File Access

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Good Day All,

I have an application that run on a server in our companie's DMZ portion of
the network. As such, it is not part of our fully trusted domain.

This application needs to be able to copy files to another server that is
part of our fully trusted domain.

I am thinking that the application in the DMZ needs to pass a domain account
and password to the destination server when it tries to write files to that
server but I am not sure how I go about doing that.

Does anyone know how to acoomplish this? Any help would be appreciated.
Thanks!

Dan
 
Dan,

Check out the documentation for the WindowsIdentity class, particularly
the Impersonate method. The documentation for that method details how you
can impersonate another user (the user in the trusted domain in your case),
at which point you can perform the file copy.

However, I can not say that this is the best scenario. The reason for
this is that the username and password would be stored in the assembly (even
if you encrypted it, you would be able to see how it is encrypted/decrypted
by disassembling the application code). Unless you are obfuscating the
assembly, this would put the username and password in plain sight for
everyone to see.

Rather, I would create a component that derives from ServicedComponent,
and configure the component so that it runs with an identity that is trusted
by the domain and have that component perform the file operations.

Hope this helps.
 
Thanks for the information as well as the note about security. I appreciate it.

Dan

Nicholas Paldino said:
Dan,

Check out the documentation for the WindowsIdentity class, particularly
the Impersonate method. The documentation for that method details how you
can impersonate another user (the user in the trusted domain in your case),
at which point you can perform the file copy.

However, I can not say that this is the best scenario. The reason for
this is that the username and password would be stored in the assembly (even
if you encrypted it, you would be able to see how it is encrypted/decrypted
by disassembling the application code). Unless you are obfuscating the
assembly, this would put the username and password in plain sight for
everyone to see.

Rather, I would create a component that derives from ServicedComponent,
and configure the component so that it runs with an identity that is trusted
by the domain and have that component perform the file operations.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Dan said:
Good Day All,

I have an application that run on a server in our companie's DMZ portion
of
the network. As such, it is not part of our fully trusted domain.

This application needs to be able to copy files to another server that is
part of our fully trusted domain.

I am thinking that the application in the DMZ needs to pass a domain
account
and password to the destination server when it tries to write files to
that
server but I am not sure how I go about doing that.

Does anyone know how to acoomplish this? Any help would be appreciated.
Thanks!

Dan
Click to expand...
Click to expand...
 
Back
Top