Need suggestion for accessing remote machine in asp.net
Question
I want to access some places on a remote machine.The folder i want to access have full control to EVERYONE. The code given below is used to access network path.
System.IO.DirectoryInfo locationInfo = new System.IO.DirectoryInfo(BackupLocationTxt.Text);
if (locationInfo.Exists)
{
// do some operations
}
The application run fine if both the host computer and the remote computer to be accessed having os windows xp .The application also run fine if the application is running inside visual studio .
Then my problems is ,any one of the machine( server and remote machine)having an os newer then windows xp( like windows 7, server 2008) locationInfo.Exists always false.
But if the application is running inside in visual studio, then it work fine independent of os
I searched a lot in net. But didnt find an exact solution yet. Someone suggests impersonation. But i dont know exactly how to do it. Is impersonations is the solution for my problem ?? Or is there any better ideas??
Any help will be greatly appreciated
2 answers
solution1
9 2010-11-18 15:34:36
You have an interesting problem, Null. How have you configured your sites Directory Security? If's Anonymous access is enabled, the folder open to Everyone may not be allowing access depending on the OS of the server (see t his Microsoft KB Article for more information).
If the site is running as Anonymous, you could change the account that the site runs as in the IIS Manager, or you could enable Impersonation. When you are running the site in Visual Studio the site is running with your permissions, so Anonymous isn't a problem then.
You can use the following code to output the identity of the user that your site is running as to help figure out what is going on. You may be able to give the user your site run as access to the network location without any impersonation. Add a ASP:Label to you page and see who you are running as:
lblSomeLabel.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
Impersonation could open you up to additional security risks, so you should do some more reading before making that change - but, the user you use for impersonation doesn't need to be a domain admin. In your case, the user may just need to have full access privileges to the network location.
You can read more about how to enable impersonation on this Microsoft KB Article . Below is some of the code from that page that I'd recommend. Rather than have your whole site run in impersonation mode, the code below runs only the part that you are having a problem with.
public void Page_Load(Object s, EventArgs e)
{
if(impersonateValidUser("username", "domain", "password"))
{
//Insert your code that runs under the security context of a specific user here.
undoImpersonation();
}
else
{
//Your impersonation failed. Therefore, include a fail-safe mechanism here.
}
}
private bool impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
private void undoImpersonation()
{
impersonationContext.Undo();
}
Also, while serching for security articles I found this StackOverflow question that is worth a read.
solution2
2 2010-11-15 15:48:36
Try System.IO.Directory.Exists instead.
Bear in mind that if you do not have at a minimum read-only permission to the directory, the Exists method will return false
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.