cdoobject.send causes UnauthorizedAccessException

[Larry]

The following code fragment works as part of an page.asp but when I tried it
under asp.net I get an UnauthorizedAccessException. The text of the error
message talks about giving ASPUSER write access to a file but I have no idea
what file needs to get the permission. I tried to find it using filemon but
to no avail. There's nothing in any of the event logs or the IIS logs
indicating where the problem might be.

Can you help? All I want is to send a simple message out without having to
log into a session or create some exchange account. It was so simple under
asp; sigh.

' next we need to send an email out to Sales

Dim objMsg As Object

Dim strFrom, strTo, strSubject, strBody As String

Dim lngImportance As Int32

strFrom = "sales@gotnoise.com"

strTo = "Larry@froghaven.com" ' Trim(Request.Form("Email"))

strSubject = "Home Comfort Solution's Special Report Access on
Noise||Shield"

strBody = "This was a test from the Noise||Shield site."

lngImportance = 1

objMsg = Server.CreateObject("CDONTS.NewMail")

objMsg.Send(strFrom, strTo, strSubject, strBody, lngImportance)

objMsg = Nothing



-Larry

[[MSFT]]

Hi Larry,

Did you use Anonymous access or Windows Integrated authentication? If you
use Anonymous Access, you may consider following steps:

1. In machine.config, <ProcessModal> section, change to use SYSTEM account.
This enable impersonate for the ASP.NET application.
2. In IIS manager, right click the virtual directory and select
Properties/Directory Security. In Authentication and Access control, Click
Edit button, change the Anonymous access acount to a domain user which can
send email via Exchange server, for example, your current logon account.
3. In the Web.config of the ASP.NET, add following line:

<identity impersonate=true />

After above steps, the ASP.NET appllication will send the email with the
domain account you set in step 2.

For more ifnormation about ASP.NET impersonate, you may refer to:

INFO: Implementing Impersonation in an ASP.NET Application
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158[/url]

Hope this help,

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Larry]

I have several different asp.net applications and web services on my system,
would not setting the processmodel account to SYSTEM leave me vulderable to
hackers, and pose a security problem? There must be a way to allow only this
one app send emails without exposing account usernames and passwords in the
code.

Yes I do want this app to operate under any anonymous access web site. At
the moment the development site for this app though is accessed using
windows security. What I'm not clear on is why the ASP behavior works but
the ASP.NET does not.

Your suggsestion to set up a new account for anonymous for this site is fine
but I'm not real savy on what permissions I need to set in the security
policys (for a Win2k domain controller/web server) to allow ASP.NET apps and
the email function to work yet still maintain a secure system. Would you
provide me something that would spell out what needs to be done in this
area. I've been having some problems getting the permissions and security
settings set up correctly for ASP web sites to allow anonymous access.

Also if I do set up this exchange account when the email is sent would it
not show the sender as being the exchange account or will it use the info
provided to the CDO object?

And my last question; I was under the impression that the CDONTS object was
not dependent on exchange but would use SMTP to send the email. If I add
this account won't that tie me to a domain having an exchange server?

-Larry

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:bOb62WDIEHA.132@cpmsftngxa06.phx.gbl...

> Hi Larry,
>
> Did you use Anonymous access or Windows Integrated authentication? If you
> use Anonymous Access, you may consider following steps:
>
> 1. In machine.config, <ProcessModal> section, change to use SYSTEM

account.

> This enable impersonate for the ASP.NET application.
> 2. In IIS manager, right click the virtual directory and select
> Properties/Directory Security. In Authentication and Access control, Click
> Edit button, change the Anonymous access acount to a domain user which can
> send email via Exchange server, for example, your current logon account.
> 3. In the Web.config of the ASP.NET, add following line:
>
> <identity impersonate=true />
>
> After above steps, the ASP.NET appllication will send the email with the
> domain account you set in step 2.
>
> For more ifnormation about ASP.NET impersonate, you may refer to:
>
> INFO: Implementing Impersonation in an ASP.NET Application
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158[/url]
>
> Hope this help,
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[Larry]

Sorry but this suggestion did not work. In fact it seems to of made it worse
in that now the customerrors = off setting in the web.config file seems to
be ignored and I get no diagnostic or trace info; even when trying to view
the page from the hosting server machine.

-Larry

"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:bOb62WDIEHA.132@cpmsftngxa06.phx.gbl...

> Hi Larry,
>
> Did you use Anonymous access or Windows Integrated authentication? If you
> use Anonymous Access, you may consider following steps:
>
> 1. In machine.config, <ProcessModal> section, change to use SYSTEM

account.

> This enable impersonate for the ASP.NET application.
> 2. In IIS manager, right click the virtual directory and select
> Properties/Directory Security. In Authentication and Access control, Click
> Edit button, change the Anonymous access acount to a domain user which can
> send email via Exchange server, for example, your current logon account.
> 3. In the Web.config of the ASP.NET, add following line:
>
> <identity impersonate=true />
>
> After above steps, the ASP.NET appllication will send the email with the
> domain account you set in step 2.
>
> For more ifnormation about ASP.NET impersonate, you may refer to:
>
> INFO: Implementing Impersonation in an ASP.NET Application
> [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158[/url]
>
> Hope this help,
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[[MSFT]]

Hi Larry,

CDONTS can send and receive messages without requiring Exchange server:

INFO: What is the Difference Between CDO 1.2 and CDONTS?
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q177850[/url]

If you have a smarthost smtp server to work with CDONTS, I suggest you may
consider system.web.mail instead. It is suggested in a .NET project:

[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314201[/url]
HOWTO: Send E-mail Programmatically with System.Web.Mail and Visual Basic
.NET

Without exchange,( system.web.mail), the security reqiurement will be a
little lower. Only ASPNET account is enough. The ASPNET should have
permission on foll

HKCR/TypeLib/{CDO....blah}
C:\Inetpub\mailroot\pickup folder

For more information on System.web.mail:

[url]http://weblogs.asp.net/dwanta/archive/2004/01/05/47695.aspx[/url]

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[[MSFT]]

Hi Larry,

How about my suggestion? Did you have any concern on system.web.mail?

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

[Larry]

sorry I had to be out of town yesterday and today I need to focus on taxes,
so tomorrow I should get a chance to look at your suggestion. I did BTW get
your first suggested process to work finally. I had to go back to the
machine.config file and set the default setting for the customerrors off to
get any meaningful displayed to show programmer errors, once that was fixed
your first suggest did in fact work. I'm not sure why the local web.config
settings wouldn't work, I've been having "that" problem on and off ever
since I start writing ASP.NET apps.

I'm a bit nervous about leaving the ASP worker account set to SYSTEM, so I
will try your the SYSTEM.WEB.MAIL approach. I'll let you know the outcome in
a few days.

Thanks for your help.
-Larry


"[MSFT]" <lukezhan@online.microsoft.com> wrote in message
news:S1oqLNgIEHA.3924@cpmsftngxa06.phx.gbl...

> Hi Larry,
>
> How about my suggestion? Did you have any concern on system.web.mail?
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

[[MSFT]]

Hi Larry,

Thank you for the information.

Luke
Microsoft Online Support

Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)