473,889 Members | 1,387 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Vista IIS7 write access denied only with windows authentication

2 New Member
Hello

Machine: Windows Vista Business, standalone machine (no domain).
Installed an old classic ASP webapplication in IIS7, running under a new app.pool with 'NETWORK SERVICE' account (using existing app.pool gives same results).
This webapplication tries to write to a log file.

Used Process Monitor (from Sysinternals) for monitoring purposes.
Logged in to my machine as 'MYPC\danny', a local account that's a member of the administrators group.

Test 1 and 2: webapp only uses 'windows authentication' .
Test 3: only 'anonymous authentication' with the default IUSR account
Test 4: only 'anonymous authentication' running under the same account that I'm currently logged in with, so 'MYPC\danny'.

1) start internet explorer normally => creating or writing fails => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
2) start internet explorer with the 'run as administrator' option => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'
3) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'IUSR'
4) start internet explorer normally => creating or writing succeeds => user is 'NETWORK SERVICE' impersonating 'MYPC\danny'

Here are the detailed results from Process monitor:

1) 21320 15:21:26,323927 1 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log ACCESS DENIED Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny NT AUTHORITY\NETWO RK SERVICE
2) 19096 15:22:00,672166 0 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
3) 22581 15:40:12,793263 6 w3wp.exe 5940 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: NT AUTHORITY\IUSR, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE
4) 58762 14:28:20,014496 9 w3wp.exe 5740 CreateFile D:\Projects\ebt s\webpages\logs \SQL.log SUCCESS Desired Access: Generic Read/Write, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: 0, Impersonating: MYPC\danny, OpenResult: Created NT AUTHORITY\NETWO RK SERVICE


In test 1 ALL write actions fail (no matter what folder, Foxpro tries to create some temp. tables, this also only fails with test 1).
All read actions succeed.
In all other cases everthing always works.
Giving every possible user and every possible group every possible right to that folder makes no difference.

My question: can anybody explain test case 1, how can this possibly happen ????

Thanks for any help.
Mar 4 '08 #1
5 12593
kenobewan
4,871 Recognized Expert Specialist
This article may help:
Understanding ASP.NET Impersonation Security
Mar 6 '08 #2
DotNetDanny
2 New Member
Thanks for the help, but it did not tell me anything I did not already know or that could explain the strange behavior I'm experiencing. I did post a note an that forum so maybe someone can help me there. Thx !
Mar 8 '08 #3
kenobewan
4,871 Recognized Expert Specialist
Shame the article contained the solution and helped me with a similar problem a while ago. Good luck.
Mar 8 '08 #4
ilengyel
1 New Member
Did you find a solution to the problem?

I am seeing the exactly the same issue.
I tried using basic authentication and it works just fine.
I tried using windows authentication and gives "Access denied" when writing to a file, or trying to access a network share.

Process monitor shows the impersonation of the same user when writing to the file for both basic and windows authentication.

The only difference I saw was when looking at process explorer, the security context tokens looked different

For basic authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:1db04b7
Token NT AUTHORITY\IUSR: 3e3

For Windows Authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:2dfc4
Token domain\Imre.Len gyel:2dfc4
Token NT AUTHORITY\IUSR: 3e3

does any one know what does the numbers mean in the token names?
Mar 28 '08 #5
kenobewan
4,871 Recognized Expert Specialist
Did you find a solution to the problem?

I am seeing the exactly the same issue.
I tried using basic authentication and it works just fine.
I tried using windows authentication and gives "Access denied" when writing to a file, or trying to access a network share.

Process monitor shows the impersonation of the same user when writing to the file for both basic and windows authentication.

The only difference I saw was when looking at process explorer, the security context tokens looked different

For basic authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:1db04b7
Token NT AUTHORITY\IUSR: 3e3

For Windows Authentication w3wp.exe
Token NT AUTHORITY\IUSR: 3e3
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token NT AUTHORITY\NETWO RK SERVICE:3e4
Token domain\Imre.Len gyel:2dfc4
Token domain\Imre.Len gyel:2dfc4
Token NT AUTHORITY\IUSR: 3e3

does any one know what does the numbers mean in the token names?
This article may help:
Understanding ASP.NET Impersonation Security
Mar 28 '08 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

51
6540
by: Steven Spits | last post by:
Hi, Plannig to buy Vista, but not sure what version to get. I do VS.NET development, mostly ASP.NET. Can IIS be installed on Vista home premium? Or do I need business or ultimate? Steven
8
7502
by: Darwiniv | last post by:
1. Does anyone run ASAPI and mysql succesfully on Vista /IIS7? 2. Does anyone run CGI and display all SESSION errors on Vista /IIS7? php ASAPI doesn't works with MYSQL. And CGI doesn't show any SESSION error message. PHP had so much bugs on windows vista. I using php-5.2.1-Win32
4
2323
by: Viviana Vc | last post by:
Hi all, I've read the WindowsVistaUACDevReqs.doc documentation and I have done different small tests on Vista to understand the bahaviour and now I have a few questions. 1) If I create a dummy console application that creates a file in Program Files directory, this one will succeed and will create the file b/c of the virtualization. But, if I do the following call in a console window (a.exe contains just
6
1975
by: John Kotuby | last post by:
Hi all... Well my earlier post aboout not being able to access http://localhost has been resolved. I am still having problems testing my Web site project. First, thanks to Juan Libre I edited my HOSTS file and can access localhost. However, what I found in the HOSTS file was not what I expected. Juan mentioned that the following line might be missing. 127.0.0.1 localhost
10
3101
by: hugh welford | last post by:
Hi Have just installed IIS7 on Vista and am trying to access a .mdb file through ASP. Getting server error. I think the problem is in the file permission. Under XP Pro/IIS6 is used to have to set the .mdb file security via windows explorer to give IUSR_machinename full permissions on this file for anonymous web access. Cant seem to do this with Vista explorer - says object cannot be found.
5
2684
by: =?Utf-8?B?bXVzb3NkZXY=?= | last post by:
Hi, I wonder if someone could shed some light on this one for me. I have developed a web app in VS2005 with the built in server. It uses an sql database, everytihng works. I need to test it across the network, so i've installed IIS7 on my Vista machine and created a new website, point at the website's directory. After I switched to the 'Classic .net' app pool, it shows up on the port.
0
5989
by: Erwin Moller | last post by:
Hi, I am one of those questionable people that started with Vista (Home Premium). Not because I think it is a ready/steady OS, but partly out of curiousity, and partly because I needed to work on an old project that happens to run on IIS6/W2000/MSSQL7, but my W2000 machine couldn't handle the size of the database in question anymore. :-( My new Vista machine is 5 years younger and is a lot faster, so I started to figure out how to use...
6
9648
by: ma | last post by:
Hello, I am new to IIS and ASP.NET. I wrote my first ASP.NET and I want to deploy in to a system which has Vista Business and IIS7. I copied my files to the target computer and created a virtual directory. I add default.aspx to the list of default pages for the virtual directory. My problems are: 1- On vista computer I am trying to see the output of my ASP.NET
11
2730
by: =?Utf-8?B?QXNhZg==?= | last post by:
Hello, I have just installed VISTA Enterprise and VS.NET 2008. When pressing F5 to debug my test ASP.NET website, IE 7 display the message "Internet Explorer cannot display the webpage". The local URL that VS.NET 2008 generates is http://localhost:49705/aaa/Default.aspx. In IIS7 Manager, ASP.NET V2.0… is "Allowed" in the ISAPI and CGI Restrictions. Also IIS7 is working and display ASP.NET web sites if I convert them to IIS7...
0
9961
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
10785
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10887
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9603
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7991
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7148
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
6025
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4644
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4249
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.