"Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com> wrote in message
news:47F77CB0-98A8-4497-8EB3-CA3E5BB128D5@microsoft.com...
> Hi there,
>
> I am usign System.IO.File.Exists in my ASP.NET code to determine if a file
> exists in the specified location. The webserver is my local machine, which
> is
> a part of the corporate domain. The file the existence of which I am
> trying
> to determine is sitting in the shared folder of the PC which is not a part
> of
> the corporate domain. If the Authenitcation on my webserver allows
> Anonymous
> user to logon then Exists method returns false (I take it happens because
> my
> anonymous user doesn't have access to that shared folder, since it's not a
> part of the domain).

> I know it's a little confusing but still hoping that you can help me
> solving
> this problem
>
> Thanks

"Nicole Calinoiu" wrote:

> "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com> wrote in message
> news:47F77CB0-98A8-4497-8EB3-CA3E5BB128D5@microsoft.com...
> > Hi there,
> >
> > I am usign System.IO.File.Exists in my ASP.NET code to determine if a file
> > exists in the specified location. The webserver is my local machine, which
> > is
> > a part of the corporate domain. The file the existence of which I am
> > trying
> > to determine is sitting in the shared folder of the PC which is not a part
> > of
> > the corporate domain. If the Authenitcation on my webserver allows
> > Anonymous
> > user to logon then Exists method returns false (I take it happens because
> > my
> > anonymous user doesn't have access to that shared folder, since it's not a
> > part of the domain).
>
> Since ASP.NET is supposedly running on the same machine as the target
> folder, the domain issue shouldn't be relevant for the anonymous scenario.
> Are you using a local path to attempt to access the file (e.g.:
> "c:\somefolder\somefile.txt" instead of
> \\yourmachine\sharename\somefile.txt)?  If so, you'll need to grant at least
> the "List Folder/Read Data" permission on the folder containing the file to
> the user account under which your application is running.  (If you haven't
> fiddled with the ASP.NET process account or impersonation settings, this
> will be the ASPNET user on Windows XP when the application is using
> anonymous access.)  If you're not using a local path, try switching to that
> instead.
>
>
> > If I am using windows authentication then everything
> > works fine, and I am able to see if the file exists in the shared folder.
>
> Presumably because your account has permissions to the file.
>
>
> > The
> > last one, though, only works if I open the browser on the same PC where my
> > webserver is running. But if I am logged on using the same user name and
> > password on another PC then again Exists method always returns false.
>
> Hmm... Now I'm starting to wonder if the "shared folder" is really local to
> your PC or not.  Could you please confirm if it's truly local to your PC or
> if it's actually pointing to a share on another machine?
>
>
> > I know it's a little confusing but still hoping that you can help me
> > solving
> > this problem
> >
> > Thanks
>
>
>

"Paul Clement" wrote:

> On Fri, 12 Aug 2005 05:07:03 -0700, "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com>
> wrote:
>
> ¤ Thanks Nicole for your reply,
> ¤
> ¤ The target shared folder (call it \\PCWKG\SHAREDFOLDER) is on another
> ¤ machine. My machine (PCDOM1), on which I am running the browser is also the
> ¤ IIS. Presume that PCDOM1 is in the corporate domain, and PCWKG is in it's own
> ¤ workgroup and not in the corporate domain. If IIS\website authentication is
> ¤ set to Windows Authentication then it works, if Anonymous then not. But if I
> ¤ login as myself (with the same user name and password) on PCDOM2 and start
> ¤ the browser on it then it's not working as well. I was thinking that the
> ¤ reasong could be that my own account doesn't have access to the shared
> ¤ folder, but how can I give access on a shared folder to the domain user if
> ¤ the PCWKG is not on the domain?
> ¤
>
> I think the larger problem is one of delegation. Authenticating locally (on your web server)
> shouldn't pose a delegation issue as long as sufficient permissions are enabled on the workgroup PC
> (as you have demonstrated).
>
> However, a user authenticating from a browser on another machine, using Integrated Windows security,
> will not be able to have his credentials delegated through IIS. NTLM handles the authentication
> under this configuration and IIS never receives encrypted credentials. Implementing Kerberos allows
> delegation to occur under this scenario but I don't know whether it's possible with a machine that
> is not in the domain. There are some workarounds, when using Integrated Windows security, that you
> may find suitable in the below article. It's a good read if you need to understand how this stuff
> works.
>
> Basic authentication would be another alternative since impersonation and delegation of clear text
> credentials is allowed.
>
> ASP.NET Delegation
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconaspnetdelegation.asp
>
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)
>

"Paul Clement" wrote:

> On Mon, 15 Aug 2005 02:00:04 -0700, "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com>
> wrote:
>
> ¤ Thanks Paul for pointing at the article. I've tried the default
> ¤ authentication scenario, when <processModel userName="machine"/>. I've added
> ¤ NT AUTHORITY\ANONYMOUS LOGON user to the permissions list for the bloody
> ¤ shared folder, but getting the same picture at the end - no access. As far as
> ¤ I understand, according to the above mentioned article, IIS should delegate
> ¤ ASPNET user to the workgroup machine, which should appear as ANONYMOUS LOGON
> ¤ on that machine.
>
> Remember that the local account (ASPNET) on each machine must have the same exact credentials
> (password) in order for delegation to be successful.
>
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)
>

"Paul Clement" wrote:

> On Tue, 16 Aug 2005 00:15:01 -0700, "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com>
> wrote:
>
> ¤ My workgroup PC doesn't have .net frmwk installed. Should I install it then?
> ¤ Apologize for repeating - shouldn't the ASPNET user be delegated as NT
> ¤ AUTHORITY\ANONYMOUS LOGON on the target machine? If so, do I still need .Net
> ¤ installed on the workgroup pc?
> ¤
>
> You don't need the .NET Framework, but if the ASPNET account is being used then there must be a
> mirrored local account with the same credentials on the other machine for this to even have a chance
> of working. Please note that I still can't state for certain that delegation will occur on a machine
> that is not in the domain.
>
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)
>

"Paul Clement" wrote:

> On Thu, 18 Aug 2005 06:16:03 -0700, "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com>
> wrote:
>
> ¤ Give you some update: we've moved that workgroup PC to the domain, but it
> ¤ didn't seem to help solving the problem.
> ¤
> ¤ Could you help me to configure the whole thing by sending me a sample
> ¤ configuration list, i.e. users on both sides, how to configure iis, network
> ¤ share, users, groups, web.config, machine.config, etc, etc.. Since I've tried
> ¤ almost everything, but it's still not working.
> ¤
> ¤ Btw, if I change the password for ASPNET on my IIS and setup ASPNET user on
> ¤ the PC where the network share is with the same password, then it still
> ¤ doesn't work (if it's what you mean by the mirror account)
> ¤
> ¤ Thanks very much for the continuos support
>
> OK, well I would need to know what type of authentication (for your web application) that you would
> prefer to use, or would consider acceptable. The below article should help. If you need more
> detailed information I would need to know what your level of acceptable security is.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;891031
>
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)
>

"Paul Clement" wrote:

> On Fri, 19 Aug 2005 00:56:01 -0700, "Nikolay Evseev"
> <Nikolay.EvseevD0nTiNcLuDeThIs@REMOVETHISCalorGas.ANDTHISie> wrote:
>
> ¤ Thanks Paul,
> ¤ I'd say Windows authentication will be the best
> ¤
>
> If you use Integrated Windows then you will need to configure your system for Kerberos. I'm not a
> network admin but there is a KB article that describes how to do this:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
>
> This is the bulk of the work. The only other configuration that should be required is to insure that
> the domain accounts that will be accessing this resource have sufficient permissions to do so.
>
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)
>

"Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com> wrote in message
news:87253C4A-EF9A-4792-B880-EE9F61860C54@microsoft.com...
> Thanks Nicole for your reply,
>
> The target shared folder (call it \\PCWKG\SHAREDFOLDER) is on another
> machine. My machine (PCDOM1), on which I am running the browser is also
> the
> IIS. Presume that PCDOM1 is in the corporate domain, and PCWKG is in it's
> own
> workgroup and not in the corporate domain. If IIS\website authentication
> is
> set to Windows Authentication then it works, if Anonymous then not. But if
> I
> login as myself (with the same user name and password) on PCDOM2 and start
> the browser on it then it's not working as well. I was thinking that the
> reasong could be that my own account doesn't have access to the shared
> folder, but how can I give access on a shared folder to the domain user if
> the PCWKG is not on the domain?
>
> "Nicole Calinoiu" wrote:
>
>> "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com> wrote in
>> message
>> news:47F77CB0-98A8-4497-8EB3-CA3E5BB128D5@microsoft.com...
>> > Hi there,
>> >
>> > I am usign System.IO.File.Exists in my ASP.NET code to determine if a
>> > file
>> > exists in the specified location. The webserver is my local machine,
>> > which
>> > is
>> > a part of the corporate domain. The file the existence of which I am
>> > trying
>> > to determine is sitting in the shared folder of the PC which is not a
>> > part
>> > of
>> > the corporate domain. If the Authenitcation on my webserver allows
>> > Anonymous
>> > user to logon then Exists method returns false (I take it happens
>> > because
>> > my
>> > anonymous user doesn't have access to that shared folder, since it's
>> > not a
>> > part of the domain).
>>
>> Since ASP.NET is supposedly running on the same machine as the target
>> folder, the domain issue shouldn't be relevant for the anonymous
>> scenario.
>> Are you using a local path to attempt to access the file (e.g.:
>> "c:\somefolder\somefile.txt" instead of
>> \\yourmachine\sharename\somefile.txt)?  If so, you'll need to grant at
>> least
>> the "List Folder/Read Data" permission on the folder containing the file
>> to
>> the user account under which your application is running.  (If you
>> haven't
>> fiddled with the ASP.NET process account or impersonation settings, this
>> will be the ASPNET user on Windows XP when the application is using
>> anonymous access.)  If you're not using a local path, try switching to
>> that
>> instead.
>>
>>
>> > If I am using windows authentication then everything
>> > works fine, and I am able to see if the file exists in the shared
>> > folder.
>>
>> Presumably because your account has permissions to the file.
>>
>>
>> > The
>> > last one, though, only works if I open the browser on the same PC where
>> > my
>> > webserver is running. But if I am logged on using the same user name
>> > and
>> > password on another PC then again Exists method always returns false.
>>
>> Hmm... Now I'm starting to wonder if the "shared folder" is really local
>> to
>> your PC or not.  Could you please confirm if it's truly local to your PC
>> or
>> if it's actually pointing to a share on another machine?
>>
>>
>> > I know it's a little confusing but still hoping that you can help me
>> > solving
>> > this problem
>> >
>> > Thanks
>>
>>
>>

"Nicole Calinoiu" wrote:

> In addition to what Paul's already mentioned, you might also want to
> consider the relative importance of this "not on the domain" scenario.  I'm
> guessing that this is running on your machine at present because it's still
> in development, but that it's probably eventually intended to run on another
> machine.  If so, and that target machine is on the domain, perhaps you
> should set up a test server that is on the domain so that you can
> concentrate on testing and troubleshooting that scenario instead...
>
>
> "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com> wrote in message
> news:87253C4A-EF9A-4792-B880-EE9F61860C54@microsoft.com...
> > Thanks Nicole for your reply,
> >
> > The target shared folder (call it \\PCWKG\SHAREDFOLDER) is on another
> > machine. My machine (PCDOM1), on which I am running the browser is also
> > the
> > IIS. Presume that PCDOM1 is in the corporate domain, and PCWKG is in it's
> > own
> > workgroup and not in the corporate domain. If IIS\website authentication
> > is
> > set to Windows Authentication then it works, if Anonymous then not. But if
> > I
> > login as myself (with the same user name and password) on PCDOM2 and start
> > the browser on it then it's not working as well. I was thinking that the
> > reasong could be that my own account doesn't have access to the shared
> > folder, but how can I give access on a shared folder to the domain user if
> > the PCWKG is not on the domain?
> >
> > "Nicole Calinoiu" wrote:
> >
> >> "Nikolai Evseev" <NikolaiEvs***@discussions.microsoft.com> wrote in
> >> message
> >> news:47F77CB0-98A8-4497-8EB3-CA3E5BB128D5@microsoft.com...
> >> > Hi there,
> >> >
> >> > I am usign System.IO.File.Exists in my ASP.NET code to determine if a
> >> > file
> >> > exists in the specified location. The webserver is my local machine,
> >> > which
> >> > is
> >> > a part of the corporate domain. The file the existence of which I am
> >> > trying
> >> > to determine is sitting in the shared folder of the PC which is not a
> >> > part
> >> > of
> >> > the corporate domain. If the Authenitcation on my webserver allows
> >> > Anonymous
> >> > user to logon then Exists method returns false (I take it happens
> >> > because
> >> > my
> >> > anonymous user doesn't have access to that shared folder, since it's
> >> > not a
> >> > part of the domain).
> >>
> >> Since ASP.NET is supposedly running on the same machine as the target
> >> folder, the domain issue shouldn't be relevant for the anonymous
> >> scenario.
> >> Are you using a local path to attempt to access the file (e.g.:
> >> "c:\somefolder\somefile.txt" instead of
> >> \\yourmachine\sharename\somefile.txt)?  If so, you'll need to grant at
> >> least
> >> the "List Folder/Read Data" permission on the folder containing the file
> >> to
> >> the user account under which your application is running.  (If you
> >> haven't
> >> fiddled with the ASP.NET process account or impersonation settings, this
> >> will be the ASPNET user on Windows XP when the application is using
> >> anonymous access.)  If you're not using a local path, try switching to
> >> that
> >> instead.
> >>
> >>
> >> > If I am using windows authentication then everything
> >> > works fine, and I am able to see if the file exists in the shared
> >> > folder.
> >>
> >> Presumably because your account has permissions to the file.
> >>
> >>
> >> > The
> >> > last one, though, only works if I open the browser on the same PC where
> >> > my
> >> > webserver is running. But if I am logged on using the same user name
> >> > and
> >> > password on another PC then again Exists method always returns false.
> >>
> >> Hmm... Now I'm starting to wonder if the "shared folder" is really local
> >> to
> >> your PC or not.  Could you please confirm if it's truly local to your PC
> >> or
> >> if it's actually pointing to a share on another machine?
> >>
> >>
> >> > I know it's a little confusing but still hoping that you can help me
> >> > solving
> >> > this problem
> >> >
> >> > Thanks
> >>
> >>
> >>
>
>
>