473,320 Members | 1,947 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Elevated Privileges Problem-Please Help

Hi
I am posting this again.Sorry for the trouble.
I just have a third party dll which does some custom functionality.
The Dll have some apis which run only when the user is an administrator.
I made a simple windows GUI application which makes use of the dll. Good it
works fine when i am logged in as the Administrator.

I made a Webservice which uses PInvoke thereby making use of the DLL.
The DLL reported Error as the WebService is not running in the Administrator
Authorization mode.
SOo i went into Machine.config and changed the process model attributes to
username :administrator password:MyPassword
and it works VERY FINE.. No problems at all.

But i dont want to have the machine.config approach as it makes each and
every webservice running on the system as an administrator mode.
How can i have customized thing which works as an administrator mode only
for that webservice and not for others.

I also tried
doing in web.config to make it personalised only for one webservice but it
did not work. I get an access denied message in the custom dll which says
admin did not login. It only works if i modify the machine.config. Can this
be done in some way?

I modified web.config as follows by adding one line
<identity impersonate="true" userName="Administrator" password="mypassword"
/>

Is there any way????
Expecting ur replies.
Regards
Shal


Nov 18 '05 #1
1 1779
If this DLL is strongnamed, try registering on to the GAC in order to
receive Fulltrust and work without CAS errors (in some cases you might need
the APTA attribute). This is the classic "sandbox" scenario.
However, if this DLL need to access protected resources by a strong ACL
(that is with Admin privileges), then you should run this DLL under a high
privilege account (admin alike). On approach to this might be to run this
DLL in another process that might be a Web Service running under an account
with the required privileges and with a "strong" authentication scheme
(i.e., NTLM/Kerberos) and allowing access to only your client web site
worker process account and public access to this site disabled. Whatever
strategy you choose, watch out for running with high privileges accounts on
your public web site.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
Shadowfax Dev Team

This posting is provided "AS IS" with no warranties, and confers no rights.

"Shalini" <ka**********@NOSPAMyahoo.com> wrote in message
news:uP**************@TK2MSFTNGP10.phx.gbl...
Hi
I am posting this again.Sorry for the trouble.
I just have a third party dll which does some custom functionality.
The Dll have some apis which run only when the user is an administrator.
I made a simple windows GUI application which makes use of the dll. Good it works fine when i am logged in as the Administrator.

I made a Webservice which uses PInvoke thereby making use of the DLL.
The DLL reported Error as the WebService is not running in the Administrator Authorization mode.
SOo i went into Machine.config and changed the process model attributes to username :administrator password:MyPassword
and it works VERY FINE.. No problems at all.

But i dont want to have the machine.config approach as it makes each and
every webservice running on the system as an administrator mode.
How can i have customized thing which works as an administrator mode only
for that webservice and not for others.

I also tried
doing in web.config to make it personalised only for one webservice but it
did not work. I get an access denied message in the custom dll which says
admin did not login. It only works if i modify the machine.config. Can this be done in some way?

I modified web.config as follows by adding one line
<identity impersonate="true" userName="Administrator" password="mypassword" />

Is there any way????
Expecting ur replies.
Regards
Shal


Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Amardeep Verma | last post by:
Hi, I have a quick question. Which role/privileges are required before a user can give the statement "GRANT ALL PRIVILEGES"? Thanking you in Advance Have a nice day
0
by: Charles Cantrell | last post by:
I have recently set up mySQL on a Mandrake release of Linux (Version 7 of Mandrake, I believe), using the binary 4.0.13 standard release. The set up and start up all were normal, as far as I...
0
by: hannes.lambrecht | last post by:
Hi, A question about clickOnce deployment. How can I make a clickOnce application with elevated permissions work, when dowloaded from the internet zone. I always get the message: "This...
2
by: chatiman | last post by:
Hello, Is it possible to get extended privileges for a local application, without asking if possible, like any non/java-javascript app would be able to ? Thanks
2
by: virgilio | last post by:
Hi all, "Administrator Guide Implementation" DB2 8.2, chapter 7, section "Indirect privileges through a package" states: (highlight >>>>!!!<<<<) "Privileges granted to individuals binding the...
1
by: Kreißl, Karsten | last post by:
Hello, we want use dblink to connect several databases in a client/server environment. Connection from local users to the remote databases should be possible only for privileged users. We tried a...
0
by: Stefano Bonnin | last post by:
Hi, I'm a Postgis user, and I have a problem restoring data from 7.4 to 8.0..0beta2. I use the postgis_restore.pl script that comes with postgis distribution. I do the following for the dump:...
1
by: razedk | last post by:
After creating a new user and executing "mysqladmin flush-privileges" I have lost all my privileges, I cant connect as root or any other user. Any idea why ? What can I do to restore or...
1
by: David Hearn | last post by:
(Apologies if this is not the appropriate group) I'm trying to use an external USRobotics USB modem (Model 5633B) in Vista - and talk to it via AT commands from my C# application (using VS2008 +...
5
by: idoha | last post by:
Hi, I am trying to write a script that kills processes that generated by the OS on a localhost. The problem is that this script must be run under a user with administrator privileges, otheriwse...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.