Hello Gerhard,
Based on your description, your webserver (in DMZ)which host the .net
application(ASP.NET app?) will need to access files on another server
behind firewall(in intranet domain), and you're wondering the proper way to
do this, correct?
As for use a reverse proxy server and move the webserver into intranet with
the fileserver, I don't think it a prefered way since that'll involve more
complexity. And generally webserver is reasonable to locate in DMZ instead
of inside intranet domain.
For your scenario, if the files on the remote server (behind firewall) is
on NTFS file system, I think you can consider using the following means in
your .net application (running on the webserver in DMZ):
1. Use impersonate to execute File access (System.IO....) code under a
specific user. And since your webserver is in DMZ, you can not use domain
user account, you need to create two duplicated local accounts (with same
username and password) on both your webserver and the file server. Then, in
your .net application, use code to programmtically impersonate as this
local account and the impersonated code can correctly access the files on
the shared folder on the remote file server(as long as you've grant
sufficient permision for this account for this account).
Here is an article describe how to programmatically impersonate the
ASP.NET application code(also apply to normal .net application)
#How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158/en-us
2. The #1 approach require us to impersonate under a certain user and this
user account must be a duplicated account on both source and target
machine. To avoid this, you can consider create a "Mapped network drive"
on your webserver machine which point to the remove file share folder. You
can create such a fileshare through the server explorer's "tools-->map
network drive..." menu or use the "net use" command line command.
Then, in your .net application you can access this mapped local drive
instead of the remove UNC path. You also need to make sure that your
application's running account (security context) is the one that create the
network share mapping.
Hope this helps. Please feel free to let me know if you have anything
unclear or need any further assistance.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
