views:

448

answers:

2

Hi -

I have an ASP.NET website on a Windows 2003 Server, that needs to access files from a network share. The network share is password protected and needs a username and password to be provided.

I use forms based authentication on the website and not windows based.

So my problem is, when I try to read any file from the networkshare using the code below, it throws access denied DirectoryInfo networkShare = new DirectoryInfo("\\TestServer\Share");

So I tried using Impersonate by providing the username and password of the network share to the impersonate function call, however the call obviously fails since that username does not exists on the ASP.NET webserver. So then I passed the username and password of a login that does exist on the webserver, so this time the impersonate call works however it still can not access the network share 'cuz the network share username and password are different.

So finally, I created the exact same username/password on the webserver which matches the network share. This time impersonate function call works and so does network share. I'm able to successfully read from the share.

So my question is, is there a way I can read the network share without adding the username in the webserver. 'Cuz everytime the network share login changes, I'll have to again make a new username in the webserver too. Which is not ideal.

Any ideas?

A: 

try this

WebRequest request = WebRequest.Create( "http://server/file.xml" );
request.PreAuthenticate = true;
request.Credentials = new NetworkCredential( "user", "pass" );

request.GetResponse();
ArsenMkrt
I need to get a list of all files from network share folder and copy all files to the webserver, will that be possible with the above aproach? Thanks.
ace
+1  A: 

The "right" way to do this is to run the webserver's AppPool as the identity that can access the share. That way, the only credential storage is done securely in the IIS config (rather than in your code or in readable config files). Putting the webserver and fileserver in the same Windows domain (or different domains with trust) is the easiest way, but the "same username/password" thing should work there as well.

If you don't care about putting usernames/passwords in your code or config, you can P/Invoke to WNetAddConnection2 and pass the username/password- then you should be able to access the share. This doesn't require the webserver to have a matching account, but you really should secure the password (look into System.Security.Cryptography.ProtectedData for encrypted registry storage).

nitzmahone
So again we need to have idential username/password on both servers, right ? I'm looking for something that does not require me to create a username on the webserver. Thanks.btw, my network share is on a FEDORA and not a windows server, not sure if that makes any difference.
ace
Sorry, your original post wasn't clear- if you don't care about storing the other server's username/password, I added something above that should work.
nitzmahone
Wow...looks like the solutions to my problem...I'll try and let you know if it works. Thanks man...I'm thinking of encrypting the network login and storing on the database server, so i guess it should be fine.
ace
Hey i tried using it and it totally worked, thanks man.
ace