asp.net impersonation


B

Beamer310

I really need help with this. I pass an xml string to a web service
that sits on a remote machine. Part of the process is to read the xml
and move relevant files from a shared computer to an ftp server. This
works fine when I test it on my computer, but when I reference the
source document that is on another machine I get
"System.IO.IOException: The file: U:\Downloads\ZTL0001 was not found.
Can not upload the file to the FTP Site", where U:\ is a mapped drive
through a VPN. I have tried using impersonation, as I believe that is
the answer, but with no success. Can anyone help?

Code breaks at ff.UploadFile(sSourcePath), when I execute a
system.io.file.exists(sSourcePath).

'''
''' Code for impersonating a specific user.
''' Needed to use the indexing service
'''
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_LOGON_NETWORK As Integer = 3
Dim LOGON32_LOGON_BATCH As Integer = 4
Dim LOGON32_LOGON_SERVICE As Integer = 5

Dim LOGON32_PROVIDER_DEFAULT As Integer = 0

Dim impersonationContext As WindowsImpersonationContext

Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" _
(ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As
Integer

Protected Function ftpFile(ByVal sIPAddress As String, _
ByVal sDestPath As String, _
ByVal sSourcePath As String, _
ByVal sUserName As String, _
ByVal sPassword As String, _
ByVal sCustomerID As String, _
ByVal iOrderID As Integer) As String

Dim ff As clsFTP
Dim sErrorString As String

'sSourcePath = "U:\Downloads\ZTL0001"

Try
ff = New clsFTP(sIPAddress, sDestPath, sUserName, sPassword, 21)

' Attempt to log into the FTP Server.
If (ff.Login()) Then
If Not ff.ChangeDirectory(sCustomerID) Then
If ff.CreateDirectory(sCustomerID) Then
ff.ChangeDirectory(sCustomerID)
Else
sErrorString = "1_Failed to create customer directory"
End If
End If

If Not ff.ChangeDirectory(iOrderID) Then
If ff.CreateDirectory(iOrderID) Then
ff.ChangeDirectory(iOrderID)
Else
sErrorString = "1_Failed to create order ID directory"
End If
End If

ff.SetBinaryMode(True)

' Upload a file.
If impersonateValidUser("bimal", "bsaraiya", "jen2193") Then
ff.UploadFile(sSourcePath)
Else
sErrorString = "1_Access to file denied."
End If

If sErrorString = "" Then
sErrorString = "0_Success"
End If
Else
'we have failed
sErrorString = "1_Login Failed" ' login error
End If
Catch ex As System.Exception
'we have failed
sErrorString = "2_" & ex.ToString 'system exception

Finally
Me.undoImpersonation()
ff.CloseConnection()
End Try

Return sErrorString
End Function

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr
Dim tokenDuplicate As IntPtr
Dim iError As Integer

If LogonUser(userName, domain, password, LOGON32_LOGON_NETWORK, _
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If impersonationContext Is Nothing Then
impersonateValidUser = False
iError = Err.LastDllError()
Else
impersonateValidUser = True
End If
Else
impersonateValidUser = False
iError = Err.LastDllError()
End If
Else
iError = Err.LastDllError()
impersonateValidUser = False
End If
End Function

Private Sub undoImpersonation()
impersonationContext.Undo()
End Sub
 
Ad

Advertisements

D

dilipdotnet at apdiya.com

Just curious, Why have you chosen to do the impersonation in the code as
opposed to via configuration... You could solve this problem in a couple
of ways...

1. Create an account with the same user id as the Web service account in
the shared machine with the same user name and password and try
impersonating.. This would then just be a change in the config file

2. If this is on a domain give permissions on the shared box to write
the file into that mapped share (mapped drives always revert to UNC
names internally if Im not mistaken) Let me know if that answers your
question
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top