1
Authentication to UNC Paths
Question asked by Gary - September 29, 2014 at 9:20 AM
Answered
asp.net app using forms authentication.
 
If we use either impersonation (windows impersonation code or just the application pool identity (domain\username) the control gives a 'access to path error'
In the code, the path can be validated using System.IO.DirectoryExists which returns true
Application pool is classic mode
 

2 Replies

Reply to Thread
0
Cem Alacayir Replied
October 2, 2014 at 10:11 AM
Employee Post
Using custom windows impersonation code in your page's codebehind will not work as FileUltimate runs out of the page's context once it's rendered. You are probably wrapping DirectoryExists validation inside your impersonation code, that's why it works there.
 
It's possible to impersonate at the right time so FileUltimate requests are run under this impersonated context. For example, in your project's global.asax you can do it like this:
 
using System;
using System.Linq;
using System.Web;

namespace YourNamespace
{
    public class YourApplication : HttpApplication
    {
        protected void Application_AcquireRequestState(object sender, EventArgs e)
        {
            var fileUltimateRelatedPaths = new[]
            {
                "/MyHostPage.aspx", 
                "/filemanager.ashx", 
                "/fileuploader.ashx"
            };

            //Check if the current request contains any 
            //of the FileUltimate related paths we defined above.
            if (fileUltimateRelatedPaths.Any(
                  h => Request.FilePath
                        .IndexOf(h, StringComparison.OrdinalIgnoreCase) >= 0
                ))
            {
                //Do your impersonation here
                //eg. ImpersonateUser()

                //We are saving the info that it's a FileUltimate 
                //related request and that we impersonated.
                //So that at the end of the request (below method), 
                //we can undo impersonation only when necessary. 
                //You can also save other variables like impersonation
                //handle etc. in Context.Items so that 
                //you can use them later for undoing impersonation.
                Context.Items["FileUltimate.Impersonated"] = true;
            }
        }

        protected void Application_PostRequestHandlerExecute
          (object send, EventArgs e)
        {
            if (Context.Items["FileUltimate.Impersonated"] != null)
            {
                //Undo impersonation here
                //eg. UndoImpersonateUser()
                
                //You can retrieve any other variables 
                //you saved in Context.Items 
                //in above function which are required 
                //for undoing impersonation.
            }
        }
    }
}
 
You can also use the more simple web.config impersonation method. These settings will isolate the impersonation only for FileUltimate requests and will not effect your whole application.
 
<configuration>
.
.
.

  <location path="MyHostPage.aspx">
    <system.web>
      <identity impersonate="true" userName="foo" password="bar" />
    </system.web>
  </location>

  <location path="filemanager.ashx">
    <system.web>
      <identity impersonate="true" userName="foo" password="bar" />
    </system.web>
  </location>

  <location path="fileuploader.ashx">
    <system.web>
      <identity impersonate="true" userName="foo" password="bar" />
    </system.web>
  </location>

.
.
.
</configuration>
 
In future versions, we plan to add built-in impersonation support to FileManagerRootFolder class so that you can supply credentials too in addition to Name and Location properties when you define the root folder.
0
Cem Alacayir Replied
October 29, 2014 at 6:13 AM
Employee Post
FYI, we released v4.1 today which now features built-in impersonation support. RootFolder locations can be specified with user credentials. The web.config settings and the code above are no longer required to connect as a specific user or as the IIS authenticated user to a path.
 
For example, you can specify Location property with credentials like this:
 
<GleamTech:FileManagerRootFolder 
  Name="RootFolder1" 
  Location="Path=\\server\share; User Name=USERNAME; Password=PASSWORD" > 
  
    <GleamTech:FileManagerAccessControl Path="/" AllowedPermissions="Full"/> 
    
</GleamTech:FileManagerRootFolder>  
If IIS authentication is used for this site, location can be specified like this to connect as the already authenticated user:
 
<GleamTech:FileManagerRootFolder 
  Name="RootFolder1" 
  Location="Path=\\server\share; Authenticated User=true" > 
  
    <GleamTech:FileManagerAccessControl Path="/" AllowedPermissions="Full"/> 
    
</GleamTech:FileManagerRootFolder>  
 

Reply to Thread