Running an assembly in different User

[NMN]

Hi All

I have an asp.net Application. It calls an assembly which copies a file from one location say c:\temp to another directory say c:\temp1. I created an assembly to do this where i did not have any problems after giving the ASPNet User write access to that destination forlder c:\temp1. We feel that providing the aspnet user with write access to a folder is a possible security threat, so we want to run this assembly under a different user (other than aspnet user). can any one suggest me how to do this.

Thanks in advanc

[Kunal]

Use identity Impersonation..Create an account with the minimum priveleges
you need to do the copying and update your web.config file with this:

<identity impersonate="true"
userName="domain\user"
password="password" />

that way, the requests will be executed under the context of that user
instead of ASPNET....



"NMN" <anonymous@discussions.microsoft.com> wrote in message
news:DD345E26-19E7-4E83-954A-EE6B051BF4BD@microsoft.com...

> Hi All,
>
> I have an asp.net Application. It calls an assembly which copies a file

from one location say c:\temp to another directory say c:\temp1. I created
an assembly to do this where i did not have any problems after giving the
ASPNet User write access to that destination forlder c:\temp1. We feel that
providing the aspnet user with write access to a folder is a possible
security threat, so we want to run this assembly under a different user
(other than aspnet user). can any one suggest me how to do this.

>
> Thanks in advance
>

[Joe Kaplan \(MVP - ADSI\)]

Probably the best way to do this is to set up your "copy" component to run
under COM+ and have COM+ run it under a different identity with the correct
privileges.

The other ways to do it would be to do some sort of out of process call via
a Web Service or Remoting, but those are probably more complex. You could
also try to do some sort of impersonation scenario in ASP.NET so that you
would be running under the context of a user that has the right permissions.
Finally, you could change the ASP.NET process model to use a different
account than ASPNET that already has the correct permissions.

Joe K.

"NMN" <anonymous@discussions.microsoft.com> wrote in message
news:DD345E26-19E7-4E83-954A-EE6B051BF4BD@microsoft.com...

> Hi All,
>
> I have an asp.net Application. It calls an assembly which copies a file

from one location say c:\temp to another directory say c:\temp1. I created
an assembly to do this where i did not have any problems after giving the
ASPNet User write access to that destination forlder c:\temp1. We feel that
providing the aspnet user with write access to a folder is a possible
security threat, so we want to run this assembly under a different user
(other than aspnet user). can any one suggest me how to do this.

>
> Thanks in advance
>

[NMN]

Thanks. Where do i need to put this web.config file. As i want only the dll to run in this user account, but the asp.net page needs to still run in a different user which does not have access to write into a particular directory

Thanks once again
----- Kunal wrote: ----

Use identity Impersonation..Create an account with the minimum privelege
you need to do the copying and update your web.config file with this

<identity impersonate="true
userName="domain\user
password="password" /

that way, the requests will be executed under the context of that use
instead of ASPNET...

[NMN]

Hi joe

Thanks for you valuable suggestions. If you can suggest me on some article which will guide me in doing this i will be very grateful. I would prefer the first scenario of using COM+. I also would like some more details on this statement, actually i am not sure how with this i can run an assembly alone in a different user
"You coul
also try to do some sort of impersonation scenario in ASP.NET so that yo
would be running under the context of a user that has the right permissions.

Thank

----- Joe Kaplan (MVP - ADSI) wrote: ----

Probably the best way to do this is to set up your "copy" component to ru
under COM+ and have COM+ run it under a different identity with the correc
privileges

The other ways to do it would be to do some sort of out of process call vi
a Web Service or Remoting, but those are probably more complex. You coul
also try to do some sort of impersonation scenario in ASP.NET so that yo
would be running under the context of a user that has the right permissions
Finally, you could change the ASP.NET process model to use a differen
account than ASPNET that already has the correct permissions

Joe K

[Joe Kaplan \(MVP - ADSI\)]

COM+ is not my specialty at all, so you might get better help if you ask
more people. I'd start a new thread saying that you want to write a .NET
component that runs under COM+ so that you can run it under a different
identity. There is some good help on writing seviced components here:

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconwritingservicedcomponents.asp?frame=true[/url]

Regarding your second question, that doesn't sound like to the way to go
based on your reply to one of the other messages. From what I could gather,
you want the main part of the request running as the current user so that
you can take advantage of their security context, but want this one thing to
run as a different context. In that situation, you should really be doing
COM+. Trying to do it by changing impersonation contexts and then changing
back would be a bit of a hack job.

HTH,

Joe K.

"NMN" <anonymous@discussions.microsoft.com> wrote in message
news:D0B8C88F-3E02-420D-80A8-E5191960BFDA@microsoft.com...

> Hi joe,
>
> Thanks for you valuable suggestions. If you can suggest me on some

article which will guide me in doing this i will be very grateful. I would
prefer the first scenario of using COM+. I also would like some more details
on this statement, actually i am not sure how with this i can run an
assembly alone in a different user.

> "You could
> also try to do some sort of impersonation scenario in ASP.NET so that

you

> would be running under the context of a user that has the right

permissions. "

>
> Thanks
>
>
> ----- Joe Kaplan (MVP - ADSI) wrote: -----
>
> Probably the best way to do this is to set up your "copy" component

to run

> under COM+ and have COM+ run it under a different identity with the

correct

> privileges.
>
> The other ways to do it would be to do some sort of out of process

call via

> a Web Service or Remoting, but those are probably more complex. You

could

> also try to do some sort of impersonation scenario in ASP.NET so that

you

> would be running under the context of a user that has the right

permissions.

> Finally, you could change the ASP.NET process model to use a

different

> account than ASPNET that already has the correct permissions.
>
> Joe K.
>

[NMN]

Thanks Joe and Kunal. I was able to implement this by using Managed COM+ Component. The material i used for referring is as follows

http://www.informit.com/isapi/product_id~{A1CE8908-9877-4B24-9B2C-BD7B836490D6}/element_id~{A53BFEC1-3FB7-4E6B-B8A7-653F61DAA526}/st~{EA7C8D03-4995-402D-B085-06E000F897B8}/session_id~{275EC953-2A7F-44FB-B08C-BBA54C9C3106}/content/articlex.as

Thanks once again for your help

regard
Madhavan

[Joe Kaplan \(MVP - ADSI\)]

Glad you got it working.

Joe K.

"NMN" <anonymous@discussions.microsoft.com> wrote in message
news:E4F225D6-1B63-4822-A782-FC79B59A1DE6@microsoft.com...

> Thanks Joe and Kunal. I was able to implement this by using Managed COM+

Component. The material i used for referring is as follows:

>
>

http://www.informit.com/isapi/product_id~{A1CE8908-9877-4B24-9B2C-BD7B836490D6}/element_id~{A53BFEC1-3FB7-4E6B-B8A7-653F61DAA526}/st~{EA7C8D03-4995-402D-B085-06E000F897B8}/session_id~{275EC953-2A7F-44FB-B08C-BBA54C9C3106}/content/articlex.asp

>
> Thanks once again for your help.
>
> regards
> Madhavan