Ask a Question related to ASP.NET Security, Design and Development.
-
Joe Kaplan \(MVP - ADSI\) #1
Re: Security Violation in my Web Service
Is impersonation enabled in the web server? If so, those credentials would
be use to access the file, not the ASPNET account.
The FileIOPermission stuff won't help with an UnauthorizedAccessException as
the UnauthorizedAccessException is caused by Windows security and the
FileIOPermission is for CAS.
Joe K.
"jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
news:475FF115-5D6A-47CA-B92C-4FBC88B7B6DD@microsoft.com...the file system and receive the following exception:> I've written a ASP .NET WEB Service that tries to load a xml document fromServer was unable to process request. --->>
> Additional information: System.Web.Services.Protocols.SoapException:
System.UnauthorizedAccessException: Access to the path
'c:\inetpub\wwwroot\AssuredOffice\policies\{420B28 30-E718-11CF-893D-00A0C905
4228}Policy.xml' is deniedAll=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]>
> I've included the following in the AssemblyInfo.cs
>
> [assembly: FileIOPermission(SecurityAction.RequestMinimum,the xml document>
> I've also tried putting this attribute on the method that tries to loadRead=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]>
> [FileIOPermission(SecurityAction.Assert,account has read access -- what I'm I missing?>
>
> I've checked the ACl on the file and directory to ensure that the ASPNET>
Joe Kaplan \(MVP - ADSI\) Guest
-
Web service security
Hello I am new to web services and I have a number of questions. I have read the WSE documentation and various other articles, but I am not sure... -
Web Service and Application Security
My application software is deployed across two tiers; a WinForms workstation client and a Web Services layer. My application will require... -
Web Service Security?
I have created a Windows app in C# which makes a call to a dll created in C# and to a Web Service, also created in C#. I have put the exe along... -
Security Sandbox Violation?
When I go to any page on yahoo.com, I get this window pop up with this text. What is going on? And how do you stop this from happening? (I'm using... -
Web Service Security problem
Hello. I'm still struggling with a million new concepts in this .NET world, so forgive me if the answers are obvious. I wrote a test web service... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Security Violation in my Web Service
Oh well, so much for the easy answer.
There is definitely a Windows security authorization problem here. I'd
enable auditing for object access in your local security policy and set the
SACL on the file to enable auditing. Then, you should at least get an audit
failure in the security event log saying who tried to access the file and
why it failed.
You might also try using Filemon from sysinternals to see this.
Joe K.
"jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
news:93F5797E-5DE5-40F9-A489-76E7A14ECCD5@microsoft.com...would> No, impersonation is not enabled.
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>> > Is impersonation enabled in the web server? If so, those credentialsUnauthorizedAccessException as> > be use to access the file, not the ASPNET account.
> >
> > The FileIOPermission stuff won't help with anfrom> > the UnauthorizedAccessException is caused by Windows security and the
> > FileIOPermission is for CAS.
> >
> > Joe K.
> >
> > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > news:475FF115-5D6A-47CA-B92C-4FBC88B7B6DD@microsoft.com...> > > I've written a ASP .NET WEB Service that tries to load a xml document'c:\inetpub\wwwroot\AssuredOffice\policies\{420B28 30-E718-11CF-893D-00A0C905> > the file system and receive the following exception:> > Server was unable to process request. --->> > >
> > > Additional information: System.Web.Services.Protocols.SoapException:
> > System.UnauthorizedAccessException: Access to the path
> >load> > 4228}Policy.xml' is denied> > All=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]> > >
> > > I've included the following in the AssemblyInfo.cs
> > >
> > > [assembly: FileIOPermission(SecurityAction.RequestMinimum,> > >
> > > I've also tried putting this attribute on the method that tries toASPNET> > the xml document> > Read=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]> > >
> > > [FileIOPermission(SecurityAction.Assert,> > >
> > >
> > > I've checked the ACl on the file and directory to ensure that the> > account has read access -- what I'm I missing?> >> > >
> >
> >
Joe Kaplan \(MVP - ADSI\) Guest
-
jbothwel #3 Re: Security Violation in my Web Service
Thanks Joe. Great suggestion. The ASPNET (ASP Machine Account) is accessing the componet, as expected. The real problem was in how the XML file was being loaded. It was being loaded through a FileStream with FileMode.Open which requires more than just Read access.
"Joe Kaplan (MVP - ADSI)" wrote:
> Oh well, so much for the easy answer.
>
> There is definitely a Windows security authorization problem here. I'd
> enable auditing for object access in your local security policy and set the
> SACL on the file to enable auditing. Then, you should at least get an audit
> failure in the security event log saying who tried to access the file and
> why it failed.
>
> You might also try using Filemon from sysinternals to see this.
>
> Joe K.
>
> "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> news:93F5797E-5DE5-40F9-A489-76E7A14ECCD5@microsoft.com...> would> > No, impersonation is not enabled.
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >> > > Is impersonation enabled in the web server? If so, those credentials> UnauthorizedAccessException as> > > be use to access the file, not the ASPNET account.
> > >
> > > The FileIOPermission stuff won't help with an> from> > > the UnauthorizedAccessException is caused by Windows security and the
> > > FileIOPermission is for CAS.
> > >
> > > Joe K.
> > >
> > > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > > news:475FF115-5D6A-47CA-B92C-4FBC88B7B6DD@microsoft.com...
> > > > I've written a ASP .NET WEB Service that tries to load a xml document> 'c:\inetpub\wwwroot\AssuredOffice\policies\{420B28 30-E718-11CF-893D-00A0C905> > > the file system and receive the following exception:
> > > >
> > > > Additional information: System.Web.Services.Protocols.SoapException:
> > > Server was unable to process request. --->
> > > System.UnauthorizedAccessException: Access to the path
> > >> load> > > 4228}Policy.xml' is denied
> > > >
> > > > I've included the following in the AssemblyInfo.cs
> > > >
> > > > [assembly: FileIOPermission(SecurityAction.RequestMinimum,
> > > All=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > >
> > > > I've also tried putting this attribute on the method that tries to> ASPNET> > > the xml document
> > > >
> > > > [FileIOPermission(SecurityAction.Assert,
> > > Read=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > >
> > > >
> > > > I've checked the ACl on the file and directory to ensure that the>> > > account has read access -- what I'm I missing?
> > > >
> > >
> > >
> > >
>
>jbothwel Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: Security Violation in my Web Service
Glad that worked. I wouldn't have thought to ask about the details on the
file stream.
Joe K.
"jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
news:C7E4C193-5F99-4245-B1E5-85A4240AC42E@microsoft.com...accessing the componet, as expected. The real problem was in how the XML> Thanks Joe. Great suggestion. The ASPNET (ASP Machine Account) is
file was being loaded. It was being loaded through a FileStream with
FileMode.Open which requires more than just Read access.the>
> "Joe Kaplan (MVP - ADSI)" wrote:
>> > Oh well, so much for the easy answer.
> >
> > There is definitely a Windows security authorization problem here. I'd
> > enable auditing for object access in your local security policy and setaudit> > SACL on the file to enable auditing. Then, you should at least get anand> > failure in the security event log saying who tried to access the filecredentials> > why it failed.
> >
> > You might also try using Filemon from sysinternals to see this.
> >
> > Joe K.
> >
> > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > news:93F5797E-5DE5-40F9-A489-76E7A14ECCD5@microsoft.com...> > > No, impersonation is not enabled.
> > >
> > > "Joe Kaplan (MVP - ADSI)" wrote:
> > >
> > > > Is impersonation enabled in the web server? If so, thosethe> > would> > UnauthorizedAccessException as> > > > be use to access the file, not the ASPNET account.
> > > >
> > > > The FileIOPermission stuff won't help with an> > > > the UnauthorizedAccessException is caused by Windows security anddocument> > > > FileIOPermission is for CAS.
> > > >
> > > > Joe K.
> > > >
> > > > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > > > news:475FF115-5D6A-47CA-B92C-4FBC88B7B6DD@microsoft.com...
> > > > > I've written a ASP .NET WEB Service that tries to load a xmlSystem.Web.Services.Protocols.SoapException:> > from> > > > the file system and receive the following exception:
> > > > >
> > > > > Additional information:'c:\inetpub\wwwroot\AssuredOffice\policies\{420B28 30-E718-11CF-893D-00A0C905> >> > > > Server was unable to process request. --->
> > > > System.UnauthorizedAccessException: Access to the path
> > > >> > load> > > > 4228}Policy.xml' is denied
> > > > >
> > > > > I've included the following in the AssemblyInfo.cs
> > > > >
> > > > > [assembly: FileIOPermission(SecurityAction.RequestMinimum,
> > > > All=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > > >
> > > > > I've also tried putting this attribute on the method that tries to> > ASPNET> > > > the xml document
> > > > >
> > > > > [FileIOPermission(SecurityAction.Assert,
> > > > Read=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > > >
> > > > >
> > > > > I've checked the ACl on the file and directory to ensure that the> >> > > > account has read access -- what I'm I missing?
> > > > >
> > > >
> > > >
> > > >
> >
> >
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
