IIS Virtual Directory Create Failure :(

[Eskimo]

System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChan ges()
at CreateVirtualDirectories.Dal.CreateWebVirtualDirec tory.Create

....

tried on the local development box and it had issues like this

until I gave permissions like described in Article ID 329986, scroll down,
Method A.

It is a double hop as I did the test at the bottom in the Quick Test section.



Code snippets:

Web.config for web service having the error shown above...

<identity impersonate="true" />
....

SCHEMA= "IIsWebVirtualDir";
mRootSubPath = "/W3SVC/1/Root";

....

DirectoryEntry deRoot= new DirectoryEntry("IIS://" + "localhost"
+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTy pes.Secure);

....

if (Directory.Exists("c:\temp\Eskimo\") == false)
{

Directory.CreateDirectory("c:\temp\Eskimo\");

}

deRoot.RefreshCache();

DirectoryEntry deNewVDir =
deRoot.Children.Add("Eskimo",mSchema);

deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

....
deNewVDir.Properties["AccessRead"][0] =true;
deNewVDir.Properties["AccessWrite"][0] = true;
deNewVDir.Properties["AccessExecute"][0] = true;
deNewVDir.Properties["AuthAnonymous"][0] = false;
deNewVDir.Properties["AuthBasic"][0] = false;
deNewVDir.Properties["AuthNTLM"][0] = true;
deNewVDir.Properties["ContentIndexed"][0] = false;
deNewVDir.Properties["EnableDirBrowsing"][0] = true;
...
deNewVDir.Invoke("AppCreate",true);

deNewVDir.CommitChanges();
deRoot.CommitChanges();

deNewVDir.Close();

deRoot.Close();
....

Now: in a windows application it works great! I have a DLL project and a
windows app test project and the web service accessing the DLL project.
In a web service I get the error listed above... :(

--
tym, Eskimo

[Dan Rogers]

Hi,

If I understand you, you're trying to make IIS hosted managed code in a web
service dynamically define new VROOTS on the server that the web service is
on, and you are getting an access deined error.

The managed code for your service is going to need to have permissions to
do these administrator operations, and thus either be impersonating an
administrator account (not a good idea if you ask me) or running in the
security context of an administrator (e.g. being called by and
administrator and assuming the administrators permissions). The latter is
possible by placing the calls in the administrator's security context.
This is done by setting the credential cache in the proxy to the default
identity (the calling user).

I hope this helps

Dan Rogers
Microsoft Corporation
--------------------

>Thread-Topic: IIS Virtual Directory Create Failure :(
>thread-index: AcTCxfBi2xjrBaTfSM2bHVVte4BerQ==
>X-WBNR-Posting-Host: 63.162.177.130
>From: =?Utf-8?B?RXNraW1v?= <Eskimo@discussions.microsoft.com>
>Subject: IIS Virtual Directory Create Failure :(
>Date: Thu, 4 Nov 2004 15:28:07 -0800
>Lines: 74
>Message-ID: <E288D499-3B3F-4B1D-BC17-D3F32A78249C@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: cpmsftngxa10.phx.gbl

microsoft.public.dotnet.framework.aspnet.webservic es:26386

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
>
>
>System.UnauthorizedAccessException: Access is denied.
> at System.DirectoryServices.Interop.IAds.SetInfo()
> at System.DirectoryServices.DirectoryEntry.CommitChan ges()
> at CreateVirtualDirectories.Dal.CreateWebVirtualDirec tory.Create
>
>...
>
> tried on the local development box and it had issues like this
>
>until I gave permissions like described in Article ID 329986, scroll down,
>Method A.
>
>It is a double hop as I did the test at the bottom in the Quick Test

section.

>
>
>
>Code snippets:
>
>Web.config for web service having the error shown above...
>
><identity impersonate="true" />
>...
>
> SCHEMA= "IIsWebVirtualDir";
> mRootSubPath = "/W3SVC/1/Root";
>
>...
>
> DirectoryEntry deRoot= new DirectoryEntry("IIS://" +

"localhost"

>+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTy pes.Secure);
>
>...
>
> if (Directory.Exists("c:\temp\Eskimo\") == false)
> {
>
> Directory.CreateDirectory("c:\temp\Eskimo\");
>
> }
>
> deRoot.RefreshCache();
>
> DirectoryEntry deNewVDir =
>deRoot.Children.Add("Eskimo",mSchema);
>
> deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");
>
>...
> deNewVDir.Properties["AccessRead"][0] =true;
> deNewVDir.Properties["AccessWrite"][0] = true;
> deNewVDir.Properties["AccessExecute"][0] = true;
> deNewVDir.Properties["AuthAnonymous"][0] = false;
> deNewVDir.Properties["AuthBasic"][0] = false;
> deNewVDir.Properties["AuthNTLM"][0] = true;
> deNewVDir.Properties["ContentIndexed"][0] = false;
> deNewVDir.Properties["EnableDirBrowsing"][0] = true;
> ...
> deNewVDir.Invoke("AppCreate",true);
>
> deNewVDir.CommitChanges();
> deRoot.CommitChanges();
>
> deNewVDir.Close();
>
> deRoot.Close();
>...
>
>Now: in a windows application it works great! I have a DLL project and a
>windows app test project and the web service accessing the DLL project.
>In a web service I get the error listed above... :(
>
>--
>tym, Eskimo
>

[Eskimo]

Dan,

Thanks for the suggestion, however, I used the following snippet...that
didnt work even with an administrator logged in...impersonation didn't work
either...

I think it's IIS -> ADSI where the permission problem is on the server. I'm
on xp pro and it works great!

When I log into the server 2003 box as a member of the admin group it fails
spectacularly with "Access is Denied."

System.Security.Principal.WindowsImpersonationCont ext
impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

<call web service method>

impersonationContext.Undo();

"Dan Rogers" wrote:

> Hi,
>
> If I understand you, you're trying to make IIS hosted managed code in a web
> service dynamically define new VROOTS on the server that the web service is
> on, and you are getting an access deined error.
>
> The managed code for your service is going to need to have permissions to
> do these administrator operations, and thus either be impersonating an
> administrator account (not a good idea if you ask me) or running in the
> security context of an administrator (e.g. being called by and
> administrator and assuming the administrators permissions). The latter is
> possible by placing the calls in the administrator's security context.
> This is done by setting the credential cache in the proxy to the default
> identity (the calling user).
>
> I hope this helps
>
> Dan Rogers
> Microsoft Corporation
> --------------------

> >Thread-Topic: IIS Virtual Directory Create Failure :(
> >thread-index: AcTCxfBi2xjrBaTfSM2bHVVte4BerQ==
> >X-WBNR-Posting-Host: 63.162.177.130
> >From: =?Utf-8?B?RXNraW1v?= <Eskimo@discussions.microsoft.com>
> >Subject: IIS Virtual Directory Create Failure :(
> >Date: Thu, 4 Nov 2004 15:28:07 -0800
> >Lines: 74
> >Message-ID: <E288D499-3B3F-4B1D-BC17-D3F32A78249C@microsoft.com>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: cpmsftngxa10.phx.gbl

> microsoft.public.dotnet.framework.aspnet.webservic es:26386

> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
> >
> >
> >System.UnauthorizedAccessException: Access is denied.
> > at System.DirectoryServices.Interop.IAds.SetInfo()
> > at System.DirectoryServices.DirectoryEntry.CommitChan ges()
> > at CreateVirtualDirectories.Dal.CreateWebVirtualDirec tory.Create
> >
> >...
> >
> > tried on the local development box and it had issues like this
> >
> >until I gave permissions like described in Article ID 329986, scroll down,
> >Method A.
> >
> >It is a double hop as I did the test at the bottom in the Quick Test

> section.

> >
> >
> >
> >Code snippets:
> >
> >Web.config for web service having the error shown above...
> >
> ><identity impersonate="true" />
> >...
> >
> > SCHEMA= "IIsWebVirtualDir";
> > mRootSubPath = "/W3SVC/1/Root";
> >
> >...
> >
> > DirectoryEntry deRoot= new DirectoryEntry("IIS://" +

> "localhost"

> >+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTy pes.Secure);
> >
> >...
> >
> > if (Directory.Exists("c:\temp\Eskimo\") == false)
> > {
> >
> > Directory.CreateDirectory("c:\temp\Eskimo\");
> >
> > }
> >
> > deRoot.RefreshCache();
> >
> > DirectoryEntry deNewVDir =
> >deRoot.Children.Add("Eskimo",mSchema);
> >
> > deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");
> >
> >...
> > deNewVDir.Properties["AccessRead"][0] =true;
> > deNewVDir.Properties["AccessWrite"][0] = true;
> > deNewVDir.Properties["AccessExecute"][0] = true;
> > deNewVDir.Properties["AuthAnonymous"][0] = false;
> > deNewVDir.Properties["AuthBasic"][0] = false;
> > deNewVDir.Properties["AuthNTLM"][0] = true;
> > deNewVDir.Properties["ContentIndexed"][0] = false;
> > deNewVDir.Properties["EnableDirBrowsing"][0] = true;
> > ...
> > deNewVDir.Invoke("AppCreate",true);
> >
> > deNewVDir.CommitChanges();
> > deRoot.CommitChanges();
> >
> > deNewVDir.Close();
> >
> > deRoot.Close();
> >...
> >
> >Now: in a windows application it works great! I have a DLL project and a
> >windows app test project and the web service accessing the DLL project.
> >In a web service I get the error listed above... :(
> >
> >--
> >tym, Eskimo
> >

>
>

[Dan Rogers]

Ahhh. I think this is a matter of the later OS being more secure. Code
access security is going to do a lot to prevent internet hosted logic from
doing things that require admin permissions. You want to think VERY
carefully about undoing this protection. Since .NET 1.1 was shipped as a
part of Windows Server 2003, I suspect that the policy expressions that
shipped with this version were more restrictive. If this is the case, no
amount of impersonation is going to fix this - since the call is
originating from a web service and thus is sand boxed. You'd have to
override code access security for these specific operations. I would still
add logic to such a service to make sure that the caller is a member of a
group the caller recognizes ad an admin, since once you over-ride the
sandbox security, no other protections would be keeping a non-admin from
making a call that if overdone could flood your box and disable your server.

I hope this helps

Dan
--------------------

>Thread-Topic: IIS Virtual Directory Create Failure :(
>thread-index: AcTMurvE7+6ff34BSxC8pHYgFuZQvQ==
>X-WBNR-Posting-Host: 63.162.177.130
>From: =?Utf-8?B?RXNraW1v?= <Eskimo@discussions.microsoft.com>
>References: <E288D499-3B3F-4B1D-BC17-D3F32A78249C@microsoft.com>

<BsZ7jyDzEHA.1184@cpmsftngxa10.phx.gbl>

>Subject: RE: IIS Virtual Directory Create Failure :(
>Date: Wed, 17 Nov 2004 07:33:05 -0800
>Lines: 146
>Message-ID: <E07C3395-6C1C-47C1-AFB4-39473F4FEB74@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
>Xref: cpmsftngxa10.phx.gbl

microsoft.public.dotnet.framework.aspnet.webservic es:26666

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
>
>Dan,
>
>Thanks for the suggestion, however, I used the following snippet...that
>didnt work even with an administrator logged in...impersonation didn't

work

>either...
>
>I think it's IIS -> ADSI where the permission problem is on the server.

I'm

>on xp pro and it works great!
>
>When I log into the server 2003 box as a member of the admin group it

fails

>spectacularly with "Access is Denied."
>
> System.Security.Principal.WindowsImpersonationCont ext
>impersonationContext;
> impersonationContext =
>((System.Security.Principal.WindowsIdentity)User. Identity).Impersonate();
>
><call web service method>
>
> impersonationContext.Undo();
>
>"Dan Rogers" wrote:
>

>> Hi,
>>
>> If I understand you, you're trying to make IIS hosted managed code in a

web

>> service dynamically define new VROOTS on the server that the web service

is

>> on, and you are getting an access deined error.
>>
>> The managed code for your service is going to need to have permissions

to

>> do these administrator operations, and thus either be impersonating an
>> administrator account (not a good idea if you ask me) or running in the
>> security context of an administrator (e.g. being called by and
>> administrator and assuming the administrators permissions). The latter

is

>> possible by placing the calls in the administrator's security context.
>> This is done by setting the credential cache in the proxy to the default
>> identity (the calling user).
>>
>> I hope this helps
>>
>> Dan Rogers
>> Microsoft Corporation
>> --------------------

>> >Thread-Topic: IIS Virtual Directory Create Failure :(
>> >thread-index: AcTCxfBi2xjrBaTfSM2bHVVte4BerQ==
>> >X-WBNR-Posting-Host: 63.162.177.130
>> >From: =?Utf-8?B?RXNraW1v?= <Eskimo@discussions.microsoft.com>
>> >Subject: IIS Virtual Directory Create Failure :(
>> >Date: Thu, 4 Nov 2004 15:28:07 -0800
>> >Lines: 74
>> >Message-ID: <E288D499-3B3F-4B1D-BC17-D3F32A78249C@microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>> >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: cpmsftngxa10.phx.gbl

>> microsoft.public.dotnet.framework.aspnet.webservic es:26386

>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
>> >
>> >
>> >System.UnauthorizedAccessException: Access is denied.
>> > at System.DirectoryServices.Interop.IAds.SetInfo()
>> > at System.DirectoryServices.DirectoryEntry.CommitChan ges()
>> > at CreateVirtualDirectories.Dal.CreateWebVirtualDirec tory.Create
>> >
>> >...
>> >
>> > tried on the local development box and it had issues like this
>> >
>> >until I gave permissions like described in Article ID 329986, scroll

down,

>> >Method A.
>> >
>> >It is a double hop as I did the test at the bottom in the Quick Test

>> section.

>> >
>> >
>> >
>> >Code snippets:
>> >
>> >Web.config for web service having the error shown above...
>> >
>> ><identity impersonate="true" />
>> >...
>> >
>> > SCHEMA= "IIsWebVirtualDir";
>> > mRootSubPath = "/W3SVC/1/Root";
>> >
>> >...
>> >
>> > DirectoryEntry deRoot= new DirectoryEntry("IIS://" +

>> "localhost"

>> >+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTy pes.Secure);
>> >
>> >...
>> >
>> > if (Directory.Exists("c:\temp\Eskimo\") == false)
>> > {
>> >
>> > Directory.CreateDirectory("c:\temp\Eskimo\");
>> >
>> > }
>> >
>> > deRoot.RefreshCache();
>> >
>> > DirectoryEntry deNewVDir =
>> >deRoot.Children.Add("Eskimo",mSchema);
>> >
>> >

deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

>> >
>> >...
>> > deNewVDir.Properties["AccessRead"][0] =true;
>> > deNewVDir.Properties["AccessWrite"][0] = true;
>> > deNewVDir.Properties["AccessExecute"][0] = true;
>> > deNewVDir.Properties["AuthAnonymous"][0] = false;
>> > deNewVDir.Properties["AuthBasic"][0] = false;
>> > deNewVDir.Properties["AuthNTLM"][0] = true;
>> > deNewVDir.Properties["ContentIndexed"][0] = false;
>> > deNewVDir.Properties["EnableDirBrowsing"][0] = true;
>> > ...
>> > deNewVDir.Invoke("AppCreate",true);
>> >
>> > deNewVDir.CommitChanges();
>> > deRoot.CommitChanges();
>> >
>> > deNewVDir.Close();
>> >
>> > deRoot.Close();
>> >...
>> >
>> >Now: in a windows application it works great! I have a DLL project and

a

>> >windows app test project and the web service accessing the DLL project.
>> >In a web service I get the error listed above... :(
>> >
>> >--
>> >tym, Eskimo
>> >

>>
>>

>

[Eskimo]

Dan,

What can I do to "You'd have to override code access security for these
specific operations" ?

Where do I start with code access security? I did give fulltrust to the
assembly calling the IIS stuff with caspol -af <DLL ASSEMBLY> I was wanting
to use full trust with...

I have an n-tier application, with a set of objects that manipulate ADSI
with the .NET framework classes found in System.DirectoryServices.



"Dan Rogers" wrote:

> Ahhh. I think this is a matter of the later OS being more secure. Code
> access security is going to do a lot to prevent internet hosted logic from
> doing things that require admin permissions. You want to think VERY
> carefully about undoing this protection. Since .NET 1.1 was shipped as a
> part of Windows Server 2003, I suspect that the policy expressions that
> shipped with this version were more restrictive. If this is the case, no
> amount of impersonation is going to fix this - since the call is
> originating from a web service and thus is sand boxed. You'd have to
> override code access security for these specific operations. I would still
> add logic to such a service to make sure that the caller is a member of a
> group the caller recognizes ad an admin, since once you over-ride the
> sandbox security, no other protections would be keeping a non-admin from
> making a call that if overdone could flood your box and disable your server.
>
> I hope this helps
>
> Dan
> --------------------

> >Thread-Topic: IIS Virtual Directory Create Failure :(
> >thread-index: AcTMurvE7+6ff34BSxC8pHYgFuZQvQ==
> >X-WBNR-Posting-Host: 63.162.177.130
> >From: =?Utf-8?B?RXNraW1v?= <Eskimo@discussions.microsoft.com>
> >References: <E288D499-3B3F-4B1D-BC17-D3F32A78249C@microsoft.com>

> <BsZ7jyDzEHA.1184@cpmsftngxa10.phx.gbl>

> >Subject: RE: IIS Virtual Directory Create Failure :(
> >Date: Wed, 17 Nov 2004 07:33:05 -0800
> >Lines: 146
> >Message-ID: <E07C3395-6C1C-47C1-AFB4-39473F4FEB74@microsoft.com>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
> >Xref: cpmsftngxa10.phx.gbl

> microsoft.public.dotnet.framework.aspnet.webservic es:26666

> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
> >
> >Dan,
> >
> >Thanks for the suggestion, however, I used the following snippet...that
> >didnt work even with an administrator logged in...impersonation didn't

> work

> >either...
> >
> >I think it's IIS -> ADSI where the permission problem is on the server.

> I'm

> >on xp pro and it works great!
> >
> >When I log into the server 2003 box as a member of the admin group it

> fails

> >spectacularly with "Access is Denied."
> >
> > System.Security.Principal.WindowsImpersonationCont ext
> >impersonationContext;
> > impersonationContext =
> >((System.Security.Principal.WindowsIdentity)User. Identity).Impersonate();
> >
> ><call web service method>
> >
> > impersonationContext.Undo();
> >
> >"Dan Rogers" wrote:
> >

> >> Hi,
> >>
> >> If I understand you, you're trying to make IIS hosted managed code in a

> web

> >> service dynamically define new VROOTS on the server that the web service

> is

> >> on, and you are getting an access deined error.
> >>
> >> The managed code for your service is going to need to have permissions

> to

> >> do these administrator operations, and thus either be impersonating an
> >> administrator account (not a good idea if you ask me) or running in the
> >> security context of an administrator (e.g. being called by and
> >> administrator and assuming the administrators permissions). The latter

> is

> >> possible by placing the calls in the administrator's security context.
> >> This is done by setting the credential cache in the proxy to the default
> >> identity (the calling user).
> >>
> >> I hope this helps
> >>
> >> Dan Rogers
> >> Microsoft Corporation
> >> --------------------
> >> >Thread-Topic: IIS Virtual Directory Create Failure :(
> >> >thread-index: AcTCxfBi2xjrBaTfSM2bHVVte4BerQ==
> >> >X-WBNR-Posting-Host: 63.162.177.130
> >> >From: =?Utf-8?B?RXNraW1v?= <Eskimo@discussions.microsoft.com>
> >> >Subject: IIS Virtual Directory Create Failure :(
> >> >Date: Thu, 4 Nov 2004 15:28:07 -0800
> >> >Lines: 74
> >> >Message-ID: <E288D499-3B3F-4B1D-BC17-D3F32A78249C@microsoft.com>
> >> >MIME-Version: 1.0
> >> >Content-Type: text/plain;
> >> > charset="Utf-8"
> >> >Content-Transfer-Encoding: 7bit
> >> >X-Newsreader: Microsoft CDO for Windows 2000
> >> >Content-Class: urn:content-classes:message
> >> >Importance: normal
> >> >Priority: normal
> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet.webservic es
> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
> >> >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >> >Xref: cpmsftngxa10.phx.gbl
> >> microsoft.public.dotnet.framework.aspnet.webservic es:26386
> >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservic es
> >> >
> >> >
> >> >System.UnauthorizedAccessException: Access is denied.
> >> > at System.DirectoryServices.Interop.IAds.SetInfo()
> >> > at System.DirectoryServices.DirectoryEntry.CommitChan ges()
> >> > at CreateVirtualDirectories.Dal.CreateWebVirtualDirec tory.Create
> >> >
> >> >...
> >> >
> >> > tried on the local development box and it had issues like this
> >> >
> >> >until I gave permissions like described in Article ID 329986, scroll

> down,

> >> >Method A.
> >> >
> >> >It is a double hop as I did the test at the bottom in the Quick Test
> >> section.
> >> >
> >> >
> >> >
> >> >Code snippets:
> >> >
> >> >Web.config for web service having the error shown above...
> >> >
> >> ><identity impersonate="true" />
> >> >...
> >> >
> >> > SCHEMA= "IIsWebVirtualDir";
> >> > mRootSubPath = "/W3SVC/1/Root";
> >> >
> >> >...
> >> >
> >> > DirectoryEntry deRoot= new DirectoryEntry("IIS://" +
> >> "localhost"
> >> >+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTy pes.Secure);
> >> >
> >> >...
> >> >
> >> > if (Directory.Exists("c:\temp\Eskimo\") == false)
> >> > {
> >> >
> >> > Directory.CreateDirectory("c:\temp\Eskimo\");
> >> >
> >> > }
> >> >
> >> > deRoot.RefreshCache();
> >> >
> >> > DirectoryEntry deNewVDir =
> >> >deRoot.Children.Add("Eskimo",mSchema);
> >> >
> >> >

> deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

> >> >
> >> >...
> >> > deNewVDir.Properties["AccessRead"][0] =true;
> >> > deNewVDir.Properties["AccessWrite"][0] = true;
> >> > deNewVDir.Properties["AccessExecute"][0] = true;
> >> > deNewVDir.Properties["AuthAnonymous"][0] = false;
> >> > deNewVDir.Properties["AuthBasic"][0] = false;
> >> > deNewVDir.Properties["AuthNTLM"][0] = true;
> >> > deNewVDir.Properties["ContentIndexed"][0] = false;
> >> > deNewVDir.Properties["EnableDirBrowsing"][0] = true;
> >> > ...
> >> > deNewVDir.Invoke("AppCreate",true);
> >> >
> >> > deNewVDir.CommitChanges();
> >> > deRoot.CommitChanges();
> >> >
> >> > deNewVDir.Close();
> >> >
> >> > deRoot.Close();
> >> >...
> >> >
> >> >Now: in a windows application it works great! I have a DLL project and

> a

> >> >windows app test project and the web service accessing the DLL project.
> >> >In a web service I get the error listed above... :(
> >> >
> >> >--
> >> >tym, Eskimo
> >> >
> >>
> >>

> >

>
>