Wrox Programmer Forums
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old November 10th, 2008, 05:50 PM
Registered User
Join Date: Nov 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default impersonation for asp app

In a classic asp application the user should be able to upload files and store them on a LAN share (not on webserver). My asp app runs under a default app pool and the security account is Network Service. I don't have access to web server's settings. Can I impersonate the access through vbscript in the asp page and save the file in a LAN share where the user is able to write files? I saw a solution on MS website using a COM+ component, but doesn't work for me because I'm not allowed to register components on the webserver.

Edit: Moved to appropriate forum -planoie
Old November 11th, 2008, 08:56 AM
planoie's Avatar
Friend of Wrox
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts

First off, if this is an ASP question, it should be posted in an ASP forum, not ASP.NET.

You will have to change the user the virtual directory that hosts the ASP app is running under to a network account that has privileges on the share you wish to connect to. Alternatively, there is a workaround based on a window "feature". You can create a local machine account on each machine involved in the connection (the web server and the file server). If that local machine has the same username and password you connect between them without additional authentication. I have used this technique to access file shares for Visual Source Safe repository access.

Generally though, getting a low privileged account designed to run web applications to have enough rights to modify network resources can be tricky and a bit of a security hole. If the application is somehow compromised you could be putting a lot more at risk than just the web app server.


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with impersonation.. joseph20 .NET Framework 2.0 0 July 23rd, 2008 09:07 AM
Impersonation mike_remember ASP.NET 1.0 and 1.1 Professional 1 March 5th, 2007 09:10 AM
post xml data from ASP.NET app to ASP app polekat Classic ASP Professional 2 January 31st, 2007 08:44 AM
Porting a sa,ple ASP CR viewer app to ASP.NET jhansen42 Crystal Reports 0 August 29th, 2003 10:26 AM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.