Running as an administrator, I can retrieve the account password
stored by IIS for any application pool (using the WAMUserPass
property). But, unsurprisingly, an ASP.NET application running inside
an application pool that is does not have administrator privileges
can't even enumerate the list of application pools.
I can access the application pool by hard-coding the name, but even
then the WAMUserPass is an empty property value collection.
This doesn't hugely surprise me, but it's somewhat frustrating - the
reason I want access to this password is to schedule Windows Tasks
with the same account, and for that I need the password. Seeing as
the password has already been configured and stored by IIS, I want to
avoid needing to configure and store it elsewhere too.
Unless there's another way around this...
6  3471 
What about running the web app pool as a user that has Administrator
privileges?
Cheers
Ken
"Dylan Nicholson" <wi******@hotma il.comwrote in message
news:11******** **************@ w3g2000hsg.goog legroups.com...
Running as an administrator, I can retrieve the account password
stored by IIS for any application pool (using the WAMUserPass
property). But, unsurprisingly, an ASP.NET application running inside
an application pool that is does not have administrator privileges
can't even enumerate the list of application pools.
I can access the application pool by hard-coding the name, but even
then the WAMUserPass is an empty property value collection.
This doesn't hugely surprise me, but it's somewhat frustrating - the
reason I want access to this password is to schedule Windows Tasks
with the same account, and for that I need the password. Seeing as
the password has already been configured and stored by IIS, I want to
avoid needing to configure and store it elsewhere too.
Unless there's another way around this...
Hello,
Please see my answers inline
Dylan Nicholson wrote:
>Running as an administrator, I can retrieve the account password
stored by IIS for any application pool (using the WAMUserPass
property). But, unsurprisingly, an ASP.NET application running inside
an application pool that is does not have administrator privileges
can't even enumerate the list of application pools.
That is true, by default non-administrators cannot enumerate the list of
application pools.
>I can access the application pool by hard-coding the name, but even
then the WAMUserPass is an empty property value collection.
That is also true. By default, non-administrators can access non-secure
properties, but not secure properties.
>This doesn't hugely surprise me, but it's somewhat frustrating - the
reason I want access to this password is to schedule Windows Tasks
with the same account, and for that I need the password. Seeing as
the password has already been configured and stored by IIS, I want to
avoid needing to configure and store it elsewhere too.
Unless there's another way around this...
I would run the scheduled application with a special user that has been
setup specifically for this purpose. Then you can evaluate what
permissions are needed, and run the application with a locked-down user
account.
Hope this helps!
--
Regards,
Kristofer Gafvert http://www.gafvert.info/iis/ - IIS Related Info
On Oct 5, 5:07 pm, "Ken Schaefer" <kenREM...@THIS adOpenStatic.co m>
wrote:
What about running the web app pool as a user that has Administrator
privileges?
Client insisted that this wasn't acceptable.
On Oct 6, 1:59 am, "Kristofer Gafvert" <kgafv...@NEWSi lopia.com>
wrote:
Hello,
Please see my answers inline
Dylan Nicholson wrote:
Running as an administrator, I can retrieve the account password
stored by IIS for any application pool (using the WAMUserPass
property). But, unsurprisingly, an ASP.NET application running inside
an application pool that is does not have administrator privileges
can't even enumerate the list of application pools.
That is true, by default non-administrators cannot enumerate the list of
application pools.
I can access the application pool by hard-coding the name, but even
then the WAMUserPass is an empty property value collection.
That is also true. By default, non-administrators can access non-secure
properties, but not secure properties.
This doesn't hugely surprise me, but it's somewhat frustrating - the
reason I want access to this password is to schedule Windows Tasks
with the same account, and for that I need the password. Seeing as
the password has already been configured and stored by IIS, I want to
avoid needing to configure and store it elsewhere too.
Unless there's another way around this...
I would run the scheduled application with a special user that has been
setup specifically for this purpose. Then you can evaluate what
permissions are needed, and run the application with a locked-down user
account.
The ASP.NET app has the same permission requirements as the scheduled
task - reading/writing to the same directory, accessing the same
database.
Anyway, how would that help, I'd still need to store a password.
Actually my current "solution" is for the password to be fixed via an
algorithm that uses static hard-coded information. Not happy with it
though.
"Dylan Nicholson" <wi******@hotma il.comwrote in message
news:11******** **************@ d55g2000hsg.goo glegroups.com.. .
On Oct 5, 5:07 pm, "Ken Schaefer" <kenREM...@THIS adOpenStatic.co m>
wrote:
>What about running the web app pool as a user that has Administrator
privileges?
Client insisted that this wasn't acceptable.
OK - use the DPAPI API available with Windows to store/retrieve the
password. That way you don't need to come up with your own secure storage
mechanism for passwords.
Cheers
Ken
On Oct 7, 9:39 pm, "Ken Schaefer" <kenREM...@THIS adOpenStatic.co m>
wrote:
"Dylan Nicholson" <wizof...@hotma il.comwrote in message
news:11******** **************@ d55g2000hsg.goo glegroups.com.. .
On Oct 5, 5:07 pm, "Ken Schaefer" <kenREM...@THIS adOpenStatic.co m>
wrote:
What about running the web app pool as a user that has Administrator
privileges?
Client insisted that this wasn't acceptable.
OK - use the DPAPI API available with Windows to store/retrieve the
password. That way you don't need to come up with your own secure storage
mechanism for passwords.
DPAPI offers storage? I thought it only offered encryption (and even
then you have to provide a password). And it doesn't solve the
problem have the user having to supply the password twice. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Mike Von Stein |
last post by:
Maybe I'm missing something obvious, but if I several MDB's that use
the same secure workgroup MDW file and the user logs into one of them
is there a way through code that I can open other databases using
his/her credentials that were validated when the first database was
opened? (I want to open a new physical instance of Access, not a
ADOX connection or DAO workspace. Basically trying to avoid making
them put in their User Name and...
|
by: Andrew Dowding |
last post by:
Hi Everybody,
I have been looking at problems with my Windows Forms C# application
and it's little Jet 4 (Access) database for the last few days. The
Windows Forms app implements a facade and implementation, data
abstraction layer. But because each data adapter in the implementation
layer has a connection object that opens and closes as needed, I found
I got several errors from the Jet engine when there were simultaneous
connections to...
|
by: steve Sweales |
last post by:
I am trying to design a windows forms application (not asp.net) in C#,
and need to know if the following scenario is possible :
Once my application is running I need to be able to impersonate another
user account which will have access to a network drive that the current
user account does not have access to. Is it possible to impersonate the
required user account and map to the drive in code, enabling the current
user to view the...
|
by: scorpion53061 |
last post by:
is it possible to set the database password that you can set in access for a
database from a vb.net application?
|
by: James |
last post by:
I succesfully pass username , domain and password via this function (taken
from MSDN)
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As , _
ByVal lpszDomain As , ByVal lpszPassword As , _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
| | |
by: Kirk |
last post by:
The following C# web service works fine until you uncomment the lines
setting UserName and Password. Then, Process.Start throws an
Access is Denied Exception. This is with .NET 2.0, of
course (1.1 does not support running a process as a different user).
I'm running everything on Windows Server 2003. I have impersonation
enabled
in my web.config, and I'm using Integrated authentication on the IIS
virtual
directory that this aspx is in....
|
by: willyd61 |
last post by:
Hello Everyone! Newbie here...
I can't configure any remote clients to connect to my DB2 server, I am
able to run and connect local from the server, but if I try to connect
with a user and specify password it fails with the dreaded SQL30082N. I
have checked all parameters, there is the servicename registered in
/etc/services the dbm cfg is set (pasted below). this is a Workgroup
Edition, I have tried everything, also note that I can only...
|
by: fniles |
last post by:
I am using VB.Net 2003 and MS Access (connecting using OleDBConnection).
I read using DataAdapter and DataSet, not DataReader.
When many people try to access the database at the same time, I get the
error "ExecuteReader requires an open and available Connection. The
connection's current state is Open, Executing." I do not use ExecuteReader,
why the error says ExecuteReader. What does it mean ?
When I get this error, is there a way for me...
|
by: calvinkwoo3000 |
last post by:
My Window application run property withour link to mdb without password.
Once i set security password to mdb file, the error belor come out when i click detail.
Not a valid password. and detail as below
the string to connect to mdb is conn = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\\mms.mdb;Jet OLEDB:Database Password=password;");
See the end of this message for details on invoking ...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
