Hello
Machine: Windows Vista Business, standalone machine (no domain).
Installed an old classic ASP webapplication in IIS7, running under a new app.pool with 'NETWORK SERVICE' account (using existing app.pool gives same results).
This webapplication tries to write to a log file.
Used Process Monitor (from Sysinternals) for monitoring purposes.
Logged in to my machine as 'MYPC\danny', a local account that's a member of the administrators group.
Test 1 and 2: webapp only uses 'windows authentication' .
Test 3: only 'anonymous authentication' with the default IUSR account
Test 4: only 'anonymous authentication' running under the same account that I'm currently logged in with, so 'MYPC\danny'.
1) start internet explorer normally => creating or writing fails => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
2) start internet explorer with the 'run as administrator' option => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
3) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'IUSR'
4) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
Here are the detailed results from Process monitor:
1) 21320 15:21:26,323927 1 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log ACCESS DENIED Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny NT AUTHORITY\NETWO RK SERVICE
2) 19096 15:22:00,672166 0 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
3) 22581 15:40:12,793263 6 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: NT AUTHORITY\IUSR, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
4) 58762 14:28:20,014496 9 w3wp.exe 5740 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
In test 1 ALL write actions fail (no matter what folder, Foxpro tries to create some temp. tables, this also only fails with test 1).
All read actions succeed.
In all other cases everthing always works.
Giving every possible user and every possible group every possible right to that folder makes no difference.
My question: can anybody explain test case 1, how can this possibly happen ????
Thanks for any help.
5  12580 
Thanks for the help, but it did not tell me anything I did not already know or that could explain the strange behavior I'm experiencing. I did post a note an that forum so maybe someone can help me there. Thx !
Shame the article contained the solution and helped me with a similar problem a while ago. Good luck.
Did you find a solution to the problem?
I am seeing the exactly the same issue.
I tried using basic authentication and it works just fine.
I tried using windows authentication and gives "Access denied" when writing to a file, or trying to access a network share.
Process monitor shows the impersonation of the same user when writing to the file for both basic and windows authentication.
The only difference I saw was when looking at process explorer, the security context tokens looked different
For basic authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:1db04b7
Token NT AUTHORITY\IUSR: 3e3
For Windows Authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:2dfc4
Token domain\Imre.Len gyel:2dfc4
Token NT AUTHORITY\IUSR: 3e3
does any one know what does the numbers mean in the token names?
Did you find a solution to the problem?
I am seeing the exactly the same issue.
I tried using basic authentication and it works just fine.
I tried using windows authentication and gives "Access denied" when writing to a file, or trying to access a network share.
Process monitor shows the impersonation of the same user when writing to the file for both basic and windows authentication.
The only difference I saw was when looking at process explorer, the security context tokens looked different
For basic authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:1db04b7
Token NT AUTHORITY\IUSR: 3e3
For Windows Authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:2dfc4
Token domain\Imre.Len gyel:2dfc4
Token NT AUTHORITY\IUSR: 3e3
does any one know what does the numbers mean in the token names?
This article may help: Understanding ASP.NET Impersonation Security Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Steven Spits |
last post by:
Hi,
Plannig to buy Vista, but not sure what version to get.
I do VS.NET development, mostly ASP.NET.
Can IIS be installed on Vista home premium? Or do I need business or
ultimate?
Steven
|
by: Darwiniv |
last post by:
1. Does anyone run ASAPI and mysql succesfully on Vista /IIS7?
2. Does anyone run CGI and display all SESSION errors on Vista /IIS7?
php ASAPI doesn't works with MYSQL.
And CGI doesn't show any SESSION error message.
PHP had so much bugs on windows vista.
I using php-5.2.1-Win32
|
by: Viviana Vc |
last post by:
Hi all,
I've read the WindowsVistaUACDevReqs.doc documentation and I have done
different small tests on Vista to understand the bahaviour and now I
have a few questions.
1) If I create a dummy console application that creates a file in
Program Files directory, this one will succeed and will create the file
b/c of the virtualization.
But, if I do the following call in a console window (a.exe contains just
|
by: John Kotuby |
last post by:
Hi all...
Well my earlier post aboout not being able to access http://localhost has
been resolved. I am still having problems testing my Web site project.
First, thanks to Juan Libre I edited my HOSTS file and can access
localhost. However, what I found in the HOSTS file was not what I expected.
Juan mentioned that the following line might be missing.
127.0.0.1 localhost
|
by: hugh welford |
last post by:
Hi
Have just installed IIS7 on Vista and am trying to access a .mdb file
through ASP. Getting server error.
I think the problem is in the file permission. Under XP Pro/IIS6 is used to
have to set the .mdb file security via windows explorer to give
IUSR_machinename full permissions on this file for anonymous web access.
Cant seem to do this with Vista explorer - says object cannot be found.
| | |
by: =?Utf-8?B?bXVzb3NkZXY=?= |
last post by:
Hi,
I wonder if someone could shed some light on this one for me.
I have developed a web app in VS2005 with the built in server. It uses an
sql database, everytihng works.
I need to test it across the network, so i've installed IIS7 on my Vista
machine and created a new website, point at the website's directory. After I
switched to the 'Classic .net' app pool, it shows up on the port.
|
by: Erwin Moller |
last post by:
Hi,
I am one of those questionable people that started with Vista (Home
Premium).
Not because I think it is a ready/steady OS, but partly out of
curiousity, and partly because I needed to work on an old project that
happens to run on IIS6/W2000/MSSQL7, but my W2000 machine couldn't
handle the size of the database in question anymore. :-(
My new Vista machine is 5 years younger and is a lot faster, so I
started to figure out how to use...
|
by: ma |
last post by:
Hello,
I am new to IIS and ASP.NET. I wrote my first ASP.NET and I want to deploy
in to a system which has Vista Business and IIS7. I copied my files to the
target computer and created a virtual directory. I add default.aspx to the
list of default pages for the virtual directory. My problems are:
1- On vista computer I am trying to see the output of my ASP.NET
|
by: =?Utf-8?B?QXNhZg==?= |
last post by:
Hello,
I have just installed VISTA Enterprise and VS.NET 2008.
When pressing F5 to debug my test ASP.NET website, IE 7 display the message
"Internet Explorer cannot display the webpage".
The local URL that VS.NET 2008 generates is
http://localhost:49705/aaa/Default.aspx.
In IIS7 Manager, ASP.NET V2.0… is "Allowed" in the ISAPI and CGI Restrictions.
Also IIS7 is working and display ASP.NET web sites if I convert them to IIS7...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
