We have to access a Windows domain SMB NAS from a .NET Core 3.1 application installed on a container; this container runs on Microsoft Service Fabric On Premise.
The current solution, before starting the .NET Core API inside a container, launches a Net Use command in order to mount the NAS on a specific volume with a specific user; with this approach the API can use the volume to access the files inside the NAS and everything works as expected.
One security drawback of this approach is that we had to disable all the security policy on the user used to mount the NAS.
We had to give the logon privilege to the user from every workstation because we can't identify the machine in which the user try to logon to mount the NAS (Net Use requires a Logon privilege); container machines are ephimeral, outside the domain and can't be identified.
Do you have any other better approach?
0 Answers