I have an ASP.NET app that writes files to a NETAPP. It's finicky, and the only way we could get it to work was to set <identity impersonate="true"/>
and remove the <authentication.../>
tag in web.config. This allows the app to write to the NETAPP (with the appropriate monkeying of permissions behind the scenes), but now my app can't tell who is actually using it. Is there another way to get the user's ID without forcing them to log in? This is an internal app, so it would only be run from workstations with a logged in user. Any ideas?
Edit: I'm not an IIS expert, but I believe the app was set up to run under a certain privileged account to get it to work. I'm also looking for alternate ways to set this up if there is no way to get the user's ID.
-
- Set authentication to 'Windows' in your web.config
- Turn off 'Anonymous access' for the web site in IIS
- Turn on 'Integrated Windows Authentication' for the website in IIS
- Leave the identity impersonation turned on in your web.config
I believe that will do what you need.
-
One possibility is for me to move the writing portion to a web service, so that the service can get all the necessary permissions without affecting how my app functions. It's a lot of work, though, so I'm hoping for a simpler answer.
-
If you have Integrated Windows Authentication then
string username = HttpContext.Current.Request["LOGON_USER"];
Edit based on comments; Maybe the solution you actually want it so disable impersonation for the entire application and only impersonate the required bits that need to be impersonated.
See this page for some additional details on how to accomplish this.
http://www.west-wind.com/WebLog/posts/1572.aspx
gfrizzle : The problem is that I have to turn off Windows Authentication to get it to write to the NETAPP, so this won't work.Bob : See my updated answer. Maybe you should use a solution like the link offers for writing to NETAPP
0 comments:
Post a Comment