Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Help - need Windows Auth workaround
derekp
#1 Posted : Monday, July 24, 2006 11:09:48 AM(UTC)
Groups: Member
Joined: 7/21/2006(UTC)
Posts: 8

I just learned that my cassini app must access data on a shared drive.
To date, another person on this project "discovered" that IIS Windows authentication "works" and that I should set up cassini to use windows auth. Reading your docs, I see cassini does not support windows auth.

How might I make my web service read data off of a shared drive?
Your thoughts greatly appreciated.
Ultidev Team
#2 Posted : Monday, July 24, 2006 11:20:15 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi, Derek.

UPDATE: Please see the next post for better solution.

Whether or not a program can access a network resource depends on what user account the program is running under. Out of the box Cassini server is a windows service running under "Local System", a.k.a. "NT AUTHORITY\SYSTEM" user account. That account normally does not have privileges to access network resources. You may want to go to Services console of the Control Panel | Adminitrative Tools and change UltiDev Cassini service's Identity to an account that does have access to your network share. Be careful not to run Cassini under an account that is powerful enough mess up your system if it's hacked from outside. The good idea is to create an demploy a user account with absolutely minimum set of rights necessary to run your ASP.NET application. Please note that idetity changes made to Cassini windows service affect all ASP.NET applications registered with UltiDev Cassini.

All the best,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Ultidev Team
#3 Posted : Monday, July 24, 2006 11:29:19 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Another (better) approach - for both IIS and Cassini programming - is to use .NET ServicedComponent class to create a COM+ package running under user account with sufficient rights to access network share. This way only the small piece of your application logic will run under user account powerful enough to access network share and potentially be harmful to the entire system. You also won't need to apply identity settings to Cassini service that may become a potentiall security problem. COM+ programming in .NET is fairly straightforward in both creating the serviced component, and having it installed/uninstalled.

Best Regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
derekp
#4 Posted : Thursday, July 27, 2006 6:09:26 AM(UTC)
Groups: Member
Joined: 7/21/2006(UTC)
Posts: 8

Thanks for the hints - its working for me now.
Another question on this issue (though its really more of a windows question I guess)
Is it possible in the installer(s) to set cassinis user during the installer process or is this something that must always be done manually????

Thanks again for your help with this!
Ultidev Team
#5 Posted : Thursday, July 27, 2006 6:20:27 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Hi, Derek!

Cassini installer always uses Local System as the account for the service. So you would have to change the process identity manually if you don't make your assembly that needs elevated access rights a serviced (COM+) component. If you made it a serviced component, you could esily change the identity of the COM+ component at the application design time. Working with COM+ may seem a bit complex at the first glance, but it is not too bad in the reaily, it is far easier than it used to be before .NET, but most importantly, it is a very good practice and a very good skill to have, as enterprise application components often need specific access rights that are not granted to the entire web application process. We highly recommend investing time in figuring out .NET serviced components.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
mikeanders
#6 Posted : Tuesday, August 8, 2006 3:48:27 AM(UTC)
Groups: Member
Joined: 8/8/2006(UTC)
Posts: 1
Location: USA

I am trying to run a Web app that asks for a user name and id before running. I want to use Cassini instead of IIS. What happens is when you launch the Web page on the Web server it sends a message to the IIS server which prompts for a user name and password. Under Cassini what I get is a prompt to download the file. Clearly I am missing something. I tried the solution here suggested but with no joy. I am wondering if there is more I need to do. I shared out everything so I don't know what more I can do. I am running Cassini using Windows XP "Home" addition which may be the problem. The other thing is the file system is FAT on the drive. I don't want to change anything, like to NTFS and really don't want to run out and buy and upgrade copy of Windows XP Professional if I don't have to. What do you think? Am I doomed?
Ultidev Team
#7 Posted : Wednesday, August 9, 2006 4:29:28 AM(UTC)
Ultidev Team

Groups: Administration
Joined: 11/3/2005(UTC)
Posts: 2,253

Thanks: 28 times
Was thanked: 60 time(s) in 59 post(s)
Mike,

Unfortunatelly UltiDev Cassini does not support Windows Authentication. The possible workaround would be implementing Forms Authentication that uses Active Directory as a credentials store. We are sorry for inconvenience.

Best regards,
UltiDev Team.
Please donate at http://www.ultidev.com/products/Donate.aspx to help us improve our products.
Rss Feed  Atom Feed
Users browsing this topic
Guest (4)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You can vote in polls in this forum.