I would do item [1] below and run the worker process under a domain account. From your note you did not indicate your OS.
If you are Win2K modify the processModel tag under the web.config section in your machine.config file. Change the settings userName="machine" password="AutoGenerate" to userName="mydomain\username" password="mypass". If you are Win2K3, you can setup a new app pool like someone else already mentioned. You can see a "long winded" description I worte of how to set up a new app pool using a network account on the dotnet-web list here: http://discuss.develop.com/archives/wa.exe?A2=ind0504C&L=DOTNET- WEB&P=R7980&I=-3. Since you don't need to get impersonation working and have the impersonated user's account access the network file (double hop of credentials), you don't need to care about the last two steps relating to getting kerberos working. Chad On Thu, 14 Jul 2005 12:04:13 -0500, Don Stanley <[EMAIL PROTECTED]> wrote: >I'm no expert in that area, but I believe in Win2K ALL ASP.NET >applications run under the same context (Win2003 uses pools to separate >apps), so it will affect any other ASP.Net apps on that server. I think >you can set this in machine.config on the server. Search MSDN for >"ASP.NET Process Identity" for more detailed info. >Don > >-----Original Message----- >From: Unmoderated discussion of advanced .NET topics. >[mailto:[EMAIL PROTECTED] On Behalf Of Eduard Lascu >Sent: Thursday, July 14, 2005 10:15 AM >To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM >Subject: Re: [ADVANCED-DOTNET] Accessing files over the network from a >Web Service > >Hi Don, > >I would incline to use 1) as it would require 0 code to write. This WS >is >for a system that's already in production and it was meant to create >reports >from the activity and error log files for every process in the system. >It's >the last piece that we need to deploy and I don't want to go through a >sustained development effort. >So, how do I do it? How do I set up the WS to run under the context of a >network-aware user? The OS is XP in our test environment and Win2K for >the >production. I told you I know close to nothing when it comes to IT >administration and security. > >Thanks, >Eddie > >-----Original Message----- >From: Unmoderated discussion of advanced .NET topics. >[mailto:[EMAIL PROTECTED] Behalf Of Don Stanley >Sent: Thursday, July 14, 2005 10:45 AM >To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM >Subject: Re: [ADVANCED-DOTNET] Accessing files over the network from a >Web Service > > >Funny, I've been working on the exact same issue the last few days. >Here are some options (probably not an exhaustive list) in no particular >order: > >1) Run the web service under the context of a network-aware user >2) Use delegation in the Web Service to impersonate a network-aware user >3) Use a COM+ Component (ServicedComponent) to perform the network I/O >and just pass the file paths and XML back and forth. The COM+ Component >can run under a network-aware user context without affecting the Web >Service. > >I personally like 3) better because you limit the amount of activity >running under the network-aware account (e.g. script-injection attacks >won't have access to do anything across the network). Also, it takes >more business logic out of the service tier. You could even create your >report XML in the component (or better yet, a sister component) if you >wanted to. In my case, I want to make the call asynchronous, so I >created a Queued Component. > >Granted, it is a little more work to set up than delegation, and >requires some knowledge about developing and debugging COM+ Components. >However, it's a LOT easier with .NET than it was with COM+ 1.0! Also, >the steps for setting up 1) and 2) are different depending on what >version of IIS you're running. > >Good luck, > >Don > >-----Original Message----- >From: Unmoderated discussion of advanced .NET topics. >[mailto:[EMAIL PROTECTED] On Behalf Of Eduard Lascu >Sent: Thursday, July 14, 2005 9:20 AM >To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM >Subject: [ADVANCED-DOTNET] Accessing files over the network from a Web >Service > >Hello experts, > >I have this small problem with a Web Service that's suppose to open a >bunch >of XML files and create a report (in the form of another XML file). If >the >XML files reside locally, on the same machine as the Web Service, >everything >is fine. The Web Service is able to open them and create the report. >However, when I point the Web Service to some XML files that are on a >different machine in the network, the line > >StreamReader *pStream = new StreamReader( pstrXmlFile ); // C++ >code > >throws an exception. The Web Service is not able to access (open) the >file. >Needless to say, those XML files are on a shared network drive and I can >see/open them with/from Windows Explorer. I believe it has to do with >all >the privileges and credentials the Web Service uses when it tries to >open >the file. > >Since security is not my strongest point (by far) I need to ask you guys >for >a clarification on this. This is about as far as I can go with my >investigation: The Web Service is running under IIS, so it has to be the >account used by the IIS that's denied access. I have set Anonymous >Access >with Integrated Authentication for the Web Service. I believe I need to >set >some access privileges for the shared folder as well. I temporarily >granted >full access to Everyone, but that still didn't solve the problem. > >If anybody can shed a little light here, it will be greatly appreciated. >Even a resource on the Internet that would help me understand these >things >would be enough. > >Best regards, >Eddie > >=================================== >This list is hosted by DevelopMentor(r) http://www.develop.com > >View archives and manage your subscription(s) at >http://discuss.develop.com > >=================================== >This list is hosted by DevelopMentor. http://www.develop.com > >View archives and manage your subscription(s) at >http://discuss.develop.com > >=================================== >This list is hosted by DevelopMentor(r) http://www.develop.com > >View archives and manage your subscription(s) at >http://discuss.develop.com > >=================================== >This list is hosted by DevelopMentorĀ® http://www.develop.com > >View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
