tags:

views:

46

answers:

2
+3  Q: 

How can I perform action from ASP.NET MVC with different user credentials?

Hopefully this explanation will make sense, but what is the best way (if it is even possible) to pass along user credentials to preform a specific application from an ASP.NET MVC application. Currently I am working on trying to create directories on another server, we can't do this using the generic credentials that the application is running with; however, we have been told that we can if we pass the credentials of the user currently using the application along.

Currently we are running on IIS 6.0 but will be moving to IIS 7.0 in the near future and likewise we are using Integrated Windows authentication for the web applications.

A: 

Yes. You should take a look at User property and the IIS Authenticated methods

Frank  2010-04-13 17:40:01
That gives us the user who is currently accessing the site (we are using this for access control), but I'm looking for a way to pass this along to say, Directory.CreateDirectory so that user is preforming the action instead of the network service.
Rob  2010-04-13 17:42:18
+1  A: 

Here is a KB article which describes a few ways of doing user impersonation.

Note that some of their examples seem to be using the current authenticated user, but you can obviously adapt this to use whatever user you'd like.

Edit: I've used code very much like in the section "Impersonate a Specific User in Code" to access files on a remote share using the credentials of a user with access to said share. Pretty straight forward.

mmacaulay  2010-04-13 17:46:36
Indeed, I just wrote some code into the system and it looks like we might have a winner. However, I am getting an error that "The specified network name is no longer available." when trying to create a directory. Any ideas?
Rob  2010-04-13 17:57:46
Can you specify the line giving the error?
Frank  2010-04-13 17:59:12
@Frank - The path needs to be censored for obvious reasons but it's just a Directory.CreateDirectory("\\server\directory\new") call.
Rob  2010-04-13 18:01:12
Hmm, are you able to do any other file operations? Read directory index, read the contents of an existing file, etc.
mmacaulay  2010-04-13 18:20:52
Odd, I just did a DirectoryInfo on the existing part of the path and I'm getting back that it doesn't exist from the code, but no issues actually connecting to it.
Rob  2010-04-13 18:33:11
Looks like we are half way to the solution, I've opened up another question with the problems related to the credentials across the network.http://stackoverflow.com/questions/2632556/
Rob  2010-04-13 19:26:30

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?