Serviced Component runs under ASPNET, not specified account

[Gianluca Torta]

Cross posting since I had no reply yet from
microsoft.public.dotnet.framework.component_servic es

Hi all,

I have an ASP.NET app and a Serviced Component that runs within a COM+
app

the Serviced Component is intended to access a remote database with an
identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
that actually can access the remote database

the COM+ app has been configured to RUN AS SERVER and I have specified
in the identity tab that the app should run as MYDOMAIN\MYUSER

however, when I open my ASP.NET app and click on the button which
makes the call to the Serviced Component, I can see from SQL Server
Profiler that the user which tried to access the remote DB is
<MACHINE>\ASPNET

for some reason, the COM+ app is not running as the account that I
specify in the Identity tab but as the caller (which in this case is
<MACHINE>\ASPNET)

I guess I have some configuration problem, but I really couldn't
figure out what it is:
- I correctly wrote my Serviced Component
- I strongly named the assembly .DLL produced by compiling the
component
- I registered the component with regsvcs.exe
- my ASP.NET application references the DLL that has been strongly
named

Any suggestions would be welcome!

Thanks in advance,
-Gianluca Torta

[Svein Terje Gaup]

If you are using Windows Server 2003, you can configure an application pool
to be run as a user account of your choice. You can then assign your web
application to the application pool. Then check to see what account is being
used on your database.

In ASP.NET you might also try to configure impersonation in web.config:
<identity impersonate="true" userName="DOMAIN\databaseuser"
password="123456" />

This article describes a method for accessing resources on a server using a
copied ASPNET account:
[url]http://weblogs.asp.net/mschwarz/archive/2003/03/31/4515.aspx[/url]
Perhaps you can use it for accessing your database?

HTH,
Svein Terje Gaup

"Gianluca Torta" <giatorta@gmail.com> wrote in message
news:21efe956.0501241104.21a525c6@posting.google.c om...

> Cross posting since I had no reply yet from
> microsoft.public.dotnet.framework.component_servic es
>
> Hi all,
>
> I have an ASP.NET app and a Serviced Component that runs within a COM+
> app
>
> the Serviced Component is intended to access a remote database with an
> identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
> that actually can access the remote database
>
> the COM+ app has been configured to RUN AS SERVER and I have specified
> in the identity tab that the app should run as MYDOMAIN\MYUSER
>
> however, when I open my ASP.NET app and click on the button which
> makes the call to the Serviced Component, I can see from SQL Server
> Profiler that the user which tried to access the remote DB is
> <MACHINE>\ASPNET
>
> for some reason, the COM+ app is not running as the account that I
> specify in the Identity tab but as the caller (which in this case is
> <MACHINE>\ASPNET)
>
> I guess I have some configuration problem, but I really couldn't
> figure out what it is:
> - I correctly wrote my Serviced Component
> - I strongly named the assembly .DLL produced by compiling the
> component
> - I registered the component with regsvcs.exe
> - my ASP.NET application references the DLL that has been strongly
> named
>
> Any suggestions would be welcome!
>
> Thanks in advance,
> -Gianluca Torta

[Gianluca Torta]

Dear Svein, thank you for your reply.

Unfortunately the requirements I have make the Serviced Component the best
way to obtain my goals (see thread "accessing remote resources from ASP.NET
app").

So my problem is now how to make my Serviced Component to run with identity
"MYDOMAIN\MYUSER"

-Gianluca

"Svein Terje Gaup" wrote:

> If you are using Windows Server 2003, you can configure an application pool
> to be run as a user account of your choice. You can then assign your web
> application to the application pool. Then check to see what account is being
> used on your database.
>
> In ASP.NET you might also try to configure impersonation in web.config:
> <identity impersonate="true" userName="DOMAIN\databaseuser"
> password="123456" />
>
> This article describes a method for accessing resources on a server using a
> copied ASPNET account:
> [url]http://weblogs.asp.net/mschwarz/archive/2003/03/31/4515.aspx[/url]
> Perhaps you can use it for accessing your database?
>
> HTH,
> Svein Terje Gaup
>
> "Gianluca Torta" <giatorta@gmail.com> wrote in message
> news:21efe956.0501241104.21a525c6@posting.google.c om...

> > Cross posting since I had no reply yet from
> > microsoft.public.dotnet.framework.component_servic es
> >
> > Hi all,
> >
> > I have an ASP.NET app and a Serviced Component that runs within a COM+
> > app
> >
> > the Serviced Component is intended to access a remote database with an
> > identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
> > that actually can access the remote database
> >
> > the COM+ app has been configured to RUN AS SERVER and I have specified
> > in the identity tab that the app should run as MYDOMAIN\MYUSER
> >
> > however, when I open my ASP.NET app and click on the button which
> > makes the call to the Serviced Component, I can see from SQL Server
> > Profiler that the user which tried to access the remote DB is
> > <MACHINE>\ASPNET
> >
> > for some reason, the COM+ app is not running as the account that I
> > specify in the Identity tab but as the caller (which in this case is
> > <MACHINE>\ASPNET)
> >
> > I guess I have some configuration problem, but I really couldn't
> > figure out what it is:
> > - I correctly wrote my Serviced Component
> > - I strongly named the assembly .DLL produced by compiling the
> > component
> > - I registered the component with regsvcs.exe
> > - my ASP.NET application references the DLL that has been strongly
> > named
> >
> > Any suggestions would be welcome!
> >
> > Thanks in advance,
> > -Gianluca Torta

>
>
>

[msnews.microsoft.com]

You said in your post that the user being used against the database was the
ASPNET user, so I figured that changing the user account being used by
ASP.NET would also change the user being used for accessing the database.
Have you considered this?

"Gianluca Torta" <GianlucaTorta@discussions.microsoft.com> wrote in message
news:97E99CE9-7E59-43E3-8F48-545B581C7CA3@microsoft.com...

> Dear Svein, thank you for your reply.
>
> Unfortunately the requirements I have make the Serviced Component the best
> way to obtain my goals (see thread "accessing remote resources from
> ASP.NET
> app").
>
> So my problem is now how to make my Serviced Component to run with
> identity
> "MYDOMAIN\MYUSER"
>
> -Gianluca
>
> "Svein Terje Gaup" wrote:
>

>> If you are using Windows Server 2003, you can configure an application
>> pool
>> to be run as a user account of your choice. You can then assign your web
>> application to the application pool. Then check to see what account is
>> being
>> used on your database.
>>
>> In ASP.NET you might also try to configure impersonation in web.config:
>> <identity impersonate="true" userName="DOMAIN\databaseuser"
>> password="123456" />
>>
>> This article describes a method for accessing resources on a server using
>> a
>> copied ASPNET account:
>> [url]http://weblogs.asp.net/mschwarz/archive/2003/03/31/4515.aspx[/url]
>> Perhaps you can use it for accessing your database?
>>
>> HTH,
>> Svein Terje Gaup
>>
>> "Gianluca Torta" <giatorta@gmail.com> wrote in message
>> news:21efe956.0501241104.21a525c6@posting.google.c om...

>> > Cross posting since I had no reply yet from
>> > microsoft.public.dotnet.framework.component_servic es
>> >
>> > Hi all,
>> >
>> > I have an ASP.NET app and a Serviced Component that runs within a COM+
>> > app
>> >
>> > the Serviced Component is intended to access a remote database with an
>> > identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
>> > that actually can access the remote database
>> >
>> > the COM+ app has been configured to RUN AS SERVER and I have specified
>> > in the identity tab that the app should run as MYDOMAIN\MYUSER
>> >
>> > however, when I open my ASP.NET app and click on the button which
>> > makes the call to the Serviced Component, I can see from SQL Server
>> > Profiler that the user which tried to access the remote DB is
>> > <MACHINE>\ASPNET
>> >
>> > for some reason, the COM+ app is not running as the account that I
>> > specify in the Identity tab but as the caller (which in this case is
>> > <MACHINE>\ASPNET)
>> >
>> > I guess I have some configuration problem, but I really couldn't
>> > figure out what it is:
>> > - I correctly wrote my Serviced Component
>> > - I strongly named the assembly .DLL produced by compiling the
>> > component
>> > - I registered the component with regsvcs.exe
>> > - my ASP.NET application references the DLL that has been strongly
>> > named
>> >
>> > Any suggestions would be welcome!
>> >
>> > Thanks in advance,
>> > -Gianluca Torta

>>
>>
>>