无法通过VPN以编程方式访问网络路径

Question

I'm trying to use a network path (create directory, write and read files) from a Web Service in ASP.NET.

Everything works fine from my office where the network path is in the same LAN of my laptop, but when I try to connect to the network path through a VPN, the creation of a directory fails with "Access to path is denied" error.

The strange thing is that from Windows Explorer I can perfectly access such path, given my VPN credentials, that I stored in Windows Credentials Wallet.

I also tried to set my IIS App Pool Identity to 'Network Service' but no luck.

Can you help me please?

Thank you very much

EDIT:

When I try to execute a statement like

Directory.CreateDirectory(@"\\my\network\path");

from a simple console application project in my Visual Studio 2010 it works perfectly and the directory is created.

The problem is when I hit such a statement inside the business logic of my web service that is running under local IIS (and which I'm connected to via "Attach Process..." debug tool in VS2010)

Answer 1

Sounds like when you are running locally, your local domain account is the context under which everything is being ran. When running the console app, it is still running under your user context since you initiated the application. When running in IIS, you are correct in that the app-pool account is being used, and the networkservice account has some pretty low privileges.

Instead of using a highly privileged account (such as yours), would impersonation solve your issue? Any work that needs to be done over the VPN can "wrapped" in a context the appropriate permissions. Here is another SO article on using impersonation, which I have implemented for related things:

How do you do Impersonation in .NET?

See Matt Johnson's answer where he creates a custom Impersonation class. Use that in a using block, then do your network stuff. It uses the advapi32.dll with p/invoke to do this kind of user account voodoo. He put together a NuGet package as well which may save you some time:

https://www.nuget.org/packages/SimpleImpersonation

Answer 2

I may not have all the details of what you're asking straight, but if you're running this service via Visual Studio and VPN, take a look at this great article , at CodeBetter.

runas /netonly /user:domain\username “C:\ProgramFiles\Path\to\your\visualstudio”

I don't have the computer I have this on in front of me, but I recall that I created a batch file and ran it to start VS and Sql Server Management Studio, and it works like a charm.

If I've misunderstood the issue, sorry for the noise.