Hi, I am using an httphandler to upload files for my website. I have authentication in my IIS 7 set to "allow" ASP.NET Impersonation. I have also set "Authenticated User". My website uses the Forms Authentication. When I try to upload a file, at the end of
the upload, I receive a request for authentication message. Does anyone know why I am getting this and how to get around it? I want to use the credentials of the currently logged-in user. Thanks.
Impersonation is meaningless of you're doing forms auth. Impersonation says to run the server thread as the windows user that authenticated in the browser. Since you're not doing windows auth, it's nonsensical.
Are you stuck with forms auth or are the users from your active directory? Solve/answer this question first.
So then the only windows account/identity you have to work with is that of the worker process. Your hosting provider needs to set aside some location on the server hard drive where that account has write privileges.
I would rather be able to use the account of the end user that is using my service.
What is another option to be able to do this same thing? I guess I could place my httpHandler funtion in another webpage as a POST from my Upload.aspx page? Would that keep me from having to use a Windows account?
I would rather be able to use the account of the end user that is using my service.
What account on the operating system are you talking about? The problem is that the OS you're running on doesn't understand that account because it's just a row in a database. The file system security is based upon windows accounts on that server (and/or
domain if there even is one). Do you see the problem?
mattcase
What is another option to be able to do this same thing? I guess I could place my httpHandler funtion in another webpage as a POST from my Upload.aspx page? Would that keep me from having to use a Windows account?
Find out from your hosting provider what they support in terms of your app writing to disk.
As BrockAllen mentioned, when using forms authentication, you don't need to care about impersonation and the account used for accessing file system or remote database is just the ASP.NET application's app pool identity (configured in IIS). I'm not sure if
you can control the webserver to perform some diagnostic operations. If possible, one thing you can try is to run process monitor to check any file access error when your ASP.NET app try to saving uploaded files to the file system on the web server:
Member
115 Points
582 Posts
HttpHandler Authentication
Apr 10, 2013 05:03 PM|mattcase|LINK
All-Star
20376 Points
6505 Posts
ASPInsiders
MVP
Re: HttpHandler Authentication
Apr 10, 2013 05:11 PM|BrockAllen|LINK
Impersonation is meaningless of you're doing forms auth. Impersonation says to run the server thread as the windows user that authenticated in the browser. Since you're not doing windows auth, it's nonsensical.
Are you stuck with forms auth or are the users from your active directory? Solve/answer this question first.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Member
115 Points
582 Posts
Re: HttpHandler Authentication
Apr 10, 2013 05:19 PM|mattcase|LINK
Thanks for your reply.
I am forced to use forms auth. My web application is running in a shared hosting environment.
What should I do?
Thanks.
All-Star
20376 Points
6505 Posts
ASPInsiders
MVP
Re: HttpHandler Authentication
Apr 10, 2013 05:28 PM|BrockAllen|LINK
So then the only windows account/identity you have to work with is that of the worker process. Your hosting provider needs to set aside some location on the server hard drive where that account has write privileges.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Member
115 Points
582 Posts
Re: HttpHandler Authentication
Apr 12, 2013 03:44 PM|mattcase|LINK
I would rather be able to use the account of the end user that is using my service.
What is another option to be able to do this same thing? I guess I could place my httpHandler funtion in another webpage as a POST from my Upload.aspx page? Would that keep me from having to use a Windows account?
Thanks.
All-Star
20376 Points
6505 Posts
ASPInsiders
MVP
Re: HttpHandler Authentication
Apr 12, 2013 04:13 PM|BrockAllen|LINK
What account on the operating system are you talking about? The problem is that the OS you're running on doesn't understand that account because it's just a row in a database. The file system security is based upon windows accounts on that server (and/or domain if there even is one). Do you see the problem?
Find out from your hosting provider what they support in terms of your app writing to disk.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
Contributor
4917 Points
701 Posts
Re: HttpHandler Authentication
Apr 18, 2013 10:31 PM|Steven Cheng - MSFT|LINK
Hi Matt,
As BrockAllen mentioned, when using forms authentication, you don't need to care about impersonation and the account used for accessing file system or remote database is just the ASP.NET application's app pool identity (configured in IIS). I'm not sure if you can control the webserver to perform some diagnostic operations. If possible, one thing you can try is to run process monitor to check any file access error when your ASP.NET app try to saving uploaded files to the file system on the web server:
#Process Monitor v3.04 http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
MSDN Community Support
Please remember to "Mark as Answer" the responses that resolved your issue.