I am stucked: Working on a network mapped drive via Web Service

  • Thread starter Thread starter Nirosh
  • Start date Start date
N

Nirosh

Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service to
manipulate some complex XML files, which reside in a seperate files server.
we have mapped the fodler to a different folder and need to allow the EXE to
process on the mapped drive. When I trigger the EXE via web service the EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web application)
user.

I am keeping this open .. please advice me the best approach I can take here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
Hi,

Either run the corresponding ASP .NET application in a dedicated application
pool running under a user account with sufficient permissions to access the
mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access the
mapped network drive. In this case, you'll need to grant elevated priveleges
to the ASPNET account ("Act as part of the operating system" if I'm not
mistaken).
 
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long term
goal, and with your reply it cofirm that we are in the correct path.

But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system" if
I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could you
provide me little more data..mean time I will try to find a path on this
line..

Thanks,
Nirosh.

Dmytro Lapshyn said:
Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient permissions
to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access the
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system" if
I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]


Nirosh said:
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service
to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the EXE
to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
Network sessions are (logon) session bound, that means that when you map a
drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so you
will have to create a use record from within your webservice specifying the
local drive the Fileshare and user credentials with appropriate privileges
to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share to
a local drive z: using bobby's credentials (bob\bobby is the userid and
BobsPass it's password, note that bob can be a domain name or a machine
name, so here "bob" is the remote machine name and Bobby is a local user on
Bob).


ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass /user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using "net
use z: /delete"), I would also suggest you to map the drive for at least the
duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used UNC
paths instead of mapped drives, but I guess the EXE is written to only
access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested by
Dmytro, doesn't work either, the spawned exe will use the parent's process's
credentials NOT those of the impersonating thread.

Willy.


Nirosh said:
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long term
goal, and with your reply it cofirm that we are in the correct path.

But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access
the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could you
provide me little more data..mean time I will try to find a path on this
line..

Thanks,
Nirosh.

Dmytro Lapshyn said:
Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient permissions
to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]


Nirosh said:
Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web service
to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
there u go ... I see the light now.. I can take it on now.. thank you very
much for this..

I guess Argument has a typing mistake, for others the correction is bellow

psi.Arguments = "net use z: \\\\bob\\share BobsPass /user:bob\\bobby";

Nirosh.

Willy Denoyette said:
Network sessions are (logon) session bound, that means that when you map a
drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so you
will have to create a use record from within your webservice specifying
the local drive the Fileshare and user credentials with appropriate
privileges to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share
to a local drive z: using bobby's credentials (bob\bobby is the userid and
BobsPass it's password, note that bob can be a domain name or a machine
name, so here "bob" is the remote machine name and Bobby is a local user
on Bob).


ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using "net
use z: /delete"), I would also suggest you to map the drive for at least
the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used
UNC paths instead of mapped drives, but I guess the EXE is written to only
access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested
by Dmytro, doesn't work either, the spawned exe will use the parent's
process's credentials NOT those of the impersonating thread.

Willy.


Nirosh said:
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long term
goal, and with your reply it cofirm that we are in the correct path.

But as the short term solution I like to go with the second option,
can you please give little more help on this
Log in as such a user and impersonate for the time necessary to access
the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />
mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could you
provide me little more data..mean time I will try to find a path on this
line..

Thanks,
Nirosh.

Dmytro Lapshyn said:
Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]


Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web
service to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service the
EXE
get the permission of the launching user (mean ASP.NET user) resulting
a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can take
here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
If you mean by this that the /C is not required, I'm affraid you are wrong,
the /C option tells the cmd shell to exit when done executing the command,
without this option cmd.exe stays active.

Willy.


Nirosh said:
there u go ... I see the light now.. I can take it on now.. thank you very
much for this..

I guess Argument has a typing mistake, for others the correction is bellow

psi.Arguments = "net use z: \\\\bob\\share BobsPass /user:bob\\bobby";

Nirosh.

Willy Denoyette said:
Network sessions are (logon) session bound, that means that when you map
a drive in your interactive logon session, that network session cannot be
seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process credentials
specified in your web.config file (the default being aspnet), and all
programs spawned from within asp.net will use the same credentials when
accessing network resources. Now aspnet has no network credentials, so
you will have to create a use record from within your webservice
specifying the local drive the Fileshare and user credentials with
appropriate privileges to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share
to a local drive z: using bobby's credentials (bob\bobby is the userid
and BobsPass it's password, note that bob can be a domain name or a
machine name, so here "bob" is the remote machine name and Bobby is a
local user on Bob).


ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using
"net use z: /delete"), I would also suggest you to map the drive for at
least the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used
UNC paths instead of mapped drives, but I guess the EXE is written to
only access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as suggested
by Dmytro, doesn't work either, the spawned exe will use the parent's
process's credentials NOT those of the impersonating thread.

Willy.


Nirosh said:
Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long
term goal, and with your reply it cofirm that we are in the correct
path.

But as the short term solution I like to go with the second option,
can you please give little more help on this

Log in as such a user and impersonate for the time necessary to access
the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />

mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could
you provide me little more data..mean time I will try to find a path on
this line..

Thanks,
Nirosh.

message Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating system"
if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]


Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web
service to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service
the EXE
get the permission of the launching user (mean ASP.NET user) resulting
a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can
take here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
thanks you very much for keep in touch with the thread, I did try it with
"/C" and with out "/C" and execute some command via the web app and check
teh task manager but I didn't see the cmd.exe active there.. any thoughts?

Nirosh.
Willy Denoyette said:
If you mean by this that the /C is not required, I'm affraid you are
wrong, the /C option tells the cmd shell to exit when done executing the
command, without this option cmd.exe stays active.

Willy.


Nirosh said:
there u go ... I see the light now.. I can take it on now.. thank you
very much for this..

I guess Argument has a typing mistake, for others the correction is
bellow

psi.Arguments = "net use z: \\\\bob\\share BobsPass /user:bob\\bobby";

Nirosh.

Willy Denoyette said:
Network sessions are (logon) session bound, that means that when you map
a drive in your interactive logon session, that network session cannot
be seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process
credentials specified in your web.config file (the default being
aspnet), and all programs spawned from within asp.net will use the same
credentials when accessing network resources. Now aspnet has no network
credentials, so you will have to create a use record from within your
webservice specifying the local drive the Fileshare and user credentials
with appropriate privileges to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map \\\\bob\\share
to a local drive z: using bobby's credentials (bob\bobby is the userid
and BobsPass it's password, note that bob can be a domain name or a
machine name, so here "bob" is the remote machine name and Bobby is a
local user on Bob).


ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using
"net use z: /delete"), I would also suggest you to map the drive for at
least the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had used
UNC paths instead of mapped drives, but I guess the EXE is written to
only access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as
suggested by Dmytro, doesn't work either, the spawned exe will use the
parent's process's credentials NOT those of the impersonating thread.

Willy.


Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long
term goal, and with your reply it cofirm that we are in the correct
path.

But as the short term solution I like to go with the second option,
can you please give little more help on this

Log in as such a user and impersonate for the time necessary to access
the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />

mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating
system" if I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could
you provide me little more data..mean time I will try to find a path on
this line..

Thanks,
Nirosh.

message Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to access
the mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating
system" if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]


Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web
service to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow the
EXE to
process on the mapped drive. When I trigger the EXE via web service
the EXE
get the permission of the launching user (mean ASP.NET user)
resulting a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can
take here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
May be since I use
psI.UseShellExecute = false;

Nirosh

Nirosh said:
thanks you very much for keep in touch with the thread, I did try it with
"/C" and with out "/C" and execute some command via the web app and check
teh task manager but I didn't see the cmd.exe active there.. any thoughts?

Nirosh.

Willy Denoyette said:
If you mean by this that the /C is not required, I'm affraid you are
wrong, the /C option tells the cmd shell to exit when done executing the
command, without this option cmd.exe stays active.

Willy.


Nirosh said:
there u go ... I see the light now.. I can take it on now.. thank you
very much for this..

I guess Argument has a typing mistake, for others the correction is
bellow

psi.Arguments = "net use z: \\\\bob\\share BobsPass /user:bob\\bobby";

Nirosh.

Network sessions are (logon) session bound, that means that when you
map a drive in your interactive logon session, that network session
cannot be seen/used by another logon session.
Now IIS creates a logon session for asp.net using the process
credentials specified in your web.config file (the default being
aspnet), and all programs spawned from within asp.net will use the same
credentials when accessing network resources. Now aspnet has no network
credentials, so you will have to create a use record from within your
webservice specifying the local drive the Fileshare and user
credentials with appropriate privileges to that remote share.

The easiest way to do this is by issuing a "net use" command using the
Process.Start() method.
The following is a small sample that shows you how to map
\\\\bob\\share to a local drive z: using bobby's credentials (bob\bobby
is the userid and BobsPass it's password, note that bob can be a domain
name or a machine name, so here "bob" is the remote machine name and
Bobby is a local user on Bob).


ProcessStartInfo psi = new ProcessStartInfo();
psi.CreateNoWindow = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.FileName = "cmd";
psi.Arguments = "/c net use z: \\\\bob\\share BobsPass
/user:bob\\bobby";
Process proc = Process.Start(psi);
proc.WaitForExit();
if(proc.ExitCode != 0)
...

Note that you should also delete the mapping when done with it (using
"net use z: /delete"), I would also suggest you to map the drive for at
least the duration of the session and not for every webrequest
Note also that all this wouldn't have been necessary if the EXE had
used UNC paths instead of mapped drives, but I guess the EXE is written
to only access local drives.
Note that the options suggested by Dmytro don't work, the first make no
sense you'll need to map the drive anyway. the second method as
suggested by Dmytro, doesn't work either, the spawned exe will use the
parent's process's credentials NOT those of the impersonating thread.

Willy.


Great suggestion Lapshyn,

Yes the first option is already evaluated and has decide as our long
term goal, and with your reply it cofirm that we are in the correct
path.

But as the short term solution I like to go with the second option,
can you please give little more help on this

Log in as such a user and impersonate for the time necessary to
access the

mean some thing like this in the web.config file
<identity impersonate="true"
userName="Wharton\tci"
password="pccd7972" />

mapped network drive. In this case, you'll need to grant elevated
priveleges to the ASPNET account ("Act as part of the operating
system" if I'm not mistaken).

What is this mean, I tried to google but I didn't get any clue? could
you provide me little more data..mean time I will try to find a path
on this line..

Thanks,
Nirosh.

message Hi,

Either run the corresponding ASP .NET application in a dedicated
application pool running under a user account with sufficient
permissions to access the mapped network drive,

Or

Log in as such a user and impersonate for the time necessary to
access the mapped network drive. In this case, you'll need to grant
elevated priveleges to the ASPNET account ("Act as part of the
operating system" if I'm not mistaken).

--
Sincerely,
Dmytro Lapshyn [Visual Developer - Visual C# MVP]


Hi All,

Can any one suggest me a best way to do this ..

I have a thrid party tool "EXE" that we need to use with our web
service to
manipulate some complex XML files, which reside in a seperate files
server.
we have mapped the fodler to a different folder and need to allow
the EXE to
process on the mapped drive. When I trigger the EXE via web service
the EXE
get the permission of the launching user (mean ASP.NET user)
resulting a
permission issue. Mapped drive cannot access by the IIS (web
application)
user.

I am keeping this open .. please advice me the best approach I can
take here
to do this assuming that I cannot change the EXE or the mapped drive
requirements.

Thanks,
Regards,
Nirosh.
 
Back
Top