I have an ASP.NET page calling a web service (using javascript). Both the aspx and asmx web service are hosted in the IIS under the same web site. The web service has a method to determine if a shared folder exists on the network. To avoid long delay and potential hang up if the remote machine doesn't exist, the web service spawns a thread to check for the folder and timeout after 1 second. The method always fails when running in IIS so I think it must be security reason.
1) Enable impersonation to use my login and get rid of the thread in the web service.
My Web.config:
<identity impersonate="true" userName="MyMachine\XYZ" password="xxxxxxx"/>
My web service method:
[WebMethod]
public bool PathExists(string path)
{
return Directory.Exists(path);
}
The change corrects the problem. But I do want the the timeout so I put the thread back into the web service. As soon as I do that, the code fails again. I read an article that says worker threads use the default ASP.NET account unless I programatically change it. So I tried to add impersonation code into the thread but it stills fails.
[WebMethod]
public bool PathExists(string path)
{
bool exists = false;
Thread t = new Thread(delegate()
{
System.Security.Principal.WindowsIdentity id= System.Security.Principal.WindowsIdentity.GetCurrent();
Log( "WindowsIdentity = " + id.Name);
id.Impersonate();
exists = Directory.Exists(dir);
});
t.Start();
t.Join(TIMEOUT);
t.Abort();
return exists;
}
To find out why, I log the WindowsIdentity that the web page uses. Lo and behold they are different
ASPX page: WindowsIdentity = what I specify in the web config impersonation.
ASMX web service: WindowsIdentity = MyMachine\ASPNET
This explains why the code fails to access to the folder on another machine.
Am I missing anything? (I have same same account on the other machine and it is granted permission to the shared folder). How can I force the web service to a different account? (adding <authentication mode="Windows"> into web.config doesn't help)