-
Feb 11th, 2010, 02:35 AM
#1
Thread Starter
Fanatic Member
[RESOLVED] Disk or Network Error with CORRECT connection string
So, entire situation.
[ASP.NET] code (Shown below) running on an [IIS server]
[Microsoft Access Database] sitting out on the company network folder
I've gotten 1 of 2 seperate errors.
1. Disk or Network Error
2. The Microsoft Jet database engine cannot open the file '\\---\---\---\---\test.mdb'.
It is already opened exclusively by another user, or you need permission to view its data.
For the first error, I made sure that IUSR, IWAM, and ASPNET have full access to the TMP and TEMP System Variable folders.
It depends on how I specify the path.
However, if I just type in gibberish in the path name, it gives the correct "invalid path" error below.
'\\abcdefg\adsf\ehdsf\test.mdb' is not a valid path.
Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.
So this leads me to belive that
A) the path I am specifing is working
B) the connection string is written correctly
C) no one is accessing the file, I created it myself just to test this and no one would randomly go to this folder location and open it.
What am I missing? Are there settings in IIS that I need to adjust on the ASP.NET IIS server machine?
VB.NET Code:
<%@Page Language="vb" Explicit="True" Debug="True"%>
<%@Import Namespace="System.Data"%>
<%@Import Namespace="System.Data.OleDb"%>
<script Runat="Server">
Sub Page_Load(sender As Object, E as EventArgs)
If Page.IsPostBack Then
InsertRecord()
End If
End Sub
Sub InsertRecord()
Dim conClasf As OleDbConnection
Dim cmdClasf As New OleDbCommand
Dim strClasf As String
Dim strSQL as String
lblSubmitMsg.Text=""
strClasf = "Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source='\\---\---\---\---\test.mdb';"
conClasf = New OleDbConnection(strClasf)
conClasf.open
strSQL = "INSERT INTO testtable (" & _
"MyUser, " & _
"MyPass, " & _
"LogDate " & _
") " & _
"Values ('" & txtUsername.Value & _
"', '" & txtPassword.Value & _
"', #" & Now() & "#);"
cmdClasf = New OleDbCommand(strSQL, conClasf)
Try
cmdClasf.ExecuteNonQuery()
lblSubmitMsg.Text="Successfully Saved Username and Password"
Catch Ex As Exception
lblSubmitMsg.Text=Ex.Message
End Try
conClasf.Close
End Sub
</script>
<html>
<head>
<Title>Insert a record into the test table</Title>
</head>
<body>
<h1>Insert a record into the test table</h1>
<form method="POST" runat="server">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td>Username</td>
<td><input type="Text" id="txtUsername" size="20" Runat="server"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="Text" id="txtpassword" size="20" Runat="server"/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Button Text" id="btnSub" size="20" Runat="server"/></td>
</tr>
</table>
</form>
<p><asp:label id="lblSubmitMsg" runat="server" /></p>
</body>
</html>
Last edited by rack; Feb 17th, 2010 at 07:51 PM.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 02:49 AM
#2
Re: Disk or Network Error with CORRECT connection string
Hey,
As a sanity check, can you move the file onto the web server, so that it has a local file path, i.e. C:\temp?
I suspect this has something to do with the fact that you are accessing the database over a UNC path.
Gary
-
Feb 11th, 2010, 02:56 AM
#3
Re: Disk or Network Error with CORRECT connection string
I doubt you are telling in code that
Code:
Data Source='\\---\---\---\---\test.mdb';
to look behind the 4 folder. Do you have that folders ?
Please mark you thread resolved using the Thread Tools as shown
-
Feb 11th, 2010, 02:57 AM
#4
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
It works fine locally. I actually started out with it in the same folder, and moved it to the network location and changed the connection string to the above.
How would I specify the path so that there are no issues with the connection guessing what I mean?
if path was
\\florida\employees\1 on 1\backend\test.mdb
and if \\florida\employees\ really is just a folder on \\Jersey as \\Jersey\Employees_Florida\
When I specify \\Florida\Employees\1 on 1\backend\test.mdb I get the Disk or Network error
When I specify \\Jersey\Employees_Florida\1 on 1\backend\test.mdb I get the 2nd error.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 02:59 AM
#5
Re: Disk or Network Error with CORRECT connection string
Cover the path with [\\florida\employees\1 on 1\backend\test.mdb] and try
Please mark you thread resolved using the Thread Tools as shown
-
Feb 11th, 2010, 03:03 AM
#6
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Originally Posted by danasegarane
Cover the path with [\\florida\employees\1 on 1\backend\test.mdb] and try
If I surround the path with [ and ] I get an error that says
'C:\WINDOWS\system32\[\florida\employees\1 on 1\BackEnd\test.mdb]' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.
it removes the 2nd slash infront of florida, and it adds C:\Windows\system32\ for some reason?
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:03 AM
#7
Re: Disk or Network Error with CORRECT connection string
Hey,
Have you made sure that the identity of the application pool that is running your site, i.e. under IIS, has access to that share?
Gary
-
Feb 11th, 2010, 03:05 AM
#8
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Originally Posted by gep13
Hey,
Have you made sure that the identity of the application pool that is running your site, i.e. under IIS, has access to that share?
Gary
Not sure exactly what you mean.
The user that is logged into the IIS server, lets say the Username is IISTEST1, was added to the network folder location with read, write, modify permissions.
The wording [identity of the application pool] I don't understand.
I can browse to the file location, create files, delete files, etc.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:07 AM
#9
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
I just tried mapping a path to the network folder and then using that drive name.
Didn't work, I got
'Z:\test.mdb' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:10 AM
#10
Re: Disk or Network Error with CORRECT connection string
Hey,
When IIS hosts a web application, it doesn't use the currently logged in user or anything like that, it uses an identity (a user on the machine) to do this.
This is configurable within the Internet Information Services Manager.
Have a look here for more information:
http://www.microsoft.com/technet/pro....mspx?mfr=true
Gary
-
Feb 11th, 2010, 03:16 AM
#11
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
And this Identity is different from the ComputerName\IUSR_ComputerName, ComputerName\IWAM_ComputerName, and ComputerName\ASPNET ?
(Reading the link you posted now)
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:18 AM
#12
Re: Disk or Network Error with CORRECT connection string
Depending on how your IIS is configured, yes, it can be.
Gary
-
Feb 11th, 2010, 03:19 AM
#13
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Originally Posted by gep13
Hey,
When IIS hosts a web application, it doesn't use the currently logged in user or anything like that, it uses an identity (a user on the machine) to do this.
This is configurable within the Internet Information Services Manager.
Have a look here for more information:
http://www.microsoft.com/technet/pro....mspx?mfr=true
Gary
There is no Application Pool under the Local Computer in IIS5.0 and 5.1 that I see here.
This link says Application Pool does not exist on 5.1
http://msdn.microsoft.com/en-us/library/ms525832.aspx
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:20 AM
#14
Re: Disk or Network Error with CORRECT connection string
Hey,
Ah, ok, you are using IIS on Windows XP, I thought you meant that you were running IIS 6, i.e. on Windows Server.
Gary
-
Feb 11th, 2010, 03:22 AM
#15
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Originally Posted by gep13
Hey,
Ah, ok, you are using IIS on Windows XP, I thought you meant that you were running IIS 6, i.e. on Windows Server.
Gary
I wish, I'm not in the IT deparmtent, so I only get throw back servers ;p
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:25 AM
#16
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Someone said to try putting this in the web.config file?
<identity impersonate="true" username="user" password="password" />
on a link I found.
However, I did not want to do this, without knowing the security ramifications.
What possible security holes does this open up? (On an internal Intranet)
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:41 AM
#17
Re: Disk or Network Error with CORRECT connection string
Hey,
Basically, this just allows the ASP.Net Worker Process to assume the identity that you provide in the configuration file. i.e. if you give it your credentials, it will be your identity that makes the request for the database. I would give this a try, it is a good test. If it works, then you know exactly what the problem is.
Gary
-
Feb 11th, 2010, 03:04 PM
#18
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Alright,
Doing the Impersonate using the following line works.
Code:
<identity impersonate="true" userName="user" password="password" />
However Apparently username is case sensitive to userName.
So what does this mean, do I have to use this impersonate method? If so, can I do this in code so the login from the user is passed instead of the login on the IIS machine?
Info for future people who might read this post:- userName is case sensitive
- web.config is a simple ascii text file with file extention .config
- Place this file in the same folder as the ASPX page, or higher up in the chain. Be carefull in placing this file too high or it will allow impersonation for ALL access to the web server.
- If the account is an Active Directory type Domain account, you will need to include the domain name in the username (Example: example\blah) Where Example is the domain name, and blah is the username
The contents of the config file should look as such:
Code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<identity impersonate="true" userName="user" password="pass" />
</system.web>
</configuration>
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 11th, 2010, 03:23 PM
#19
Re: Disk or Network Error with CORRECT connection string
Hey,
No, you don't have to impersonate a user. You have to give the identity running your ASP.Net application the correct priveleges to access the file.
You have just proved that running the site as you, who obviously have more permissions that the default account, that it works. This highlights that it is definitely a permissions problem.
Gary
-
Feb 11th, 2010, 03:44 PM
#20
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
The network folks said they can't add the local IUSR account to the network folder in Active Domain?
How would I give permissions to the Identity?
Do you have any links on this subject?
EDIT:
The folder out on the network I had locked down.
Only specific users can access it.
Of those specific users, only a hand full have write access to actualy use the access database.
The EVERYONE option has been set to list folder contents only.
Last edited by rack; Feb 11th, 2010 at 03:55 PM.
Reason: Added details
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 12th, 2010, 03:25 AM
#21
Re: Disk or Network Error with CORRECT connection string
-
Feb 12th, 2010, 04:13 AM
#22
Re: Disk or Network Error with CORRECT connection string
Originally Posted by rack
The network folks said they can't add the local IUSR account to the network folder in Active Domain?
How would I give permissions to the Identity?
Do you have any links on this subject?
EDIT:
The folder out on the network I had locked down.
Only specific users can access it.
Of those specific users, only a hand full have write access to actualy use the access database.
The EVERYONE option has been set to list folder contents only.
Get them to create a low privilege user that does have write access to the MDB, and impersonate that user in your config file. The basic point is, if you don't have permissions, you can't write to it. You need someone who can write to it, and if they are tight on security, then you'll want to have a conversation with them about getting you a username/pw to do this.
-
Feb 12th, 2010, 03:04 PM
#23
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Alright, so from those two links, and what Mendak has said, it sounds like the way i'm doing this, is infact what I'm suppose to do. The only difference is that you are saying I should have a dedicated user created for this, vs using my own credentials, correct?
Currently This is infact the case, I am using a setup username/password specifically for the IIS Server login (not my own username/password). This login was given modify permissions to the backend folder on the network.
The only additional things I noticed in the links were:
Code:
<processModel enable="true"
Is (processModel) better to use than (Identity Impersonate="True")? Or is it just a different way to do it?
and then they have IUSR_ProcessUser.
If I had an account created with username sunshine, and company bluesky, would it be like so?
Code:
<system.web>
<processModel enable="true"
userName="bluesky\IUSR_sunshine"
password="blah"/>
</system.web>
or like so
Code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<identity impersonate="true" userName="bluesky\sunshine" password="pass" />
</system.web>
</configuration>
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 13th, 2010, 10:04 AM
#24
Re: Disk or Network Error with CORRECT connection string
Hey,
That is typically what we do yes, we term it having a service account, and it has all the necessary permissions to access everything that it needs to, and nothing more. In the example of an ASP.Net Application, we would add a new Application Pool, and set the Identity of that Application Pool to run under this service account, then we would add our ASP.Net Application to run under this Application Pool.
Choosing to Impersonate this particular user is certainly another way to achieve this.
Gary
-
Feb 14th, 2010, 05:35 AM
#25
Re: Disk or Network Error with CORRECT connection string
When you use processModel, all threads that generate from that app are run under the impersonation that you specify. But if you use identity impersonate, then the main thread runs under the impersonation you specify, while the rest run as the ASPNET user. This can make a difference, so using processModel may bring about unnecessary complications.
-
Feb 16th, 2010, 09:17 PM
#26
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Thank you both, you provided very helpful, accurate, and usefull information.
Unforutnetly because of my lack of understanding I had a read around a bit more to fully understand.
From what you've said, and what I've read.
I am going to try unchecking "Anonymous Access" and use Integrated Windows Authentication (As we have no unix/mac/linux users that will be accessing this site internally). I will have to play with this, different browsers, VPN, etc, to make sure it works.
If that does not work, I will attempt to impersonate the account that was specifically set up for this server to have minimal access.
Here are some links to anyone in the future that might read this, they helped me understand.
This first link has a LOT of detail about the ASP.NET and IIS settings.
Egghead: http://www.eggheadcafe.com/community...ervice-se.aspx
Another Link:
Bytes.com: http://bytes.com/topic/asp-net/answe...-impersonation
Impersonate through Code:
Microsoft: http://support.microsoft.com/?id=306158
A bit of info about IIS, ISAPI, ASP.NET
dotnetslackers.com http://dotnetslackers.com/articles/i...cessModel.aspx
ASP.NET Authenticiation
Microsoft: http://msdn.microsoft.com/en-us/libr...47(VS.71).aspx
IIS Authenticiation
Microsoft: http://msdn.microsoft.com/en-us/libr...14(VS.71).aspx
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 17th, 2010, 02:58 AM
#27
Re: [RESOLVED] Disk or Network Error with CORRECT connection string
Hey,
Let us know how you get on.
Gary
-
Feb 17th, 2010, 07:50 PM
#28
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
I tried to do Windows Authentication, and turned all other authentication off.
If I access the site from the computer locally, it works. If however I access the computer remotely, it does not work.
It says: Unspecified Error (Highlighting the "conClasf.Open" statement).
Which to me says that for some reason it couldn't connect to the database out on the network using my personal credentials, which is odd because I have full access to the folder.
The ASP labels correctly show the username I am using is the one that I am signed into windows as. But it gives that error still.
web.config file for the specific folder.
Code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>
</configuration>
vb Code:
<%@Page Language="vb" Explicit="True" Debug="True"%>
<%@Import Namespace="System.Data"%>
<%@Import Namespace="System.Data.oleDb"%>
<%@Import Namespace="System.Security"%>
<Script Runat="Server">
Sub Page_Load(sender As Object, E as EventArgs)
If Page.IsPostBack Then
InsertRecord()
End If
'I added this per a windows documention to view
'who was being impersonated
Dim authUserName As String
Dim aspUserName As String
authUserName = User.Identity.Name
aspUserName = Principal.WindowsIdentity.GetCurrent.Name
authUserPrincipalLabel.Text = authUserName
aspPrincipalLabel.Text = aspUserName
End Sub
Sub InsertRecord()
Dim conClasf As OleDbConnection
Dim cmdClasf As New OleDbCommand
Dim strClasf As String
Dim strSQL As String
lblSubmitMsg.Text=""
strClasf="Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source='\\florida\employees\1 on 1\backend\test.mdb';"
conClasf = New OleDbConnection(strClasf)
conClasf.open
strSQL = "INSERT INTO testtable (" & _
"MyUser, " & _
"MyPass, " & _
"LogDate " & _
") " & _
"Values ('" & txtUsername.value & _
"', '" & txtPassword.value & _
"', #" & Now() & "#);"
cmdClasf = New OleDbCommand(strSQL, conClasf)
Try
cmdClasf.ExecuteNonQuery()
lblSubmitMsg.Text="Successfully Saved Username and Password"
Catch Ex As Exception
lblSubmitMsg.Text=Ex.Message
End Try
conClasf.Close
End Sub
</Script>
<html>
<head>
<title>Testing ASP.NET connection to 1on1 database</title>
</head>
<body>
<h1>Testing ASP.NET connection to 1on1 database</h1>
<form method="POST" runat="server">
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<td>Username</td>
<Td><input type="Text" id="txtUserName" size="20" Runat="server"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="Text" id="txtpassword" size="20" Runat="server"></td>
</tr>
<tr>
<td></td>
<Td><input type="submit" value="Button Text" id="btnSub" size="20" Runat="server"></td>
</tr>
<tr>
<td>You Are</td>
<td>This page runs as</td>
</tr>
<tr>
<td><asp:label id="authUserPrincipalLabel" runat="server" /></td>
<td><asp:label id="aspPrincipalLabel" runat="server" /></td>
</tr>
</table>
</form>
<p><asp:label id="lblSubmitMsg" runat="server" /></p>
</body>
</html>
Last edited by rack; Feb 17th, 2010 at 07:53 PM.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 17th, 2010, 09:56 PM
#29
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Well reading around (a lot).
I believe I found that the issue seems to be this. I was focused on Impersonate, and the issue was, that Impersonate doesn't work over a network, therefore I'd have to use Delegation.
Please let me know if I am understanding all this correctly or not.
There are 3 computers in question.
- Client/Workstation
- IIS Server (ASP.NET .aspx front end)
- Network folder within the Intranet
From the information I have read, I am experiencing the "Double hop" issue. In that, when the Client at A.) opens the .aspx page on B.) the credientials passed through Integrated Windows Authentication only provide a secondary Token Password. So when B.) tries to get data from C.) it throws an error because C.) is looking for a Primary Token Password, to which B.) does not have.
to quote microsoft in this article:
http://msdn.microsoft.com/en-us/library/aa302385.aspx
Originally Posted by Microsoft
If you enable impersonation, the impersonated security context will not have network credentials (assuming delegation is not enabled and you are using Integrated Windows authentication). Therefore, the remote call to SQL Server will use a NULL session, which will result in a failed call. With impersonation disabled, the remote request will use the ASP.NET process identity.
I wonder if either of the following would work around this:
- setting the processModel to use a SPECIFIC username/password always.
- (Which obviously doesn't provide as specific of security per logged in person)
- I read somewhere that the username/password could even be stored encrypted instead of in plain text.
- Impersonating the logged in Client on a specific call via Code inside the aspx file.
Double Hop Issue:
http://support.microsoft.com/default...b;en-us;329986
Information I've found so far on Delegation:
http://msdn.microsoft.com/en-us/library/ms998355.aspx
http://msdn.microsoft.com/en-us/library/ms998351.aspx
http://technet.microsoft.com/en-us/l...64(WS.10).aspx
http://www.vbforums.com/showthread.p...ght=delegation
Building Secure ASP.NET Applications: Authentication, Authorization, and Securty Communicaiton
http://msdn.microsoft.com/en-us/library/aa302415.aspx
ASP.NET Process Identity:
http://msdn.microsoft.com/en-us/libr...39(VS.71).aspx
Securiting ASP.NET with Windows Security:
http://support.microsoft.com/kb/315736/
Detailed ASP.NET Security Overview:
http://support.microsoft.com/kb/891028
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 18th, 2010, 03:29 AM
#30
Re: Disk or Network Error with CORRECT connection string
Originally Posted by rack
If I access the site from the computer locally, it works. If however I access the computer remotely, it does not work.
When you say this, do you mean from another computer that is connected to the domain? Or from another computer that is not on the domain itself?
Gary
-
Feb 18th, 2010, 11:51 AM
#31
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
All computers A, B, and C, are on the domain.
- When accessing from A (The client/workstation via Internet Explorer) it does not work.
- When I access it from B (The IIS Server via Internet Explorer) it works.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 21st, 2010, 02:44 PM
#32
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Originally Posted by gep13
When you say this, do you mean from another computer that is connected to the domain? Or from another computer that is not on the domain itself?
Gary
Was what I responded with, what you needed to know ?
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 22nd, 2010, 03:49 AM
#33
Re: Disk or Network Error with CORRECT connection string
Hey,
Yeah, it was the answer that I was looking for clarification on, but it didn't help with thinking of anything else to suggest
Will have to give this one some more thought.
Gary
-
Feb 22nd, 2010, 04:37 PM
#34
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Oh =) ok hehe.
Thank you for all the effort and time you've been putting into this also. You and Mendhak both.
So from your question, it makes it sound like your thinking the 2nd hop issue doesn't apply? Meaning I shouldn't need to have the admins allow the IIS computer to "Delegate" in Active Directory?
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 23rd, 2010, 03:11 AM
#35
Re: Disk or Network Error with CORRECT connection string
Hey,
To be honest, I am really not sure. This is an area that I have never had to play with, as I have never ran into this particular issue. Is there any way that you can start stripping the set up back to basics? i.e. start with a simple website, get that works in all cases, and then start adding the layers of complexity back onto it, that way you can find out exactly where it stops working.
Gary
-
Feb 23rd, 2010, 03:02 PM
#36
Re: Disk or Network Error with CORRECT connection string
The IIS server isn't allow to negotiate authentication which is why the existing user's credentials aren't used when accessing Server3. So IIS (Server2) sends a request to Server3, Server3's ACL on the resource kicks in and it challenges Server2. Server2 can't do anything, it can only pass a token that it has full control over, which is one of its own. Yes, it's known as the double hop issue.
And so for that reason, you need to impersonate with a low privilege user. Did you try the <impersonate> tag with a username and password to start with? Yes, you can encrypt the identity section of the web.config file and you can also impersonate a user via code.
-
Feb 24th, 2010, 03:05 PM
#37
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
Mendhak,
Using Impresonate with a username and password in the web.config file works. The issue was I was trying to pass the user who is accessing the website's permissions instead. This was just an extra step to make sure they actually do have access to the database. (Because I manage who has access to the network folder)
I will contact my admins and ask if they can allow the IIS server to delegate.
Which is better in the long run? Delegation or manually creating coding restrictions on access to aspx content with security level settings in a table?
Gp13,
Everything works fine until the IIS server attempts to connect to a network source.
Decision?
I think I will probably just end up using the impersonate, and encrypting the username/password.
I sincerly appreciate all the information provided and help. I just want to analyze the options before starting.
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
-
Feb 28th, 2010, 06:00 AM
#38
Re: Disk or Network Error with CORRECT connection string
I'd probably say that in your case, the intranet app, it would be so much better if you could get over the double hop issue and have user credentials passed on to the remote resource. This way, a user's rights are controlled in a single place (the AD, by an admin) and so you don't have to worry a lot about it.
In order to get it to work, ask your admins to trust the IIS server to delegate, and set the network up to use Kerberos (though it might do already). Further caveat - the client machine, where the end user sits, will also need to be on the same domain as the web server and AD else the network falls back to NTLM and it won't work.
-
Feb 28th, 2010, 06:00 AM
#39
Re: Disk or Network Error with CORRECT connection string
-
Mar 1st, 2010, 08:50 PM
#40
Thread Starter
Fanatic Member
Re: Disk or Network Error with CORRECT connection string
LMAO thanks Mendhak.
I don't think the pictures are as good as the ones you've taken with your camera, but they are still great =).
I'll shoot that link over to my Admins.
I sincerly appreciate everything you both have provided.
I am closing this, as I obviously have the direction I need to go, its just a matter of what my company will do for me (Not being in a true IT department and all).
Talk with you both more in other posts =)
Please RATE posts, click the RATE button to the left under the Users Name.
Once your thread has been answered, Please use the Thread Tools and select RESOLVED so everyone knows your question has been answered.
"As I look past the light, I see the world I wished tonight, never the less, sleep has come, and death shall soon follow..." © 1998 Jeremy J Swartwood
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|