Asp Forum - RE: Identity crisis on a WS - microsoft.public.dotnet.framework.aspnet.webservices

(Luke Zhang [MS])

6/10/2004 4:27:00 AM

Hi Luis,

You may add a web method and return following string to see the account
your web service run with:

System.Security.Principal.WindowsIdentity.GetCurrent().Name

If it is not the administrator account you planed, you may try impersonate
in the web service. Here is a article about this:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/default.aspx?scid=KB;EN-...

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

4 Answers

=?Utf-8?B?THVpcw==?=

6/10/2004 7:11:00 PM

Luke,

I checked with "System.Security.Principal.WindowsIdentity.GetCurrent().Name" and in fact I do have the DOMAIN\USER combination that I expected (a user that is a memeber of the administrators group).
I eve andded this user to the Act as part of the operating system key in Local Security Policies.

I am still geting the same ERROR_ACCESS_DENIED 5 (0000005) err msg.

Do you have any suggestions?

Luis

"[MSFT]" wrote:

> Hi Luis,
>
> You may add a web method and return following string to see the account
> your web service run with:
>
> System.Security.Principal.WindowsIdentity.GetCurrent().Name
>
> If it is not the administrator account you planed, you may try impersonate
> in the web service. Here is a article about this:
>
> INFO: Implementing Impersonation in an ASP.NET Application
> http://support.microsoft.com/default.aspx?scid=KB;EN-...
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

(Luke Zhang [MS])

6/11/2004 7:52:00 AM

Hi Luis,

I suggest you monitor the process with two utilities: regmon and filemon.
They can monitor all the access on file system and registry. If there is an
Access Denied problem, they will record it.

You may download them from:

http://www.systeminternals.com/products/repairandrecovery/index....

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

=?Utf-8?B?THVpcw==?=

6/11/2004 6:00:00 PM

Luke,

Instead of "investing" the $249 I gave this particular user full control over the registry and over c:\winnt

Inaddition I added MyApp.dll in the framework configuration utility, I /Runtime Security Ploc Machine and User policies with full trust.

To me it sounds as if it was an access problem either to the registry or the file system (wich, as far as I understood, is exactly what those utilities do...), this would sove it.

It did NOT.

Luis

"[MSFT]" wrote:

> Hi Luis,
>
> I suggest you monitor the process with two utilities: regmon and filemon.
> They can monitor all the access on file system and registry. If there is an
> Access Denied problem, they will record it.
>
> You may download them from:
>
> http://www.systeminternals.com/products/repairandrecovery/index....
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>

(Luke Zhang [MS])

6/14/2004 9:08:00 AM

Hi Luis,

I know they have some free dowload links:

http://www.sysinternals.com/ntw2k/source/fil...

http://www.sysinternals.com/ntw2k/source/re...

"WINNT" folder may not be the only file path it request. I still suggest
you perform a trace with above utilities.

Luke

microsoft.public.dotnet.framework.aspnet.webservices

RE: Identity crisis on a WS

(Luke Zhang [MS])

=?Utf-8?B?THVpcw==?=

(Luke Zhang [MS])

=?Utf-8?B?THVpcw==?=

(Luke Zhang [MS])

x Login to ForumsZone