We help IT Professionals succeed at work.

ASP.NET 2010 Impersonation question

jknj72
jknj72 asked
on
12 Comments
1 Solution
373 Views
Last Modified: 2013-01-04
I have modified an existing ASP.NET application and for some reason I cannot publish the app. The IIS guy asked me to overwrite the project directory on the server with my updated files. Now, there seems to be a permissions thing because I cannot run the app on the server. I can however run from my local. The question I am being asked now is if I am using impersonation?

This is the email I actually received
"Currently the app is enabled for anonymous authentication, which means every connection is using the local NETWORK SERVICE account, an account that doesn’t have network privileges.

If it’s working, then there is something in the code making it work, probably impersonating a network account."


Anyway, I am very new to asp development so any help would be appreciated.
Comment
Watch Question

View Solution Only

Jared_S
Top Expert 2012

Commented:
IIS is assigning a user to your application - by default it's the NETWORK SERVICE account.

You can change it, but how you change it will depend on what you want to do.

You'll make your changes in the web.config file. There are several "right" answers here, so the best thing to do would probably be to read these and then decide which method fits your needs.

http://msdn.microsoft.com/en-us/library/eeyk640h(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/907hb5w9(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/9wff0kyh(v=vs.100).aspx
jknj72

Author

Commented:
Ok I will read the links you provided. FYI, I dont have anything in my web.config that would assign impersonation.
I wanted to let you know the next correspondence I just got:

Question
>>Is there a 'whatever' account/user group?  If it’s a user group, please send me the list of people assigned to it.  
'whatever' should have access to the shares specified below.  

Answer
>>'whatever' is an account and it already has those permissions to the objects.

Forward to me
>>
Can you please check if the application is using that account to get to the shares?   I still believe the application is doing impersonation.

Im not sure what to do from here but I will read on...
jknj72

Author

Commented:
I also wanted to include this. I logged in from my machine, with my username and password,  and I got this error when trying to access a file on the network. Keep in mind I can physically go onto the network and open the file? Which leads me to think that I may be I am impersonating?

See image attachedAccess Denied
Jared_S
Top Expert 2012

Commented:
Did you log in to the site or debug the site from VS on your machine?
The first would cause this error, the second shouldn't. Anyone who logs into the site will be running the site on the server as the NETWORK SERVICE account unless you configure it otherwise.

So technically YOU aren't impersonating but the application is.

If you debug the site in VS on your local machine, it runs under your credentials.

A couple of quick solutions would be to
give the asp.net NETWORK USER limited rights as an active directory user
or you could use impersonation in your application (in web.config) and run the application as an active directory user who has the proper rights.
Either of those two things should get you up and running.
jknj72

Author

Commented:
I am logging into the app from my machine.

How do I do what you suggest?
jknj72

Author

Commented:
Oh and I dont think I want to use impersonation
sognoct
CERTIFIED EXPERT

Commented:
you should add to that folder the rights for reading to NETWORK SERVICE user
Top Expert 2012
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
jknj72

Author

Commented:
They actually created a group and only users in that group should be allowed to view the app. If thats the case, how do you think this is set up?
Jared_S
Top Expert 2012

Commented:
They might have done that with Authenticated Access is IIS or just by hosting from a server that not everyone can access.

You still need to get the app to run as a member of that group - right now it isn't. It runs as the default asp.net machine name.
sognoct
CERTIFIED EXPERT

Commented:
one thing is not clear ... what kind of operation are you trying to do with the pdf file ? are you copying it from a folder to another folder ? or are you accessing to the pdf file for let user download it ?
jknj72

Author

Commented:
Thank you

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.

View Solution