We have to manipulate the iis in our application,and we meet the Access denied error.
Then we add this to the web.config:
<identity userName="username" password="pass" impersonate="true"/>
It works,we can manipulate the iis(create virtual application and etc..).
However we have to access the shared folders in the application too,after add the above line,we can only access the shared folders on the machine which server our application.
If I remove the line from the web.config,we can access the shared folders from other servers.
So it seems that we can not manipulate the iis and access the shared folders at the same time.
How to fix it?
Give access to shared folders to the user that you have specified in the identity line in web.config because your web application is using those credentials to access the shared folders and it will only be possible if user specified there has access.
Or you can switch to windows authentication see How To: Use Windows Authentication in ASP.NET 2.0
There is another alternative to achieve the same.
Go to iis and set your application pool identity to user which has permissions to folder.
hope it will resolve your issue.
Related
I developed a webpage on IIS that controls PC volume (using the library - CSCore.CoreAudioAPI ).
I need that the user will be logged in as the current user in the machine.
I tried to configure the web.config file to allow Impersonated Authentication, but still having troubles.
<system.web>
<identity impersonate="true"
userName="Domain\username"
password="XXXX" />
</system.web>
Thank you for your help.
You need to also enable Windows Authentication in order for this to work. Otherwise there's no mechanism to capture the user name.
However, I think the better approach is to create a custom application pool for your application and explicitly set the impersonation (Advanced Settings) to the user you want to set it to. Since the application pool hosts your application (ie. it's the launching EXE) your application then runs under that account and assuming it has full rights on the machine it should be able to access the hardware to control the volume.
ASP.NET Impersonation is a legacy feature that was meant to be used with IIS 6 and older when IIS didn't have proper application isolation. With later versions Application Pools took over the hosting of applications and the user account impersonation with it.
I have a an ASP.NET MVC application that will need to access file resources on another machine, so I have shared the relevant directory and given a fresh domain user access to it. My question is: How do I get my ASP.NET MVC app to take on this new user's identity? Do I have to set this up separately when debugging and when deployed?
Thanks!
<identity impersonate="true"
userName="domain\user"
password="password" />
in your web.config should work. The other option (not recommended) is running your application pool as a user with the proper credentials.
MVC Still uses ASP.NET authentication so you should just need to use:
<identity impersonate="true"/>
In the web.config.
Are you running your MVC application within IIS? If so, set this user as the application pool identity. If not, you can use impersonation from within the web.config
http://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx
I'm building an intranet web site (asp.net 3.5) which has windows authentication. Two questions:
When the code behind makes a trusted connection to the SQL server, will it connect with app pool credentials or current page user credentials?
Right now, with a blank page, when the internal user (logged in to the domain) tries to hit the page they get challenged with windows login screen, and their credentials don't work.
Is there anything else I need to setup in web.config or IIS for the windows authentication to work, other than adding <authentication mode="Windows"/>?
You can configure the Windows identity of your ASP.NET application as the Windows identity supplied by IIS by enabling impersonation. That is, you instruct your ASP.NET application to impersonate the identity supplied by IIS for all tasks that the Windows operating system authenticates, including file and network access.
To enable impersonation for your Web application, in the application's Web.config file set the impersonate attribute of the identity element to true, as shown in the following code example.
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
Source
You don't want to use imporsonate as suggested by kd7. Because then you will need to give your users rights on the database. Might be okay for SELECT operations, but I don't think your DBAs will go along if you also need to UDATE/DELETE operations. already addressed by kd7.
When you enable "Windows" authentication, you need to not only configure your application to use it, you also need to configure IIS as well.
You also need to make sure that your AppPool user has proper permissions on the File System for your site.
Depending on IIS version, the procedure for enabling windows authentication is different. You can google it.
I have an ASP MVC application installed on IIS 7.5.
I have specified the app pool identity to be a domain service account.
The application has anonymous authentication disabled and windows authentication enabled.
The domain service account has full access to a set of files on the server that I want to access from ASP.
When I try and access the files from the ASP application I get an error, "access to the path ... is denied.".
I can only get this to go away by giving the windows user account access to the files. What I want to do is just give the service account access to the files.
Impersonation is disabled in the web.config via <identity impersonate="false" />
How can this be achieved?
Have you tried disabling ASP.NET Impersonation?
If you are trying to access files locally on the server, try to use the LocalSystem account for your app-pool identity.
I am new to ASP.NET development and moreover I am only extending an existing application which i did not create.
I have a working ASP.NET application which uses "Forms authentication" throughout all its pages. I have added a new webservice in a subfolder "webservices\Dummy.asmx". This webservice works fine but because it should be called by an external application which can't authenticate through a form, i need to enable "Integrated Windows Authentication (Basic Authentication or Digest Authentication)" ONLY for the subfolder "webservices".
I tried to configure it in IIS but it did not work.
So that i can set a different authentication method i have to create the folder "webservices" as an "Application". But if i do so then my function stops working with the error "Could not create type 'Dummy'."
Is it possible to have one web application and to authentication methods ?
If yes how is it configured in IIS ?
Or what would be the better way if i need ONLY one page (webservice) to use a different authentication then the rest of my application.
Thank you in advance for any information.
Bye
PS: I use Windows 2008 Server and the app runs on .NET Framwork 2.0
I tried to configure it in IIS but it
did not work. So that i can set a
different authentication method i have
to create the folder "webservices" as
an "Application". But if i do so then
my function stops working with the
error "Could not create type 'Dummy'."
This is the correct way. Can you explain the problem you are having here ? What is dummy ?
Mixing Forms and Windows Security in
ASP.NET
http://msdn.microsoft.com/en-us/library/ms972958.aspx
Web services that live in a larger application often do not need to be protected. If that's acceptable in your scenario, you can use a standard web.config construct to allow anonymous access to the service while still protecting the rest of the application.
Add a location node to the main configuration node that defines the rules for just the web service:
<location path="webservices\Dummy.asmx">
<system.web>
<authorization>
<!-- this overrides the parent app protection rules -->
<allow users="*" />
</authorization>
</system.web>
</location>