|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
ASP.NET making COM calls on IIS6and tried numerous suggested fixes, but can't seem to get beyond the problem, so any suggestions would be appreciated. ISSUE: Our ASP.NET application connects to a COM service. This works fine (either with IIS 5 or IIS 6) if the service is installed on the same server as the ASP.NET app. Our issue occurs when the ASP.net app is trying to connect to a COM service on a different machine. Below is the configuration on IIS5 and IIS6, it works on IIS5 but does not on IIS6 the page that is display is below. Configuration From the web.config file <identity impersonate="true" userName="registry:HKLM\SOFTWARE\C2C_Systems\AOnePolSearch\identity\ASPNET_S ETREG,userName" password="registry:HKLM\SOFTWARE\C2C_Systems\AOnePolSearch\identity\ASPNET_S ETREG,password" /> This user is the same user running the service on the other machine. In the 'Directory Security' tab of the properties of the web site on the 'Anonymous access and authentication control' We have 'Basic authentication (password is sent in clear text)' and 'Integrated Windows authentication' as the only toptions selected. We have tried connecting from a browser that is using Integrated authentication, and from one using Basic authentication, and the result is the same. Error from IIS6 Server Error in '/MyApp' Application. ---------------------------------------------------------------------------- ---- Access is denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Access is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [UnauthorizedAccessException: Access is denied.] System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0 System.Activator.CreateInstance(Type type, Boolean nonPublic) +66 MyApp.Search.GetInterface() +69 MyApp.Search.Load_Mailboxes() +122 MyApp.Search.Page_Load(Object sender, EventArgs e) +1747 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +750 ---------------------------------------------------------------------------- ---- Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300 It looks to me that the user account you are using for impersonation does
not have access to the file you're requesting. Can you verify the file system ACLs allow read access to the file for the user account? -- Show quoteHide quoteJiri Richter Microsoft Corp. This posting is provided "AS IS" with no warranties, and confers no rights. "Dave Williams" <d***@mail.me> wrote in message news:OYstvRpOFHA.3988@tk2msftngp13.phx.gbl... > Hi all, I've seen a few instances of issues like the following in this > group > and tried numerous suggested fixes, but can't seem to get beyond the > problem, so any suggestions would be appreciated. > > ISSUE: > > Our ASP.NET application connects to a COM service. This works fine (either > with IIS 5 or IIS 6) if the service is installed on the same server as the > ASP.NET app. > > Our issue occurs when the ASP.net app is trying to connect to a COM > service > on a different machine. > > Below is the configuration on IIS5 and IIS6, it works on IIS5 but does not > on IIS6 the page that is display is below. > Configuration > > From the web.config file > > <identity impersonate="true" > > > userName="registry:HKLM\SOFTWARE\C2C_Systems\AOnePolSearch\identity\ASPNET_S > ETREG,userName" > > > password="registry:HKLM\SOFTWARE\C2C_Systems\AOnePolSearch\identity\ASPNET_S > ETREG,password" > > /> > > > > This user is the same user running the service on the other machine. > > > > In the 'Directory Security' tab of the properties of the web site on the > 'Anonymous access and authentication control' > > We have 'Basic authentication (password is sent in clear text)' and > 'Integrated Windows authentication' as the only toptions selected. > > > > We have tried connecting from a browser that is using Integrated > authentication, and from one using Basic authentication, and the result is > the same. > > > > > > Error from IIS6 > > Server Error in '/MyApp' Application. > > ---------------------------------------------------------------------------- > ---- > > Access is denied. > Description: An unhandled exception occurred during the execution of the > current web request. Please review the stack trace for more information > about the error and where it originated in the code. > > Exception Details: System.UnauthorizedAccessException: Access is denied. > > ASP.NET is not authorized to access the requested resource. Consider > granting access rights to the resource to the ASP.NET request identity. > ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 > or > Network Service on IIS 6) that is used if the application is not > impersonating. If the application is impersonating via <identity > impersonate="true"/>, the identity will be the anonymous user (typically > IUSR_MACHINENAME) or the authenticated request user. > > To grant ASP.NET write access to a file, right-click the file in Explorer, > choose "Properties" and select the Security tab. Click "Add" to add the > appropriate user or group. Highlight the ASP.NET account, and check the > boxes for the desired access. > > Source Error: > > An unhandled exception was generated during the execution of the > current web request. Information regarding the origin and location of the > exception can be identified using the exception stack trace below. > > > > Stack Trace: > > [UnauthorizedAccessException: Access is denied.] > System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0 > System.Activator.CreateInstance(Type type, Boolean nonPublic) +66 > MyApp.Search.GetInterface() +69 MyApp.Search.Load_Mailboxes() +122 > MyApp.Search.Page_Load(Object sender, EventArgs e) +1747 > System.Web.UI.Control.OnLoad(EventArgs e) +67 > System.Web.UI.Control.LoadRecursive() +35 > System.Web.UI.Page.ProcessRequestMain() +750 > > > > > ---------------------------------------------------------------------------- > ---- > > Version Information: Microsoft .NET Framework Version:1.1.4322.2300; > ASP.NET > Version:1.1.4322.2300 > > 
Other interesting topics
IIS 6 Integrated Authentication and IE 6 - security credentials seem to not get passed from browser
Anonymous access Getting prompted on IIS web Anonymous access Vulnerabilities W2003 SP1 - IIS CRL Check What is HTTP compression ? IE browser "NO COOKIES" is ignored for 1 site; works for another; same scripts (Cross-posted to inet Passing credentials from IIS to another resource Crashing IIS derive public certificate from private |
|||||||||||||||||||||||
