Friday, January 16, 2004

Accessing Network Files And Resources From ASP.NET

Accessing network resources through ASP/ASP.NET has never been a terribly simple task, not if you want to maintain a high level of security for your server.

Despite not being as simple as I'd like, it is not difficult to do. Microsoft's recommendation comes in the following steps:

  1. Create an assembly that works with the network resources.
  2. Add the assembly to Component Services (COM+).
  3. Set the user the COM+ object runs under to one with rights to the network resources.
  4. Add a reference to your COM+ assembly to the web project and access the network resources using it.


I'm going to show you step by step how to do these things. It really isn't difficult, but breaking up your network resources library into a seperate project does fragment things a bit.

1. Create an assembly that works with the network resources.

This is pretty simple. Here's some example code:

Imports System

Imports System.Reflection
Imports System.EnterpriseServices

<Assembly: AssemblyKeyFileAttribute("example.snk")>
<Assembly: ApplicationActivation(ActivationOption.Server)>
<Assembly: ApplicationName("NetworkResourcesExample")>
Public Class AccessNetworkResources
Inherits ServicedComponent

Public Function ExampleFunction() As String

' Put your code that access the network resources here.

End Function

End Class


---
An assembly that will go into Component Services is not much different than any other assembly. All you have to do is have your class inherit from ServicedComponent and add a few properties. The AssemblyKeyFileAttribute property gives the name/path of the key pair file that will be used to strong name the assembly. To create a new key pair file, use the sn.exe utility like so:
sn -k example.snk

---
The ApplicationActivation property tells COM+ to run the application as a Server (as opposed to a Library). You need to do this so that you can assign a different user for the assembly to run under other than the caller. The third property, ApplicationName, tells COM+ the name to list your assembly under in the component services manager (also, if you use any legacy code to access the object, such as classic ASP, you can call the object using CreateObject("ApplicationName.ClassName")).


2. Add the assembly to Component Services (COM+).
This is a very simple step. Once you've compiled the assembly, go the command line and change into the directory where the compiled assembly is located. Then execute the following:
regsvcs [assemblyname]

---
This will install the assembly as a COM+ component.


3. Set the user the COM+ object runs under to one with rights to the network resources.
Now you need to set the COM+ object to run under a user who has rights to the network resources that you need to access. To do this go to: Control Panel -> Administrative Tools -> Component Services. Drill into the Component Services node and into the computer the component is installed on. In the COM+ Applications folder you will find your newly installed component under the name you gave it in the ApplicationName property mentioned earlier.

Right-click on the application and go to properties. In the properties dialog go to the Identity tab. Select either the "Network Service" account under "System Account" or select "This User" and enter the username and password that has access to the resources. I would recommend creating a seperate account that only has access to the specific resources needed, just for safety. Click OK.


4. Add a reference to your COM+ assembly to the web project and access the network resources using it.
This step is pretty self explanatory, but I do have one comment about it. When you add the reference, you don't need to go to the COM tab of the references dialog and select your object from there (in fact, you can't do that, it wont work). You just browse to the compiled assembly you created for the library and select it directly. The .NET framework recognizes that the assembly was installed under COM+ and will activate it using the proper credentials.


That's it! You should be securely accessing the network resources from your web project now.