views:

10446

answers:

5

I have a web application that needs to read (and possibly write) files from a network share. I was wondering what the best way to do this would be?

I can't give the network service or aspnet accounts access to the network share. I could possibly use impersonation.

The network share and the web application are both hosted on the same domain and I can create a new user on the domain specifically for this purpose however I'm not quite sure how to join the dots between creating the filestream and specifying the credentials to use in the web application.

A: 

I've had no problems connecting to network shares transparently as if they were local drives. The only issue you may have is what you mentioned: having the aspnet account gain access to the share. Impersonation is probably the best way to do this.

You should be able to use any filestream objects to access the network share as long as it has a drive letter on the server machine.

Dan Herbert
A: 

Impersonation worked well for me in this scenario. We had a wizard that uploaded a zip file through the website, but we load balanced the site. Therefore needed to setup a way to save the file on all the machines.

There are many different ways to do it. We decided to make all requests to run under the user we setup and just added the web.config entry and setup the security permissions on the folders for the user. This kb article explains the setup very well.

Dale Ragan
+1  A: 

Given everyone already has domain accounts. Try IIS integrated authentication. You will get an ugly logon box off network but your creds should pass down to the file share.

@lomaxx
Are you saying that only you have perms to the share or that you manually mapped it to a drive letter. If the later you can use ucn \host\share the same way you would use a c:\shared_folder.

Random Would it be a burden to mirror the share to a local folder on the host? I hear ROBOCOPY is pretty handy.

Another Idea. Run IIS on your target share you can read via http and if you need to write investigate webdav.

jms
+4  A: 

get a token for the user that you've chosen/created for accessing the network share (keith brown 26: How To Get A Token For A User) and then impersonate that user (keith brown 32: How To Impersonate A User Given Her Token).

Adam
A: 

Unfortunately the drive isn't mapped as a network drive on the machine, it's only available to me as a network share so unfortunately I can't make a transparent call.

There is one problem I can think of with impersonation... I can only impersonate one user per application domain I think but I'm happy to be corrected. I may need to write this file to several different shares which means I may have to impersonate several users.

I like the idea of creating a token... if I can do that I'll be able to ask the use up front for their credentials and then dynamically apply the security and give them meaningful error messages if access is denied... I'm off to play but I'll be back with an update.

lomaxx