Access to the path "" is denied

Question

I know this question has been asked so many times, but my problem is different. I am developing a web app with windows authentication and impersonation turned on. I am logged in to my computer as domain\user. In this application I am just creating a directory called newDir inside a network computer directory, say, \\computerName\myFolder. I have full access control to this directory. When I explicitly enter my username and password as <identity impersonate="true" userName="domain\user" password="pass"> in web.config file and run the application it does not prompt for the username and password, instead it creates the directory in the specified directory as expected. But when I remove username and password from identity element leaving impersonation turned on and run the application, it prompts for the username and password but does not accept the same username and password which I removed from the identity element in web.config file and sometimes it does not prompt for the username and password, just shows the exception page access to the path "\\computerName\myFolder\newDir" is denied.

For testing I have added a line to check that under which username the code is running:

Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name + "<br/>");

It prints out the same domain\user username.

Does anyone know what is happening here?

Answer 1

It sounds like using impersonation to access a UNC path vs. a local path is a special case. According to https://msdn.microsoft.com/en-us/library/aa292118%28v=vs.71%29.aspx, "If the application resides on a UNC share, ASP.NET always impersonates the IIS UNC token to access that share unless a configured account is used. If you provide an explicitly configured account, ASP.NET uses that account in preference to the IIS UNC token."

This answer UNC access whilst using impersonation asp.net also has some pointers.

It sounds like you may be limited to one user for accessing the UNC users - either one configured in web.config, the app pool identity or the one you pick for delegation.