I wrote a very simply web application and I'm having all sorts of problems
with the security getting in the way. All the web application does is load
an out-of-process COM server that is running as a service. The code is here
written for both a WinForm C# application (which works correctly) and a Web
application (which does not work correctly):
// C# application
xtapisvrLib.Xta piConfig x = new xtapisvrLib.Xta piConfigClass() ;
txtConfig.Text = x.GetConfigurat ion();
// WEB APPLICATION
xtapisvrLib.Xta piConfig xc = new xtapisvrLib.Xta piConfigClass() ;
TextBox1.Text = xc.GetConfigura tion();
I get an exception : System.Unautori zedAccessExcept ion: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6
user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authenticati on mode="None" />
<authorizatio n>
<allow users="*" />
</authorization>
This Web Application works fine on my Windows XP development machine but if
I try to put it on my Windows 2000 test machine, it gives me the exception.
Anyone have any ideas where I can go from here? I know of no other security
mechnism for a Web Application to access a local COM object.
Thanks 10 1782
I ran File Monitor on the machine and reproduced the error in the browser
but I saw no failure type result but still got the error message. Hmmm.
This seems very odd to me.
"Jayme Pechan" <ja**********@w hitefeld.com> wrote in message
news:uD******** ******@TK2MSFTN GP10.phx.gbl... I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is
load an out-of-process COM server that is running as a service. The code is
here written for both a WinForm C# application (which works correctly) and a
Web application (which does not work correctly):
// C# application xtapisvrLib.Xta piConfig x = new xtapisvrLib.Xta piConfigClass() ;
txtConfig.Text = x.GetConfigurat ion(); // WEB APPLICATION
xtapisvrLib.Xta piConfig xc = new xtapisvrLib.Xta piConfigClass() ;
TextBox1.Text = xc.GetConfigura tion(); I get an exception : System.Unautori zedAccessExcept ion: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6 user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authenticati on mode="None" />
<authorizatio n>
<allow users="*" />
</authorization> This Web Application works fine on my Windows XP development machine but
if I try to put it on my Windows 2000 test machine, it gives me the
exception. Anyone have any ideas where I can go from here? I know of no other
security mechnism for a Web Application to access a local COM object.
Thanks
You gave permissions to a couple users, but what identity does the COM
server run with?
--
Scott http://www.OdeToCode.com/blogs/scott/
On Mon, 6 Dec 2004 12:50:19 -0800, "Jayme Pechan"
<ja**********@w hitefeld.com> wrote: I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running as a service. The code is here written for both a WinForm C# application (which works correctly) and a Web application (which does not work correctly):
// C# application xtapisvrLib.Xt apiConfig x = new xtapisvrLib.Xta piConfigClass() ;
txtConfig.Te xt = x.GetConfigurat ion(); // WEB APPLICATION
xtapisvrLib.Xt apiConfig xc = new xtapisvrLib.Xta piConfigClass() ;
TextBox1.Tex t = xc.GetConfigura tion(); I get an exception : System.Unautori zedAccessExcept ion: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6 user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authenticatio n mode="None" />
<authorization >
<allow users="*" />
</authorization> This Web Application works fine on my Windows XP development machine but if I try to put it on my Windows 2000 test machine, it gives me the exception. Anyone have any ideas where I can go from here? I know of no other security mechnism for a Web Application to access a local COM object.
Thanks
You need to set your DCOM permissions using DCOMCNFG.EXE
Willy.
"Jayme Pechan" <ja**********@w hitefeld.com> wrote in message
news:uD******** ******@TK2MSFTN GP10.phx.gbl... I wrote a very simply web application and I'm having all sorts of problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running as a service. The code is here written for both a WinForm C# application (which works correctly) and a Web application (which does not work correctly):
// C# application xtapisvrLib.Xta piConfig x = new xtapisvrLib.Xta piConfigClass() ;
txtConfig.Text = x.GetConfigurat ion(); // WEB APPLICATION
xtapisvrLib.Xta piConfig xc = new xtapisvrLib.Xta piConfigClass() ;
TextBox1.Text = xc.GetConfigura tion(); I get an exception : System.Unautori zedAccessExcept ion: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6 user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authenticati on mode="None" />
<authorizatio n>
<allow users="*" />
</authorization> This Web Application works fine on my Windows XP development machine but if I try to put it on my Windows 2000 test machine, it gives me the exception. Anyone have any ideas where I can go from here? I know of no other security mechnism for a Web Application to access a local COM object.
Thanks
The COM server runs as a service under the system account.
"Scott Allen" <bitmask@[nospam].fred.net> wrote in message
news:ri******** *************** *********@4ax.c om... You gave permissions to a couple users, but what identity does the COM server run with?
-- Scott http://www.OdeToCode.com/blogs/scott/
On Mon, 6 Dec 2004 12:50:19 -0800, "Jayme Pechan" <ja**********@w hitefeld.com> wrote:
I wrote a very simply web application and I'm having all sorts of
problemswith the security getting in the way. All the web application does is
loadan out-of-process COM server that is running as a service. The code is
herewritten for both a WinForm C# application (which works correctly) and a
Webapplication (which does not work correctly):
// C# application xtapisvrLib.Xt apiConfig x = new xtapisvrLib.Xta piConfigClass() ;
txtConfig.Te xt = x.GetConfigurat ion(); // WEB APPLICATION
xtapisvrLib.Xt apiConfig xc = new xtapisvrLib.Xta piConfigClass() ;
TextBox1.Tex t = xc.GetConfigura tion(); I get an exception : System.Unautori zedAccessExcept ion: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6 user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authenticatio n mode="None" />
<authorization >
<allow users="*" />
</authorization> This Web Application works fine on my Windows XP development machine but
ifI try to put it on my Windows 2000 test machine, it gives me the
exception.Anyone have any ideas where I can go from here? I know of no other
securitymechnism for a Web Application to access a local COM object.
Thanks
I'm not sure why it would require DCOM permissions since I am only accessing
it locally as a COM object but I went ahead and did it anyway. It still had
no affect. I continue to get the same error.
I set the Authentication Level to "None"
Set custom access permissions to add ASPNET and IUSR_CDTBTL1F6 with Allow
Access
Set custom launch permissions to add ASPNET and IUSR_CDTBTL1F6 with Allow
Launch
Set custom config permissions to add ASPNET and IUSR_CDTBTL1F6 with Full
Control
I don't really want DCOM access to this object but it doesn't seem to help
anyway.
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:eP******** ******@TK2MSFTN GP11.phx.gbl... You need to set your DCOM permissions using DCOMCNFG.EXE
Willy.
"Jayme Pechan" <ja**********@w hitefeld.com> wrote in message news:uD******** ******@TK2MSFTN GP10.phx.gbl...I wrote a very simply web application and I'm having all sorts of
problems with the security getting in the way. All the web application does is load an out-of-process COM server that is running as a service. The code is here written for both a WinForm C# application (which works correctly) and a Web application (which does not work correctly):
// C# application xtapisvrLib.Xta piConfig x = new xtapisvrLib.Xta piConfigClass() ;
txtConfig.Text = x.GetConfigurat ion(); // WEB APPLICATION
xtapisvrLib.Xta piConfig xc = new xtapisvrLib.Xta piConfigClass() ;
TextBox1.Text = xc.GetConfigura tion(); I get an exception : System.Unautori zedAccessExcept ion: Access is
denied. So as an attempted to simply get this working, I added the
IUSR_CDTBTL1F6 user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authenticati on mode="None" />
<authorizatio n>
<allow users="*" />
</authorization> This Web Application works fine on my Windows XP development machine but if I try to put it on my Windows 2000 test machine, it gives me the exception. Anyone have any ideas where I can go from here? I know of no other security mechnism for a Web Application to access a local COM object.
Thanks
The identity of the server doesn't matter. You have to change the security
access permissions for your "DCOM server" by running dcomcnfg.exe (check
component services - DCOM config - yourserver - properties - security-
access permissions - add .. ASPNET).
Willy.
"Jayme Pechan" <ja**********@w hitefeld.com> wrote in message
news:OV******** ******@TK2MSFTN GP09.phx.gbl... The COM server runs as a service under the system account.
"Scott Allen" <bitmask@[nospam].fred.net> wrote in message news:ri******** *************** *********@4ax.c om... You gave permissions to a couple users, but what identity does the COM server run with?
-- Scott http://www.OdeToCode.com/blogs/scott/
On Mon, 6 Dec 2004 12:50:19 -0800, "Jayme Pechan" <ja**********@w hitefeld.com> wrote:
>I wrote a very simply web application and I'm having all sorts of problems >with the security getting in the way. All the web application does is load >an out-of-process COM server that is running as a service. The code is here >written for both a WinForm C# application (which works correctly) and a Web >application (which does not work correctly): > >// C# application >xtapisvrLib.Xt apiConfig x = new xtapisvrLib.Xta piConfigClass() ; > >txtConfig.Te xt = x.GetConfigurat ion(); > > > >// WEB APPLICATION > >xtapisvrLib.Xt apiConfig xc = new xtapisvrLib.Xta piConfigClass() ; > >TextBox1.Tex t = xc.GetConfigura tion(); > > > >I get an exception : System.Unautori zedAccessExcept ion: Access is >denied. > >So as an attempted to simply get this working, I added the >IUSR_CDTBTL1 F6 >user and the ASPNET user to the administrator account with no effect. > >My authorization section in my Web.Config looks like this: > ><authenticatio n mode="None" /> > ><authorization > > > <allow users="*" /> > ></authorization> > > > >This Web Application works fine on my Windows XP development machine but if >I try to put it on my Windows 2000 test machine, it gives me the exception. >Anyone have any ideas where I can go from here? I know of no other security >mechnism for a Web Application to access a local COM object. > >Thanks > > >
"Jayme Pechan" <ja**********@w hitefeld.com> wrote in message
news:et******** ******@TK2MSFTN GP14.phx.gbl... I'm not sure why it would require DCOM permissions since I am only accessing it locally as a COM object but I went ahead and did it anyway. It still had no affect. I continue to get the same error.
I set the Authentication Level to "None" Set custom access permissions to add ASPNET and IUSR_CDTBTL1F6 with Allow Access Set custom launch permissions to add ASPNET and IUSR_CDTBTL1F6 with Allow Launch Set custom config permissions to add ASPNET and IUSR_CDTBTL1F6 with Full Control
I don't really want DCOM access to this object but it doesn't seem to help anyway.
It's an "out of process server" so you are using DCOM right? You don't need
to give launch permissions as the process is launched as a service, not by a
DCOM instance creation request, the same for config permissions, aspnet and
IUSR_XXXX are no interactive user accounts so they can configure DCOM
annyway.
Did you restart your service, after you changed the permissions?
Willy.
Ok, I think I have the right combination. There are settings in the server
that have to be set in addition to the DCOMCNFG program. My question now
is, is there anyway to set these permissions with an installer or must I
instruct the user how to run DCOMCNFG and make the changes? That seems
pretty bad so I'm hoping for an alternative. btw, thanks for the DCOM
suggestion. I don't quite understand why it needs right through DCOM but it
does help.
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. "Jayme Pechan" <ja**********@w hitefeld.com> wrote in message news:et******** ******@TK2MSFTN GP14.phx.gbl... I'm not sure why it would require DCOM permissions since I am only accessing it locally as a COM object but I went ahead and did it anyway. It still had no affect. I continue to get the same error.
I set the Authentication Level to "None" Set custom access permissions to add ASPNET and IUSR_CDTBTL1F6 with
Allow Access Set custom launch permissions to add ASPNET and IUSR_CDTBTL1F6 with
Allow Launch Set custom config permissions to add ASPNET and IUSR_CDTBTL1F6 with Full Control
I don't really want DCOM access to this object but it doesn't seem to
help anyway.
It's an "out of process server" so you are using DCOM right? You don't
need to give launch permissions as the process is launched as a service, not by
a DCOM instance creation request, the same for config permissions, aspnet
and IUSR_XXXX are no interactive user accounts so they can configure DCOM annyway. Did you restart your service, after you changed the permissions?
Willy.
"Jayme Pechan" <ja**********@w hitefeld.com> wrote in message
news:eI******** ********@TK2MSF TNGP15.phx.gbl. .. Ok, I think I have the right combination. There are settings in the server that have to be set in addition to the DCOMCNFG program. My question now is, is there anyway to set these permissions with an installer or must I instruct the user how to run DCOMCNFG and make the changes? That seems pretty bad so I'm hoping for an alternative. btw, thanks for the DCOM suggestion. I don't quite understand why it needs right through DCOM but it does help.
Out-of-process COM servers use ORPC as IPC protocol (commonly called DCOM)
and security is an integral part of it. Normally you should configure COM
security programatically in your server code, if you don't, you can set it
in the registry chech this: "Setting Processwide Security Through the
Registry in MSDN".
However, If you don't need security at all why didn't you implement the
server using remoting instead of DCOM? Or better why didn't you use
System.Enterpri seServices (COM+) to host your out-proc server, here you
could use the administrative facilities of COM+ to configure the security
settings.
Willy. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: lawrence |
last post by:
Dear Peter,
Do we know anyone else who writes PHP code? There is too much work to
do, especially if Costin and I are going to join our software
together.
The easiest way for us to join our software together is through high
level wrapper classes that take other classes for arguments. Costin
and I could move toward joining the software one package at a time.
|
by: Alex |
last post by:
Hello people,
The following is not a troll but a serious request.
I found myself in a position where I have to present a Pro/Con list to management and architects in our company with regard to developing new products (specifically - desktop products) in C#/.NET instead of the usual C++/COM that we do.
Since I am not an experienced .NET developer by any definition, I don't have a good grip on the "Pro" part.
The argument that I hear...
|
by: osfwofujro |
last post by:
According to a financial website I tried to access without JavaScript:
"the site uses JS for security reasons."
How would using JS improve security?
Thanks.
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.
So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!
|
by: Alberto |
last post by:
Could you tell me what it's for the "Persist Security Info ..." value in a
connection string.
Thank you.
| |
by: Kesavan |
last post by:
Is there any way to run a function or a code-block whenever the client-
server communication breaks off. (ie power-off, browser-crash...)
Why I need this is, I want to update a login-table to trace user's
leave the portal without proper log-off or sign-out.
Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to...
|
by: =?ISO-8859-1?Q?Lasse_V=E5gs=E6ther_Karlsen?= |
last post by:
I get the above error in some of the ASP.NET web applications on a
server, and I need some help figuring out how to deal with it.
This is a rather long post, and I hope I have enough details that
someone who bothers to read all of it have some pointers.
Note, I have posted the stack trace and the code exhibiting the problem
further down so if you want to start by reading that, search for +++
Also note that I am unable to reproduce...
|
by: novak |
last post by:
hi list,
since a couple of weeks we face a special "security" problem. neraly
every ms-access database that is located on our net-drives cannot be
opened.
when clicking the document's icon, first, the warning message arises
"open document - security message" - "Really open *.mdb ....?",
second, when clicking "start" ms-access starts, but the mdb-file
cannot be opened. message: "ms-access could not open the file ... The
|
by: VictorG |
last post by:
Hello,
I am trying to secure a webservice using WSE 3.0 and the turnkey
usernameForCertificateSecurity profile. I am passing a valid username
token, and on the server I have overridden the Authenticate token
call
and it is being called. My ASP.NET service has a Login() method and
it is being called during client application startup. Both the client
and service have matching policy config files. Once authentication
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |