and only users in that group should be allowed to view the app. If thats the case, how do you think this is set up?
0
 
LVL 12

Expert Comment

by:Jared_S
ID: 38741558
They might have done that with Authenticated Access is IIS or just by hosting from a server that not everyone can access.

You still need to get the app to run as a member of that group - right now it isn't. It runs as the default asp.net machine name.
0
 
LVL 9

Expert Comment

by:sognoct
ID: 38741837
one thing is not clear ... what kind of operation are you trying to do with the pdf file ? are you copying it from a folder to another folder ? or are you accessing to the pdf file for let user download it ?
0
 

Author Closing Comment

by:jknj72
ID: 38745014
Thank you
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
C#, asp.net MVC, sql server, LINQ 3 37
Problem to refer to value 8 62
Regex validation 2 28
Creating a route in asp.net webforms 2 32
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question