Say for example you have a application running on a windows 2003 server
(that is on server, not from). This application needs to start child
applications (must be stand alone console applications), but these
child applications must have the same security privileges as the parent
starting them.
I have created a scheduling app (which will be started by autosys job),
which must start child apps when certain criteria are met. The
scheduling application has file IO permissions and works fine, but the
child applications, which are started by the parent scheduler
application (also running on the server), cause security exceptions.
Now if one runs the child applications directly by logging onto the
server (for testing), they cause no exceptions and behave as expected.
Note also if both applications are run locally on my development
machine, neither cause any exceptions.
Is there a way to explicitly pass across a currently running
applications security privileges to a application which it starts in a
new process. I start the new application using the following code.
try
{
// run the appropriate macro
System.Diagnost ics.Process macro = new System.Diagnost ics.Process();
macro.StartInfo .FileName = fp.MacroFilePat hName;
macro.StartInfo .Arguments = SOME ARGS;
macro.Start();
}catch 4 2955
"Phil Mc" <ph**********@p ramerica.ie> wrote in message
news:11******** **************@ g43g2000cwa.goo glegroups.com.. . Say for example you have a application running on a windows 2003 server (that is on server, not from). This application needs to start child applications (must be stand alone console applications), but these child applications must have the same security privileges as the parent starting them.
I have created a scheduling app (which will be started by autosys job), which must start child apps when certain criteria are met. The scheduling application has file IO permissions and works fine, but the child applications, which are started by the parent scheduler application (also running on the server), cause security exceptions. Now if one runs the child applications directly by logging onto the server (for testing), they cause no exceptions and behave as expected. Note also if both applications are run locally on my development machine, neither cause any exceptions.
Is there a way to explicitly pass across a currently running applications security privileges to a application which it starts in a new process. I start the new application using the following code.
try { // run the appropriate macro System.Diagnost ics.Process macro = new System.Diagnost ics.Process(); macro.StartInfo .FileName = fp.MacroFilePat hName; macro.StartInfo .Arguments = SOME ARGS; macro.Start(); }catch
A child process always inherits the security context of it's parent which
inherits from it's paren etc..
Your problem is that the parent itself has no appropriate Filesystem IO
permissions.
So, you need to run your scheduler, (autosys job? don't know what this is
though) as a user that has appropriate permission to whatever resource you
need to access. Another (the right) option is to impersonate a user with
approp. permission in your application.
Willy.
Hi Willy, thanks for the comments...
Admin on this server box are very reluctant to let me impersonate a
logon account. I've looked at this already.
I am at testing stage, and am starting the parent application by
logging into the server box and running it manually. This is of course
passing my privileges to the app. The strange thing is that when this
parent app runs, it conducts all its file IO operations without any
problems (this involves creating dirs, moving files etc.), BUT when
this parent app starts these other child console applications, they are
causing the exceptions. These same applications if run directly form a
logon (as above), to the server, do not cause any problem.
It has me baffled. I was wondering can I explicitly pass on a security
context when starting the processes to run the child console
applications.
Cheers
"Phil Mc" <ph**********@p ramerica.ie> wrote in message
news:11******** **************@ g49g2000cwa.goo glegroups.com.. . Hi Willy, thanks for the comments... Admin on this server box are very reluctant to let me impersonate a logon account. I've looked at this already.
I am at testing stage, and am starting the parent application by logging into the server box and running it manually. This is of course passing my privileges to the app. The strange thing is that when this parent app runs, it conducts all its file IO operations without any problems (this involves creating dirs, moving files etc.), BUT when this parent app starts these other child console applications, they are causing the exceptions. These same applications if run directly form a logon (as above), to the server, do not cause any problem. It has me baffled. I was wondering can I explicitly pass on a security context when starting the processes to run the child console applications. Cheers
Phil,
I would suggest you:
- turn-on security auditing for the file objects, and
- set the auditing policy (Local Policy Settings) to Audit object access
(enable both failure and success).
When done, you can try to run the application (both failing and working) and
watch the eventlog (security log) messages for both failures and success,
check who's the IO requestor and it's IO privileges.
If the identity of the IO requestor is not the same for both runs, it would
mean that one of the programs in the child - parent chain is impersonating.
Normaly the IO requestor should be the same as the account of the current
logon session.
Willy.
Willy Denoyette [MVP] wrote: "Phil Mc" <ph**********@p ramerica.ie> wrote in message news:11******** **************@ g49g2000cwa.goo glegroups.com.. . Hi Willy, thanks for the comments... Admin on this server box are very reluctant to let me impersonate a logon account. I've looked at this already.
I am at testing stage, and am starting the parent application by logging into the server box and running it manually. This is of course passing my privileges to the app. The strange thing is that when this parent app runs, it conducts all its file IO operations without any problems (this involves creating dirs, moving files etc.), BUT when this parent app starts these other child console applications, they are causing the exceptions. These same applications if run directly form a logon (as above), to the server, do not cause any problem. It has me baffled. I was wondering can I explicitly pass on a security context when starting the processes to run the child console applications. Cheers
Phil,
I would suggest you: - turn-on security auditing for the file objects, and - set the auditing policy (Local Policy Settings) to Audit object access (enable both failure and success). When done, you can try to run the application (both failing and working) and watch the eventlog (security log) messages for both failures and success, check who's the IO requestor and it's IO privileges. If the identity of the IO requestor is not the same for both runs, it would mean that one of the programs in the child - parent chain is impersonating. Normaly the IO requestor should be the same as the account of the current logon session.
Willy.
Willy, thanks and that makes a lot of sence, Ill have a shot at that in
the morning on a freash head, thanks again :) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: JerryW |
last post by:
I just reinstalled .NET 2003 (after repeated attempts to get ASP.NET
Web Applications to work). I first did a complete uninstall of .NET
2003, .NET Framework 1.1, and IIS. I also completely deleted
c:\inetpub\wwwroot and rebooted before reinstalling.
I created a new virtual directory from within IIS (e.g. MyWebTest).
Then I tried to create a new Visual C# ASP.NET Web Application
pointing to the location http://localhost/MyWebTest. I get...
|
by: Kristof Despiere |
last post by:
Suppose you have one domain, filled with a couple of users. What needs to be
done now is I need to start a windows application from a webform by pressing
a button on the webform (for example).
The problem is that the user who "owns" the service is always the ASPNET
account. That's not good since you don't see the actual application (because
it's owned by ASPNET). I've tried changed the processmodel section in the
machine.config file to...
|
by: Christopher |
last post by:
One of our ASP.NET Pages is starting a new Process using the Process object.
When the process starts, it is started under the ASPNET User. We tried
editing the web.config file and the machine.config to operate under other
user accounts but our dynamically started process still starts under ASPNET.
How do you programatically start a process under a specific Windows User
Account? Thanks so much!
Christopher
|
by: Carl Gilbert |
last post by:
Hi
I am trying to get an online gallery (www.ngallery.org - open source) to
upload image to a folder. At the moment I am using localhost but plan to
move to some web space when I get it all working.
I need to update my 'images' folder permissions so the ASP.NET worker
process has write permissions.
However, when I go to the folder permissions, there is not worker process
|
by: David Van D |
last post by:
Hi there,
A few weeks until I begin my journey towards a degree in Computer
Science at Canterbury University in New Zealand,
Anyway the course tutors are going to be teaching us JAVA wth bluej and
I was wondering if anyone here would be able to give me some tips for
young players such as myself, for learning the language.
Is this the best Newsgroup for support with JAVA?
| |
by: rrossney |
last post by:
Please look at the "what I've already done" section of this message
before responding to it: I believe that I've done everything that the
people who experience this error are typically told to do.
I have created an ASP.NET web service that I have running on my
development machine, and am trying to get it to run on my test server.
Both machines are running Windows 2000 SP4, IIS 5, and the .NET 2.0
framework.
When I attempt to access...
|
by: bill |
last post by:
I have a VB .net 2.0 site that needs to run a dos app upon a button
click.
I found Shell too unreliable using parameters and so used
system.diagnostic.process.
simple troubleshooting example that opens up Notepad.....
|
by: =?Utf-8?B?ams=?= |
last post by:
I am using System.Diagnostics.Process class to open a word document by call
ing Process.Start("test.doc"). I am using C# as programming language. On some
of the computers on running this code i get "Access is Denied"
Win32Exception. What do i do to not generate this exception ?
Any help highly appreciated,
Thanks,
Jay
|
by: =?Utf-8?B?VkIgSm9ubmll?= |
last post by:
I am at my witless end here, please help!
I have an ASP.Net aspx web page, hosted on Windows Server 2003, that
receives a query string with the path to an autocad drawing file selected
from a web page hosted on a unix driven file server. The user wants to have
this file converted to a pdf.
My page takes the query string and turns it into a windows unc path, then I
copy the file down to the web server and place it into a directory. This...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |