|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Authorization Manager/Windows 2000/ASP.NET throwing UnauthorizedAcaccess to ASP.NET pages. The code works as desired on Windows 2003. Windows 2003 is not currently certified for production use at my client so I need to use Windows 2000. I have installed the Authorization Manager runtime for Windows 2000. Windows 2000 SP4 is installed. MSXML 4 is installed. AzAuthorizationStoreClass.Initialize() keeps returning an UnauthorizedAccessException. My store is an XML file that ASPNET has access to. If I add ASPNET to the local Administrators group of the machine the module works as it does on Windows 2003. This narrows it down to a security problem involving the ASPNET account. I am having trouble figuring out what permission/user right ASPNET needs in order to work on Windows 2000. I have used regmon.exe and filemon.exe from sysinternals.com and as far as I can tell there are no accesses being denied. Security auditing is enabled on the machine and nothing shows up in the security event log. I need to figure out what rights to give ASPNET because it is obviously unacceptable for ASPNET to be an Administrator. Does anyone know what permissions/user rights are required in order to use Authorization Manager from within an ASP.NET module? Thanks. dan Hello Dan,
in the AzMan GUI you can specify admin/reader roles to the store. I guess you have to put ASPNET to the reader role. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > I have written an HTTP module that uses Authorization Manager to > control access to ASP.NET pages. The code works as desired on Windows > 2003. Windows 2003 is not currently certified for production use at > my client so I need to use Windows 2000. I have installed the > Authorization Manager runtime for Windows 2000. Windows 2000 SP4 is > installed. MSXML 4 is installed. > > AzAuthorizationStoreClass.Initialize() keeps returning an > UnauthorizedAccessException. My store is an XML file that ASPNET has > access to. > > If I add ASPNET to the local Administrators group of the machine the > module works as it does on Windows 2003. This narrows it down to a > security problem involving the ASPNET account. I am having trouble > figuring out what permission/user right ASPNET needs in order to work > on Windows 2000. I have used regmon.exe and filemon.exe from > sysinternals.com and as far as I can tell there are no accesses being > denied. Security auditing is enabled on the machine and nothing shows > up in the security event log. I need to figure out what rights to > give ASPNET because it is obviously unacceptable for ASPNET to be an > Administrator. > > Does anyone know what permissions/user rights are required in order to > use Authorization Manager from within an ASP.NET module? > > Thanks. > > dan > ASPNET already is in the Reader role of the store. Any other thoughts?
Thanks Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hello Dan, > > in the AzMan GUI you can specify admin/reader roles to the store. I guess > you have to put ASPNET to the reader role. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > I have written an HTTP module that uses Authorization Manager to > > control access to ASP.NET pages. The code works as desired on Windows > > 2003. Windows 2003 is not currently certified for production use at > > my client so I need to use Windows 2000. I have installed the > > Authorization Manager runtime for Windows 2000. Windows 2000 SP4 is > > installed. MSXML 4 is installed. > > > > AzAuthorizationStoreClass.Initialize() keeps returning an > > UnauthorizedAccessException. My store is an XML file that ASPNET has > > access to. > > > > If I add ASPNET to the local Administrators group of the machine the > > module works as it does on Windows 2003. This narrows it down to a > > security problem involving the ASPNET account. I am having trouble > > figuring out what permission/user right ASPNET needs in order to work > > on Windows 2000. I have used regmon.exe and filemon.exe from > > sysinternals.com and as far as I can tell there are no accesses being > > denied. Security auditing is enabled on the machine and nothing shows > > up in the security event log. I need to figure out what rights to > > give ASPNET because it is obviously unacceptable for ASPNET to be an > > Administrator. > > > > Does anyone know what permissions/user rights are required in order to > > use Authorization Manager from within an ASP.NET module? > > > > Thanks. > > > > dan > > > > > > FIXED
For some reason authorization manager or most likely MSXML4 opens up each parent folder on its way to opening the store.xml file. ASPNET did not have the right to open the parent folders so this was causing the access denied error. I gave ASPNET the right to 'List Folder Contents' on the parent folders and now AZMAN works. This should not have been necessary because the Users group has the 'Bypass traverse checking' right. Thanks for the help. dan Show quoteHide quote "Dan Finucane" wrote: > ASPNET already is in the Reader role of the store. Any other thoughts? > > Thanks > > "Dominick Baier [DevelopMentor]" wrote: > > > Hello Dan, > > > > in the AzMan GUI you can specify admin/reader roles to the store. I guess > > you have to put ASPNET to the reader role. > > > > --------------------------------------- > > Dominick Baier - DevelopMentor > > http://www.leastprivilege.com > > > > > I have written an HTTP module that uses Authorization Manager to > > > control access to ASP.NET pages. The code works as desired on Windows > > > 2003. Windows 2003 is not currently certified for production use at > > > my client so I need to use Windows 2000. I have installed the > > > Authorization Manager runtime for Windows 2000. Windows 2000 SP4 is > > > installed. MSXML 4 is installed. > > > > > > AzAuthorizationStoreClass.Initialize() keeps returning an > > > UnauthorizedAccessException. My store is an XML file that ASPNET has > > > access to. > > > > > > If I add ASPNET to the local Administrators group of the machine the > > > module works as it does on Windows 2003. This narrows it down to a > > > security problem involving the ASPNET account. I am having trouble > > > figuring out what permission/user right ASPNET needs in order to work > > > on Windows 2000. I have used regmon.exe and filemon.exe from > > > sysinternals.com and as far as I can tell there are no accesses being > > > denied. Security auditing is enabled on the machine and nothing shows > > > up in the security event log. I need to figure out what rights to > > > give ASPNET because it is obviously unacceptable for ASPNET to be an > > > Administrator. > > > > > > Does anyone know what permissions/user rights are required in order to > > > use Authorization Manager from within an ASP.NET module? > > > > > > Thanks. > > > > > > dan > > > > > > > > > > > 
Other interesting topics
session manager vs Form authentication in the Global.asax.cs file
User.IsInRole is always FALSE User Identity Multi-Domain Authentication for Windows Services WS Security issues Newbie Question - List of all available hash algorithms? DPAPI Decryption on different machine Set concurrent connections on share MemoryStream requires FileIOPermission ??? Bad Data CryptographicException when RSA decrypting |
|||||||||||||||||||||||
