If I go to explorer and navigate to our print server and click on the printer name it installs the print driver locally. \printserver\printername.
I created a power shell script and tested it and it works fine. So then I created a library in c# to execute the ps script.
My end goal is to allow any authenticated user to be able to install any of our network printers to their workstation from a web site. I have tried multiple ways to get this code to run. The piece of code that installs the printer works fine under a windows application.
Here is what I have tried in the web application.
Web.Config - impersonation in web config.
<authentication mode="Windows"></authentication>
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
<identity impersonate="true" userName="someuser" password="pwofthatuser"/>
Produces
Impersonation in code around the install printer code.
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
--- Code Here --
impersonationContext.Close();
Questions:
If my logged in user works I am assuming if I am impersonating the website under my credentials it should also work, is that assumption true?
How can I verify what user that code is executing under? It appears to be getting an access denied error.
Any help on this would be greatly appreciate. If someone has already figured this out a solution would also be great.
Related
So, I have two applications, one is Web and the other is a console app. The console app creates directories/folders and pdfs in a remote server. The web site (that is running in IIS) has a .aspx document that starts that console app. Running the console app does't give me problems, the problems come when I run the web site and fails to create the directories and pdfs. This is the error:
Error: Access to the path '\\SERVERIP\rae\RAE\' is denied.
That server has credentials and I am thinking that when I run just the console app it takes the credentials before typed (because to access the remote server I needed to type the credentials to see the folders in that server) but when I run the web site, the credentials are asked again (no prompt shown) and that's why the access is denied.
I am using C#'s System.IO.Directory.Exists(route); to check if exists and if it doesn't System.IO.Directory.CreateDirectory(route);
Is there a way to set the credentials for that server in code, on IIS or with another method?
you can set the condition on web.config for specific folder only.
<configuration>
<location path="Path/To/Public/Folder">
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Via the graphical interface of the IIS,
Application Pools
Select the one used by your application
Go to advanced settings (on the far right)
Set the identity to the User you want
trying to do something really basic!
I have an MVC5 Web app - and I want to make it work as an intranet app. I had a look at https://msdn.microsoft.com/en-us/library/gg703322(VS.98).aspx and it seems straightforward . I want to things a little different though .. I want to control access by roles in a global way .. I would have thought through web.config.
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*" />
</authorization>
So - we have 2 servers , 1 Domain Controller SBS2008 and 1 web server Windows 2012 server which is connected to the SBS domain .
1) I can log on to app ok if I am a domain administrator
2) I can deny myself access using those settings in web.config.
The problem is whenever a standard user tries to go to the site they are asked for a user name and password. Help!
One other thing - I can't enable impersonation or I get Error 500 .
I am having an issue accessing a webservice with impersonate without a specified user.
Works:
<identity impersonate="true" userName="DOMAIN\USERNAME" password="MyPassword" />
Doesn't Work
<identity impersonate="true" />
While debugging I used the code below to verifiy the correct Domain and Username were being used, they are.
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
Here is more of my web.config
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<allow users="*" />
<deny users="?"/>
</authorization>
I am logging into the prompt, image below
Any ideas why it will only work when I specify a user in the web.config? I am logging in with the same Domain\Username and password that I put into the <identity impersonate="true" userName="DOMAIN\USERNAME" password="MyPassword" /> . I've tried with multiple accounts and they all work when I put their credentials in the web.config but none work with identity set as<identity impersonate="true" /> and logging in.
EDIT
The remote server returned an error: (403) Forbidden.
EDIT 2
Everything works fine while debugging and while hitting the service on the server that contains the IIS it is hosted on, I've tried with multiple accounts and they all work. Everything is on the same domain
Note the following text from https://support.microsoft.com/en-us/kb/306158
Impersonate a Specific User for All the Requests of an ASP.NET
Application
To impersonate a specific user for all the requests on all pages of an
ASP.NET application, you can specify the userName and password
attributes in the tag of the Web.config file for that
application. For example:
Note The identity of the process that impersonates a specific user on a thread must have the "Act as part of the operating system"
privilege. By default, the Aspnet_wp.exe process runs under a computer
account named ASPNET. However, this account does not have the required
privileges to impersonate a specific user. You receive an error
message if you try to impersonate a specific user. This information
applies only to the .NET Framework 1.0. This privilege is not required
for the .NET Framework 1.1.
To work around this problem, use one of the following methods: Grant
the "Act as part of the operating system" privilege to the ASPNET
account (the least privileged account).
Note Although you can use this method to work around the problem,
Microsoft does not recommend this method. Change the account that the
Aspnet_wp.exe process runs under to the System account in the
configuration section of the Machine.config file.
You could setup the Aspnet_wp.exe process to run as the user you are trying to impersonate to get the desired privileges.
This has also been discussed before: How do you do Impersonation in .NET?
It could be the NTLM double-hop authentication issue. In short, ensure that Kerberos SPNs are properly set so it is used instead of NTLM. This MSDN blog post has a great explaination.
http://blogs.msdn.com/b/besidethepoint/archive/2010/05/09/double-hop-authentication-why-ntlm-fails-and-kerberos-works.aspx
Alternatively, basic or forms authentication will also achieve what you're looking to accomplish. This is because the application will have the user's credentials and, if properly configured, can use them to access back end resources.
You may also want to look into Kerberos delegation. Its a way to restrict that second hop to just one resource via it's SPN.
I have an ASP.NET MVC4 website deployed on IIS with Windows Authentication enabled. My config file has this setting:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
My understanding is that this will allow me to authenticate without having to type in credentials; i.e. an intranet site.
This works as intended, except for the first page load. When I first access the website, I am directed to the following URL:
http://localhost/SandboxWebsite/login.aspx?ReturnUrl=%2fSandboxWebsite
This is obviously a page that asks for credentials. When I then navigate again to http://localhost/SandboxWebsite/, I am automatically authenticated without having to enter any credentials.
Why is this occurring and how can I prevent it?
The problem was that, whilst anonymous access was disabled as a setting, there was no authorisation rule to deny anonymous users. Why this redirected me to Login.aspx I do not know, but I fixed it by adding the following rules.
IIS > MyWebsite > .NET Authorization Rules
John,
this is a long shot but have you tried using an address other than LocalHost to access the site ? It may be that your ASP.NET MVC4 website is expecting a specific domain name/computer name or IP address because of the way it was setup.
You could alter your hosts file to test this out.
Hope this helps.
Dorje
Here's my scenario:
I have an intranet application. I want to let the network users automatically get logged into the application using the Windows Authentication features. If the user isn't into my network, I'll pop up to them a login screen.
So, I changed the authentication mode into web.config file to Windows. Then I'm using the HttpContext.User.Identity object in order to get the logged user into the network. So I ran the app into my localhost and it works great.
When I publish the application into the server, when I try to automatic log in, the Identity object is always empty.
So, I've tried the following steps:
Deny anonymous users. <deny users="?"/>, which not allows any anonymous users to enter in the application, but I got a problem here: when the user isn't into our network, the server pops up that default authentication window from Window Servers, not my personal login screen.
Let anonymous users in. If I get rid with that <deny users="?"/>, any user can access the page, but it ALWAYS goes to the login screen, even if I'm into my local network.
So, what I need is: when the user is into the local network, go straight without login. If they aren't, pop up a login screen to them.
Can someone help me to figure out what's going on?
Thank you all!
Do the following,
<identity impersonate="true" />
<authentication mode="None" />
<authorization>
<deny users="?" />
</authorization>
Hope it helps.