Upload File error - Logon failure: unknown user name or bad password - HELP
Tony Kurzendoerfer
I have a web page to upload a file. The upload works fine when uploading to
a local drive.
When I attempt to upload to a mapped drive I get the following message:
Logon failure: unknown user name or bad password.....
I have read many articles about security settings that may apply.
I tried setting impersonation to true as follows in the web.config file:
<identity impersonate="true"/>
This gave me the following error:
Access is denied: 'Hipaa'. - Hipaa is my DLL (a called module)
So, I also tried this:
<identity impersonate="true" userName="Administrator" password="xxxyyy"/>
This option gave me the following error:
'A required privilege is not held by the client. '
So, I tried setting the IUSR_machinename and ASPNET user priviledges in
local policies to
'Act as part of the operating system'
That didn't help either.
Can anyone help me????
![Mike Moore [Microsoft]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Mike Moore [Microsoft]
There are two likely causes for this error. One is that the account you are
using does not have write access to the remote share. Another is that your
web pages do not have permission to access remote resources (secondary
token).
1)
Please set your web application to impersonate a domain user. On the remote
machine, grant this user permission to the share permissions and to the
NTFS permissions.
In your text, you wrote that you tried impersonation. However, the example
you sited (impersonating "Administrator") is a local account which is not
recognized by the remote machine. If you instead impersonate a domain user,
then the other machine will recognize the account.
You can also replicate your account on the remote machine. This means
creating a user account on the remote machine with the same user name and
password as the account on this machine. Then the remote machine will
recognize the account.
You also wrote that you gave the account privilege to 'Act as part of the
operating system'. This gives additional privileges for local functions. It
does not change any privileges which this account has with remote resources.
2)
If you use Windows authentication with impersonation set to use the account
of the end user making the request, then the web page will have a
"secondary token". -- If you share a directory, someone else can map a
drive to your share. However, they cannot re-share your directory so that
others can access it via their computer. They have a secondary token
privilege to the remote share and secondary tokens cannot be re-shared.
This means that your web pages have privileges to access the IIS Server's
local resources, but they do not have privilege to access remote resources.
The workarounds are:
* Do not use Windows authentication with impersonation set to use the end
user's account.
* Perform additional impersonation in your code prior to using the remote
resource & then revert back after using it.
* Use Kerberos and enable delegation.
---
I think your problem is addressed by part 1, above. Please post your
results.
Thank you, Mike Moore
Microsoft, ASP.NET
This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------
>From: "Tony Kurzendoerfer" <to...@tksoftwareinc.com>
>Subject: Upload File error - Logon failure: unknown user name or bad
password - HELP
>Date: Fri, 24 Jan 2003 16:29:06 -0500
>Lines: 24
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2720.3000
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
>Message-ID: <uzT4T##wCHA.2680@TK2MSFTNGP09>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: pcp985138pcs.northw01.in.comcast.net 68.58.126.245
>Path: cpmsftngxa06!TK2MSFTNGP08!TK2MSFTNGP09
>Xref: cpmsftngxa06 microsoft.public.dotnet.framework.aspnet.security:3765
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security