Last post Nov 04, 2019 04:56 PM by bruce (sqlwork.com)
Nov 03, 2019 07:13 PM|Liran.Dobrish|LINK
I am trying to create a web api service which acesses different network share locations based on the user authenticating, via windows authentication IIS authentication
the network shares have different permissions based on the accessing user due to security reasons.
When i try to read the files i get access denied althogh the i do get the currect "user.identity"
Am i missing somthing here?
Nov 03, 2019 10:07 PM|mgebhard|LINK
If this is a ASP.NET IIS hosted application, the application identity is the application pool identity not the user's.
Nov 04, 2019 02:22 AM|Fei Han - MSFT|LINK
Please check which account is used by IIS to access the network share locations, then give that account permissions on the share.
And to access network resources like file shares, using the Network Service account has a great benefit in a domain environment. For more information about application pool identities, please check this document.
Nov 04, 2019 04:42 AM|Liran.Dobrish|LINK
the service is hosted on the IIS.
i cannot use the application pool identity for accessing the network shares, due to security reasons.
i also tried aspnet impersonation but it did not help.
Nov 04, 2019 08:00 AM|Fei Han - MSFT|LINK
For IIS hosting and configuration questions, you can also post on IIS forums.
Nov 04, 2019 04:56 PM|bruce (sqlwork.com)|LINK
if you want webapi (mvc classic) service to access a network share with the users permissions you need to do the following
1) switch to Kerberos authentication
2) enable delegation from the web server to network shares
3) set web.config to impersonate user
4) if using asp.net core, you will need to use windows identity. you will then need to convert the user token to a primary token and run the network request on its own thread where the thread impersonates the token. as asp.net core is async and multiple
requests use the same request thread, you can not impersonate on the main thread, you must create a new thread.