Professional Web Applications Themes

ASP.NET, IIS 6.0 (Windows Server 2003) and Com permissions... - ASP.NET General

I have an ASP.NET application that instantiantes a Win32 C++ Com object. This object's methods require specific access permissions to the underlying registry/file structure in order to function properly. On windows 2000/xp if we enable impersonation in the ASP.NET app's Web.Config file then access is granted/denied based-upon the logged-in user. However, if the same is done in Windows Server 2003 I MUST still grant "Network Service" account specific permissions in the file-system, registry, and DCOM! I have added a call to "CoImpersonateClient()" in the COM method to ensure that we are running as the proper user, and it is (I ...

  1. #1

    Default ASP.NET, IIS 6.0 (Windows Server 2003) and Com permissions...

    I have an ASP.NET application that instantiantes a Win32 C++ Com
    object. This object's methods require specific access permissions to
    the underlying registry/file structure in order to function properly.

    On windows 2000/xp if we enable impersonation in the ASP.NET app's
    Web.Config file then access is granted/denied based-upon the logged-in
    user.

    However, if the same is done in Windows Server 2003 I MUST still grant
    "Network Service" account specific permissions in the file-system,
    registry, and DCOM!

    I have added a call to "CoImpersonateClient()" in the COM method to
    ensure that we are running as the proper user, and it is (I print out
    the username found in a "GetUserName()" call). I also output the name
    in the ASP.NET app by using the System.Environment.UserName property.

    Any ideas to ensure that all these COM calls are being made as the
    authenticated user and NOT the ASP.NET user (ASPNET or "NETWORK
    SERVICE")?

    Please assist, thanks.
    Todd Barlow Guest

  2. #2

    Default Re: ASP.NET, IIS 6.0 (Windows Server 2003) and Com permissions...

    to guarantee that the com call runs on the same thread as asp.net
    autheciated thread set AspComp=true. this will have some minor performance
    impact.


    -- bruce (sqlwork.com)



    "Todd Barlow" <toddlightspeedsystems.com> wrote in message
    news:301d14e1.0307070940.589e733cposting.google.c om...
    > I have an ASP.NET application that instantiantes a Win32 C++ Com
    > object. This object's methods require specific access permissions to
    > the underlying registry/file structure in order to function properly.
    >
    > On windows 2000/xp if we enable impersonation in the ASP.NET app's
    > Web.Config file then access is granted/denied based-upon the logged-in
    > user.
    >
    > However, if the same is done in Windows Server 2003 I MUST still grant
    > "Network Service" account specific permissions in the file-system,
    > registry, and DCOM!
    >
    > I have added a call to "CoImpersonateClient()" in the COM method to
    > ensure that we are running as the proper user, and it is (I print out
    > the username found in a "GetUserName()" call). I also output the name
    > in the ASP.NET app by using the System.Environment.UserName property.
    >
    > Any ideas to ensure that all these COM calls are being made as the
    > authenticated user and NOT the ASP.NET user (ASPNET or "NETWORK
    > SERVICE")?
    >
    > Please assist, thanks.

    bruce barker Guest

  3. #3

    Default Re: ASP.NET, IIS 6.0 (Windows Server 2003) and Com permissions...


    Thanks guys, I found the MSDN article after posting the question.
    However, this still didn't help.

    I think the problem is that the COM object that the ASP.NET application
    is instantiating then instantiates another COM object again. I think
    something is wrong with the way these types of COM proxying works.

    In the end, I just granted access where it was needed to the NETWORK
    SERVICE account. It's ugly--but it works.


    *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
    Don't just participate in USENET...get rewarded for it!
    Todd Barlow Guest

Similar Threads

  1. Replies: 0
    Last Post: May 25th, 04:56 PM
  2. JRun / Windows Server 2003 Permissions Issue
    By davedyk in forum Coldfusion Server Administration
    Replies: 0
    Last Post: April 2nd, 10:03 PM
  3. Windows 2003 server- permissions and sharing
    By Julie K in forum Windows Server
    Replies: 4
    Last Post: June 5th, 11:37 AM
  4. Replies: 2
    Last Post: May 28th, 09:28 AM
  5. Replies: 1
    Last Post: January 14th, 01:05 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139