Ask a Question related to ASP.NET Security, Design and Development.
-
Dmitry Maslakov #1
Changing NTFS permissions in ASP.NET
Hi.
Some related questions were discussed here, but my question is some
different.
I'm writing the project, the metter of it can be expressed as following.
* System: IIS 6 on W2003server.
* Site: application pool works with NETWORK SERVICE, anonymous access is
allowed on site.
* Goal: operate with files and change permissions on files (remote files
using UNC as well).
Using form authentication i recieve UPN and password from user. Than
inpersonate using API LogonUser and saves returned token in session vars.
All operations with files performs after call to API function
ImpersonateLoggedOnUser.
The account user logs in has full access to files. So it operates
(move/copy/delete) with files successfully, and reads DACL as well.
BUT THE PROBLEMS begin when i try to set permissions to files (try to use
WRITE_DAC access). I use ActiveDs ActiveX. Here are two situations.
1) if user is owner of file he tries to set permissions on, permissions
will set successfully. But this is not the case of real situation because
a) owner of files is Administrators group, b) user have full access to his
files, but belongs to Users group.
2) if user is not an owner of files, the following error occures when call
to SetSecurityDescriptor:
System.Runtime.InteropServices.COMException: This security ID may not be
assigned as the owner of this object.
Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
try to take same privilege to the process (after impersonation) gives error
"Access is denied".
Have someone suggestions how could i achieve the goal.
Dmitry Maslakov Guest
-
NTFS Permissions and Flash
Hi, I have a CF MX7.1 server on a Windows 2003 box. I use NTFS permissions to lock down certain directories. However, .cfm files are not... -
user permissions on NTFS
I have flash working for local and domain admins but not to anyone else.The only way I've got round to this is to make users admintrators of the... -
NTFS permissions
I need to reset the NTFS permissions of a windows 2003 web server to the default installation permissions. What's the easiest way of doing this?... -
NTFS permissions for ASP.NET user
I've read the following article regarding NTFS permissions and ASP.NET http://msdn.microsoft.com/library/default.asp?... -
PHP & NTFS Permissions
Hello group! I'm having a problem and I hope some of you may be able to point me in the right direction. I inherited a web site using php,... -
Dmitry Maslakov #2 Re: Changing NTFS permissions in ASP.NET
> Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
Here is a piece of my code i use to take privilege. I hope it's> try to take same privilege to the process (after impersonation) gives error
> "Access is denied".
understandable code. The Access denied error occures in call of
OpenProcessToken.
IntPtr token;
IntPtr proc=Kernel32.GetCurrentProcess(); // returns pseudo handle (-1)
if(AdvApi32.OpenProcessToken(proc,
AdvApi32.TOKEN_ADJUST_PRIVILEGES | AdvApi32.TOKEN_QUERY,
out token)!=0)
{
// take privilege to variable token
}
Dmitry Maslakov Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
