473,320 Members | 2,112 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Using RevertToSelf in DLL to be used from classic ASP webapplication

Hi,

I've developed a COM DLL in Visual C++ to generate a digital signature based on a certificate read from a PFX file.
This DLL is used in a classic ASP webapplication to digitally sign a XML message before sending it to another party.

To process the PFX file I use the CryptoAPI function PFXImportCertStore, but RevertToSelf must be called prior to calling PFXImportCertStore, and the virtual directory's Application Protection option must be set to Low. Otherwise I receive the error "The system cannot find the file specified".

I understand that RevertToSelf will 'impersonate' the System Account which is undesirable from a security point of view.

What can I do to go back to the IUSR_ account again after generating the signature?

--
Marja
Jan 11 '06 #1
2 2020
use OpenThreadToken to obtain the current token. if i understand you
correctly, the process is running as system, but that specific thread is
running as another user.
if that is true, the thread will have its own token which you will now have.

then you call RevertToSelf, which reverts to the original process token, do
whatever you need to do and call ImpersonateLoggedOnUser with the thread
token you obtained earlier to get back to the security status you originally
had before reverting.

i don't know if RevertToSelf will close the original thread token. if it
does, you should call DuplicateToken to create a duplicate or the thread
token before you revert, and then use the duplicate when calling
ImpersonateLoggedOnUser.

that should do it.

kind regards,
Bruno.

Marja Ribbers-de Vroed" <ma***@nospam.webwaresystems.nl> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi,

I've developed a COM DLL in Visual C++ to generate a digital signature based
on a certificate read from a PFX file.
This DLL is used in a classic ASP webapplication to digitally sign a XML
message before sending it to another party.

To process the PFX file I use the CryptoAPI function PFXImportCertStore, but
RevertToSelf must be called prior to calling PFXImportCertStore, and the
virtual directory's Application Protection option must be set to Low.
Otherwise I receive the error "The system cannot find the file specified".

I understand that RevertToSelf will 'impersonate' the System Account which
is undesirable from a security point of view.

What can I do to go back to the IUSR_ account again after generating the
signature?

--
Marja
Jan 11 '06 #2
Thank you Bruno, I will try that.

Regards, Marja

"Bruno van Dooren" <br**********************@hotmail.com> wrote in message news:uM**************@tk2msftngp13.phx.gbl...
use OpenThreadToken to obtain the current token. if i understand you
correctly, the process is running as system, but that specific thread is
running as another user.
if that is true, the thread will have its own token which you will now have.

then you call RevertToSelf, which reverts to the original process token, do
whatever you need to do and call ImpersonateLoggedOnUser with the thread
token you obtained earlier to get back to the security status you originally
had before reverting.

i don't know if RevertToSelf will close the original thread token. if it
does, you should call DuplicateToken to create a duplicate or the thread
token before you revert, and then use the duplicate when calling
ImpersonateLoggedOnUser.

that should do it.

kind regards,
Bruno.

Marja Ribbers-de Vroed" <ma***@nospam.webwaresystems.nl> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
Hi,

I've developed a COM DLL in Visual C++ to generate a digital signature based
on a certificate read from a PFX file.
This DLL is used in a classic ASP webapplication to digitally sign a XML
message before sending it to another party.

To process the PFX file I use the CryptoAPI function PFXImportCertStore, but
RevertToSelf must be called prior to calling PFXImportCertStore, and the
virtual directory's Application Protection option must be set to Low.
Otherwise I receive the error "The system cannot find the file specified".

I understand that RevertToSelf will 'impersonate' the System Account which
is undesirable from a security point of view.

What can I do to go back to the IUSR_ account again after generating the
signature?

--
Marja

Jan 11 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

16
by: Simon Wittber | last post by:
I've noticed that a few ASPN cookbook recipes, which are recent additions, use classic classes. I've also noticed classic classes are used in many places in the standard library. I've been...
15
by: Mel | last post by:
if you know of dynamic expandable folder using CSS and display function, please drop me a note Yours, Mel
4
by: Gopal Prabhakaran | last post by:
Dear All, In one solution , I have 2 webapplication, now i want transfer one control form webapplication 1 to webapplication 2. Pls help ASAP Millions of Thanx in advance.
2
by: cjk | last post by:
Issue Our web application requires access to write to a custom event log, yet access is denied. This access is denied because we are using impersonation, and our end-users do not (should not) have...
2
by: kevin.kenny | last post by:
Hi All, Sorry to crosspost but it's a security and an ASP.NET problem I have. We run each website site under it's own I_<user> account and ASP.NET is configured to impersonate so requests run...
0
by: vidya pawar | last post by:
Hi, I have created a Asp.net Web Application. In this web application I want to use native VC++ dll . I have used "dllImport" atribute. This works fine in Asp.net console Application. While...
0
by: Marja de Vroed | last post by:
Hi, Over the last couple of years, we have developed a commercial webapplication in classic ASP, but we would now like to move on to ASP.NET. At this point, it is not possible to sit down and...
2
by: =?Utf-8?B?U3VuaWwgUGFuZGl0YQ==?= | last post by:
Hi All, I have created a VB.Net application that used classic ADO to access the oracle database. I have mentained a persistant connection in it. When i start the application and it works fine....
4
by: =?Utf-8?B?QWxleCBNdW5r?= | last post by:
My Web application is developed in C# Visual Studio 2005 Professional. After deploying the application to the production server I am getting the following error: <%@ Application...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.