What should work for you is to NOT use impersonation and configure the
ASP.NET process to run under a domain account which has the required
access to the \\tron\Versioning resource. Since the ASP.NET process
created the auth token for the domain user it is running under, it will be
able to forward that user's credentials to access the \\tron\Versioning
resource. If you had impersonation on, you would need to either be using
Kerberos between all resources or you would need to allow everyone access
to the resource.
Chad
On Sun, 29 Jun 2003 12:37:15 -0400, Ben Callister <[EMAIL PROTECTED]>
wrote:
>hello!
>
>i have an ASP.NET web service with a web method that passes a path to a
network drive ('\\tron\Versioning'), on *another* box, to a classic in-
proc VB COM component that, internally, using the 'MS Scripting' component
to create a FileSystemObject and calls GetFolder() on that object to
retrieve a reference to that Folder object. when doing so, i get a 'Path
not found' exception returned.
>
>------------------------------------------
>couple notes (and code below):
>------------------------------------------
>
>- im running .NET framework 1.1 (v1.1.4322)
>- the VB COM component is *not* a configured COM+ component - its just
classic COM (and in-proc DLL)
>- i have verified that the path exists and the box that the web service
is running on can access it via 'Start...Run,' IE, and windows explorer
>- i configured IIS security for *anonymous*, but specified a different
account that all incoming request will use (and for debugging purposes,
even included a domain admin to see if that would work - nope!)
>- my web.config authentication mode = 'Windows' (<authentication
mode="Windows" />)
>- i have tried turning impersonation on in my web.cofig file (<identity
impersonate="true"/>)
>- when i pass a *local* path to the VB COM component, rather than another
network resource, it can fetch the folder just fine
>- the ACL of the target folder, on the target box, *does* provide the
correct permissions for the account configured as the anonymous account in
IIS (and is verifiably being passed to ASP.NET - see below)
>
>------------------------------------------
>code snippets: (ASP.NET - shortened for clarity)
>------------------------------------------
>
>[WebMethod]
>public string BuildVersionManifest(...)
>{
> //just to verify that the appropriate credentials are getting
passed from IIS
> WindowsIdentity wi = WindowsIdentity.GetCurrent();
> string sUsername = wi.Name;
> //wi.Impersonate(); //ive tried this, but i assume it does the
same thing as having
> //impersonate turned on in my web.config - neither of them do the
trick
>
> //note: doing this works great?!? although, these 2 lines are not
part of the real code
> Scripting.FileSystemObject pFSO = new
Scripting.FileSystemObjectClass();
> Scripting.Folder pFolder = pFSO.GetFolder(@"\\tron\Versioning");
>
> //this is the real code that fails... see below for the code in
the 'VersionBasePath' property of the broker
> //that is the code that is unable to locate the passed folder
> nGENVerServer.VersionBroker pBroker = new
nGENVerServer.VersionBrokerClass();
> pBroker.VersionBasePath = @"\\tron\Versioning"; //THIS
LINE FAILS!!!
> ...
>}
>
>------------------------------------------
>code snippet: (VB COM object)
>------------------------------------------
>
>Public Property Let VersionBasePath(ByVal sValue As String)
> On Error GoTo errHandler
>
> Dim theFSO As Scripting.FileSystemObject
> Set theFSO = New Scripting.FileSystemObject
>
> Set g_VersionBaseFolder = Nothing 'module member
> Set g_VersionBaseFolder = theFSO.GetFolder(sValue) 'REAL LINE THAT
FAILS with 'Path not found'!!!
>
> Exit Property
>
>errHandler:
> Call Err.Raise(Err.Number, Err.source, Err.Description)
> Exit Property
>End Property
>
>------------------------------------------
>
>notice that when i create a Scripting.FileSystemObject *directly* from
ASP.NET, and then call GetFolder() with my path, it is able to retrieve
the folder just fine. so... i was wondering if, how, and why a security
identity switch is occuring from my ASP.NET page to the VB COM interop AND
how can i get around this issue? (and please note, that as of right now im
not willing to accept the ASP.NET page passing in a reference to the
folder that it has already acquired. even if that worked, i have too many
other places internal to this VB COM component that will go out to other
network resources to perform its job).
>
>also, in my research, i have found several good explanations of how
security is configured and handled in ISS, ASP.NET, and the transition
between the two, but i have not been able to find anything good on what
happens when you drop from managed code (in this case ASP.NET) to COM
interop code. in addition to knowing the answer to this particuliar
problem, i would really appreciate any advice on some good articles/books
on what happens here specifically (note: i am familiar with Keith Brown's
excellent book!).
>
>thanks for any help you can provide,
>
>Benjamin Callister
>Vice President of Engineering, Tutor.com
>Real Tutors, Real Results.
>
>e: [EMAIL PROTECTED]
>p: 212.528.3101; x.227
>w: http://www.tutor.com
>
