Azman System.UnauthorizedAccessException in web services

12 Apr 2005 3:05 AM

bestteo

hi,

i have big problem on the above. I m using Winxp sp2 for development.
i had downloaded the win server 2003 admin pack. i created a store in
xml using Azman. I have created 3 users, A, B, and C(domain users) and
assigned them to role D.

I have a web service ws.asmx. I deny access to those who are not
allowed role D. When i logged in as user A, i could access the web
service. The asmx was written when i was logged in as user A.
However, when i logged in as B and C, i got System.UnauthorizedAccess
Exception:

Access is denied.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access is
denied.

ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS
5 or Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user
(typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET write access to a file, right-click the file in
Explorer, choose "Properties" and select the Security tab. Click "Add"
to add the appropriate user or group. Highlight the ASP.NET account,
and check the boxes for the desired access.

[UnauthorizedAccessException: Access is denied.]
   AZROLESLib.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String
bstrPolicyURL, Object varReserved) +0
   priceboard_mini_www.Global.Application_AuthenticateRequest(Object
sender, EventArgs e) in c:\inetpub\wwwroot\pbmini_www\global.asax.cs:96

System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
+60
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +87

My impersonate is set to true and i have given all the access i could.
what am i missing? is it a bug with Winxp sp2 or i missed out something
important?

12 Apr 2005 7:59 PM

richlm

Experienced similar sounding problems with a windows service running as
NETWORK_SERVICE account on XP accessing an XML based AzMan store. The same
code worked fine on Windows Server 2003.

Our solution/workaround was to configure the service to run as a domain
account, and assign the appropriate ACLs to the XML AzMan store.

It seems that AzMan is not fully supported on XP...

Try configuring ASP.NET on your XP machine to run under a domain "service"
account instead of (MACHINE)\ASPNET. Assign the service account the
necessary access rights to the XML AzMan file, and avoid impersonating when
calling AzMan (otherwise all users will also need access to the AzMan
store).

Alternatively, you might consider moving your authorization logic into a
COM+ component which has the necessary access to the AzMan store.