security issue, access denied, impersonate

#1 November 27th, 2006, 05:45 PM

Hi, all:

My asp.net application calles MS speech 5.1 and generate a wav file on
server's path. Everything runs perfectly on my development machine. But
when I move the appl to production server, I always get ERROR: Access
is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
First I thought its the permission problem, so I set permission of that
directory to everyone (not an secure idea, but for test only). I found
out that I can write a text file to that path or create a wav file with
size 0k. whenever the speech try to speak to the filestream, the error
occured. see the following code.

SpeechVoiceSpeakFlags SpFlags =
SpeechVoiceSpeakFlags.SVSFlagsAsync;
SpVoice Voice = new SpVoice();

SpeechStreamFileMode SpFileMode =
SpeechStreamFileMode.SSFMCreateForWrite;

SpFileStream spFileStream = new SpFileStream();
spFileStream.Open(strFile, SpFileMode, false); //HERE IS
FINE

Voice.AudioOutputStream = spFileStream;
Voice.Speak(pText, SpFlags); //CATCH ERROR HERE
Voice.WaitUntilDone(-1);

spFileStream.Close();

I put the same code into a windows appl and run it on my production
server, it works fine, so I think it must be the asp.net does not have
the authority to call the speach com object. (am I right here?)

I read some post talking about impersonate or ASPNET user account, but
still quite confusing.

1. Where can I set which account my asp.net runs on?
on my own machine, it runs on MACHINENAME\ASPNET, but on my production
server it runs on NT AUTHORITY\NETWORK SERVICE. by using
System.Security.Principal.WindowsIdentity.GetCurre nt().Name;
Also, I cannot add ASPNET permission of my path, it always give me
that aspnet is not a valid user (that why I added everyone.)

2. I tried using impersonate and it works. But it is not a good idea as
I expose the user name and pwd in my config file. Also, I have to
create a same user on my laptop and the production server. IS that
impersonate means?

<authentication mode="Windows" />
<identity impersonate="true" userName="administrator"
password="mypwd"/>

Can I do this impersonate in my code (aka, when I need to create the
wav file and write to the path) and how ?

Sorry for the long post and lots questions, this kind stuff always
confused me.

Thanks in advance
-rockdale

#2 November 28th, 2006, 12:55 AM

Hi Rockdale,

You can use the WindowsIdentity.Impersonate method. The docs have an
example of code you can use:

http://msdn2.microsoft.com/en-us/library/w070t6ka.aspx

Joe
--
http://www.csharp-station.com

"rockdale" wrote:

Quote:

Hi, all:
>
My asp.net application calles MS speech 5.1 and generate a wav file on
server's path. Everything runs perfectly on my development machine. But
when I move the appl to production server, I always get ERROR: Access
is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
First I thought its the permission problem, so I set permission of that
directory to everyone (not an secure idea, but for test only). I found
out that I can write a text file to that path or create a wav file with
size 0k. whenever the speech try to speak to the filestream, the error
occured. see the following code.
>
SpeechVoiceSpeakFlags SpFlags =
SpeechVoiceSpeakFlags.SVSFlagsAsync;
SpVoice Voice = new SpVoice();
>
SpeechStreamFileMode SpFileMode =
SpeechStreamFileMode.SSFMCreateForWrite;
>
SpFileStream spFileStream = new SpFileStream();
spFileStream.Open(strFile, SpFileMode, false); //HERE IS
FINE
>
>
Voice.AudioOutputStream = spFileStream;
Voice.Speak(pText, SpFlags); //CATCH ERROR HERE
Voice.WaitUntilDone(-1);
>
spFileStream.Close();
>
I put the same code into a windows appl and run it on my production
server, it works fine, so I think it must be the asp.net does not have
the authority to call the speach com object. (am I right here?)
>
I read some post talking about impersonate or ASPNET user account, but
still quite confusing.
>
1. Where can I set which account my asp.net runs on?
on my own machine, it runs on MACHINENAME\ASPNET, but on my production
server it runs on NT AUTHORITY\NETWORK SERVICE. by using
System.Security.Principal.WindowsIdentity.GetCurre nt().Name;
Also, I cannot add ASPNET permission of my path, it always give me
that aspnet is not a valid user (that why I added everyone.)
>
>
2. I tried using impersonate and it works. But it is not a good idea as
I expose the user name and pwd in my config file. Also, I have to
create a same user on my laptop and the production server. IS that
impersonate means?
>
<authentication mode="Windows" />
<identity impersonate="true" userName="administrator"
password="mypwd"/>
>
Can I do this impersonate in my code (aka, when I need to create the
wav file and write to the path) and how ?
>
>
Sorry for the long post and lots questions, this kind stuff always
confused me.
>
Thanks in advance
-rockdale
>
>

#3 November 28th, 2006, 01:55 PM

Thanks, will try it later.

What's the logonToken should I pass into the function

private static void ImpersonateIdentity(IntPtr logonToken)
?

Joe Mayo (C# MVP) wrote:

Quote:

Hi Rockdale,
>
You can use the WindowsIdentity.Impersonate method. The docs have an
example of code you can use:
>
http://msdn2.microsoft.com/en-us/library/w070t6ka.aspx
>
Joe
--
http://www.csharp-station.com
>
>
"rockdale" wrote:
>

Quote:

Hi, all:

My asp.net application calles MS speech 5.1 and generate a wav file on
server's path. Everything runs perfectly on my development machine. But
when I move the appl to production server, I always get ERROR: Access
is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
First I thought its the permission problem, so I set permission of that
directory to everyone (not an secure idea, but for test only). I found
out that I can write a text file to that path or create a wav file with
size 0k. whenever the speech try to speak to the filestream, the error
occured. see the following code.

SpeechVoiceSpeakFlags SpFlags =
SpeechVoiceSpeakFlags.SVSFlagsAsync;
SpVoice Voice = new SpVoice();

SpeechStreamFileMode SpFileMode =
SpeechStreamFileMode.SSFMCreateForWrite;

SpFileStream spFileStream = new SpFileStream();
spFileStream.Open(strFile, SpFileMode, false); //HERE IS
FINE

Voice.AudioOutputStream = spFileStream;
Voice.Speak(pText, SpFlags); //CATCH ERROR HERE
Voice.WaitUntilDone(-1);

spFileStream.Close();

I put the same code into a windows appl and run it on my production
server, it works fine, so I think it must be the asp.net does not have
the authority to call the speach com object. (am I right here?)

I read some post talking about impersonate or ASPNET user account, but
still quite confusing.

1. Where can I set which account my asp.net runs on?
on my own machine, it runs on MACHINENAME\ASPNET, but on my production
server it runs on NT AUTHORITY\NETWORK SERVICE. by using
System.Security.Principal.WindowsIdentity.GetCurre nt().Name;
Also, I cannot add ASPNET permission of my path, it always give me
that aspnet is not a valid user (that why I added everyone.)

2. I tried using impersonate and it works. But it is not a good idea as
I expose the user name and pwd in my config file. Also, I have to
create a same user on my laptop and the production server. IS that
impersonate means?

<authentication mode="Windows" />
<identity impersonate="true" userName="administrator"
password="mypwd"/>

Can I do this impersonate in my code (aka, when I need to create the
wav file and write to the path) and how ?

Sorry for the long post and lots questions, this kind stuff always
confused me.

Thanks in advance
-rockdale

security issue, access denied, impersonate

Popular Articles

What is Bytes?