By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,480 Members | 763 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,480 IT Pros & Developers. It's quick & easy.

WEB-VB Impersonation within VB custom control question

P: 1
I have a custom control that is embedded (using the object tag) in an html document.
  1. The control takes a path to a local client ini file.
  2. Reads the file.
  3. Executes the program specified in the ini on the client's PC.
  4. After the program has ended the control looks in a client side temp folder (specified by the ini file) for an image created by the executed program.
  5. If the image is there, then the control moves the file to a public folder on the server, and posts back to the server.

After this the server does "it's thing" with the image

So I've compiled the code and of course have security issues when running the control in IE (on localhost). I know that the use of the System.Diagnostics.Process is what is causing the problems. Example is that my sub StartScan() won't even pop up the message box because it uses System.Diagnostics.Process within itself, while the sub Test() will pop up the box with no problems. There are fusion errors, but cannot make sense of them. I've placed them at the bottom of this message if someone would like to take a look. Also changing the process isnít a workaround. My department doesn't always know what program is used for scanning. The scanner is very old (plot size scanner) so any MS possibilities are also not doable (plus would require more coding for features). Also I never know where the app they are going to try to run, so changing the permissions to allow their local ASP user to run the program isn't a solution. The main problem here is that I want the code to run under the user's credentials within the IE browsers. It seems like it would be some type of impersonation, but I can only find examples for impersonation in ASP.NET or examples showing you how to run a process under another user if you know their name and password.

Any help is greatly appreicated.


Things I've already done
  • gacutil /cdl and remove temporary internet files between every build
  • Have given the control a strong name using a .snk file
  • Have turned off security using caspol -s off
  • Have given fulltrust

And of course the control will run inside of a stand alone VB.NET app without any problems (doesn't post to a server). When I do a ďrun asÖĒ on the little VB.NET app, it inherits the given userís permissions correctly (Iíve tested it with file permissions).

Also here are outputs telling what are the groups and permissions

caspol -all -resolvegroup c:\inetpub\wwwroot\docsuite\ClientHelper.dll
Microsoft (R) .NET Framework CasPol 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Level = Enterprise
Code Groups:

1. All code: FullTrust
Level = Machine

Code Groups:
1. All code: Nothing
1.2. Zone - MyComputer: FullTrust

Level = User

Code Groups:
1. All code: FullTrust
Success

--------------------------------------------------------------------------------------------------------
caspol -all -resolvegroup //localhost/docsuite/ClientHelper.dll
Microsoft (R) .NET Framework CasPol 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

The assembly at //localhost/docsuite/ClientHelper.dll cannot be loaded. Caspol
can make a partial determination of what evidence would be associated with this
assembly. If this evidence is used, the results are not necessarily accurate or
complete. Would you like to continue this operation using partial evidence? (y
es/no)
y

Level = Enterprise
Code Groups:
1. All code: FullTrust

Level = Machine
Code Groups:
1. All code: Nothing
1.4. Zone - Internet: Internet
1.4.1. All code: Same site Web.

Level = User
Code Groups:
1. All code: FullTrust
Success



****And here is the code.****
Expand|Select|Wrap|Line Numbers
  1. Imports System.IO
  2. Imports System.Security.Permissions
  3.  
  4. Namespace DocSuiteClient
  5.  
  6.         Public Class ClientHelper
  7.         Inherits System.Windows.Forms.Control
  8.  
  9. #Region " Component Designer generated code "
  10.  
  11.         Public Sub New()
  12.  
  13.  
  14.             MyBase.New()
  15.  
  16.             ' This call is required by the Component Designer.
  17.             InitializeComponent()
  18.  
  19.             'Add any initialization after the InitializeComponent() call            
  20.         End Sub
  21.  
  22.         'Control overrides dispose to clean up the component list.
  23.         Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
  24.             If disposing Then
  25.                 If Not (components Is Nothing) Then
  26.                     components.Dispose()
  27.                 End If
  28.             End If
  29.             MyBase.Dispose(disposing)
  30.         End Sub
  31.  
  32.         'Required by the Control Designer
  33.         Private components As System.ComponentModel.IContainer
  34.  
  35.         ' NOTE: The following procedure is required by the Component Designer
  36.         ' It can be modified using the Component Designer.  Do not modify it
  37.         ' using the code editor.
  38.         <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
  39.             components = New System.ComponentModel.Container
  40.         End Sub
  41.  
  42. #End Region
  43.  
  44.         Protected Overrides Sub OnPaint(ByVal pe As System.Windows.Forms.PaintEventArgs)
  45.             MyBase.OnPaint(pe)
  46.  
  47.             'Add your custom paint code here
  48.         End Sub
  49.  
  50.         '<ComClass(ComClass1.ClassId, ComClass1.InterfaceId, ComClass1.EventsId)> _
  51.  
  52.  
  53.         Protected Overrides Sub Finalize()
  54.  
  55.             myProcess.Dispose()
  56.  
  57.  
  58.             MyBase.Finalize()
  59.         End Sub
  60.  
  61. #Region "Default Consants"
  62.         'defaults incase the ini file is not to be found
  63.         Private Const gTmpImgPath As String = "c:\temp"
  64.         Private Const gTmpFileName As String = "tmp"
  65.         Private Const LocalIniPath As String = "C:\"
  66.         Private Const LocalIniFile As String = "MyINI.ini"
  67.         Private Const DwgScanProg As String = "notepad"
  68. #End Region
  69.  
  70. #Region "Private Member Vars"
  71.  
  72.  
  73.  
  74.         Private ME_INIPath As String = ""
  75.         Private ME_Ready As Boolean = False
  76.         Private ME_ErrMsg As New System.Collections.ArrayList  'Link list for easy error adding
  77.         Private ME_TmpImageFile As String = ""
  78.         Private TmpImagePath As String = ""
  79.         Private strIniLine As String = ""
  80.         Private ME_WorkingDirectory As String = ""
  81.         Private ME_Params As String = ""
  82.         Private ME_Scanning As Boolean = False
  83.         Private ME_FileName As String = ""
  84.         Private myProcess As System.Diagnostics.Process
  85. #End Region
  86.  
  87. #Region "Public Properties"
  88.         Public Property WorkingDirectory() As String
  89.             Get
  90.                 Return Me.ME_WorkingDirectory
  91.             End Get
  92.             Set(ByVal Value As String)
  93.                 Me.ME_WorkingDirectory = Value
  94.             End Set
  95.         End Property
  96.         Public Property TmpImageFile() As String
  97.             Get
  98.                 Return Me.ME_TmpImageFile
  99.             End Get
  100.             Set(ByVal Value As String)
  101.                 Me.ME_TmpImageFile = Value
  102.             End Set
  103.         End Property
  104.  
  105.         Public ReadOnly Property FileName() As String
  106.             Get
  107.                 Return (Me.ME_FileName)
  108.             End Get
  109.         End Property
  110.         Public ReadOnly Property Ready() As Boolean
  111.             Get
  112.                 Return (Me.ME_Ready)
  113.             End Get
  114.         End Property
  115.         Public ReadOnly Property ErrMsg() As String
  116.             Get
  117.                 'join the ArrayList with newlines for nice printing
  118.                 Return (Join(CType(Me.ME_ErrMsg.ToArray(GetType(String)), String()), vbNewLine & "------------------------------" & vbNewLine))
  119.             End Get
  120.         End Property
  121.         Public Property IniPath() As String
  122.             Get
  123.                 Return (Me.ME_INIPath)
  124.             End Get
  125.             Set(ByVal Value As String)
  126.                 Me.ME_INIPath = Value
  127.             End Set
  128.         End Property
  129.         Public ReadOnly Property Scanning() As Boolean
  130.             Get
  131.                 Return (Me.ME_Scanning)
  132.             End Get
  133.         End Property
  134. #End Region
  135.  
  136. #Region "Public Events"
  137.         Public Event ScanComplete()
  138.         Public Event ScanFailed()
  139. #End Region
  140.  
  141.  
  142.  
  143.  
  144. #Region "Public Subs/Funcs"
  145.  
  146.  
  147.         Public Sub StopScan()
  148.             'stops the waiting process
  149.             Me.ME_Scanning = False
  150.  
  151.             myProcess.Kill()
  152.  
  153.         End Sub
  154.  
  155.         Public Sub Test()
  156.             MsgBox("Test")
  157.         End Sub
  158.  
  159.         Public Sub StartScan()
  160.  
  161.             MsgBox("startScan")
  162.             If Not (Me.ME_Scanning) Then
  163.                 If Me.ME_Ready = False Then Me.LoadIni()
  164.  
  165.                 If Me.ME_Ready Then
  166.                     Try
  167.  
  168.                         'insure our drop directory exists
  169.                         If Not (Directory.Exists(Me.TmpImagePath)) Then Directory.CreateDirectory(Me.TmpImagePath)
  170.                         'clear out the drop file name if it exists for some reason
  171.                         If File.Exists(Me.TmpImagePath & "\" & Me.TmpImageFile) Then File.Delete(Me.TmpImagePath & "\" & Me.TmpImageFile)
  172.  
  173.  
  174.                         ' create a new process
  175.  
  176.  
  177.                         myProcess = New System.Diagnostics.Process
  178.                         With myProcess
  179.                             .StartInfo.FileName = Me.strIniLine
  180.                             .StartInfo.Arguments = Me.ME_Params
  181.                             .EnableRaisingEvents = True
  182.                             AddHandler .Exited, AddressOf Me.ProcessedEnded
  183.                             Me.ME_Scanning = True
  184.                             .Start()
  185.                         End With
  186.  
  187.  
  188.  
  189.                     Catch ex As Exception
  190.                         Me.ME_ErrMsg.Add("Error in StartScan" & vbNewLine & "Exe at " & Me.strIniLine & vbNewLine & ex.Source & vbNewLine & ex.Message)
  191.                         Me.ME_FileName = ""
  192.  
  193.                     Finally
  194.  
  195.  
  196.                     End Try
  197.  
  198.                 End If
  199.             End If
  200.         End Sub
  201. #End Region
  202.  
  203. #Region "Private Subs/Funcs"
  204.  
  205.         Private Sub ProcessedEnded(ByVal sender As Object, _
  206.           ByVal e As System.EventArgs)
  207.             MsgBox("Fired ProcessedEnded")
  208.  
  209.             'check flag to insure we got here because the app was closed
  210.             If Me.ME_Scanning Then
  211.  
  212.                 Me.ME_Scanning = False
  213.                 Me.ME_FileName = Me.TmpImagePath & "\" & Me.TmpImageFile
  214.  
  215.                 If PerformMove() Then
  216.                     RaiseEvent ScanComplete()
  217.                 Else
  218.                     Me.ME_FileName = ""
  219.                     RaiseEvent ScanFailed()
  220.                 End If
  221.  
  222.             Else
  223.  
  224.                 'app was not closed, user cancelled scan from form
  225.                 Me.ME_FileName = ""
  226.                 Me.ME_ErrMsg.Add("Scanning process stopped by user")
  227.  
  228.             End If
  229.  
  230.  
  231.  
  232.         End Sub
  233.  
  234.         Private Sub LoadIni()
  235.             MsgBox("LoadIni")
  236.             Dim AtPass As Integer = 0
  237.             Dim tmpLine As String = ""
  238.  
  239.             strIniLine = ""
  240.             'check to see if we can find the ini, if not, load defaults
  241.  
  242.             Try
  243.                 If Not (File.Exists(Me.IniPath)) Then
  244.                     Me.ME_ErrMsg.Add(Me.IniPath & " cannot be found.  A defaults will be used.")
  245.                     Me.strIniLine = DwgScanProg
  246.                     Me.ME_Params = "-T" & "Scan" & "-nodbs" & "-F" & "@" & gTmpFileName & "-P" & "@"
  247.                 Else
  248.  
  249.                     Dim istream As New StreamReader(Me.IniPath)
  250.                     tmpLine = istream.ReadLine
  251.                     Dim pass As Integer = 0
  252.                     Do While tmpLine <> ""
  253.  
  254.                         If pass = 0 Then Me.strIniLine = tmpLine
  255.                         pass += 1
  256.                         If Microsoft.VisualBasic.Strings.Left(tmpLine, 1) = "@" Then
  257.                             If AtPass = 0 Then
  258.                                 TmpImageFile = Microsoft.VisualBasic.Strings.Right(tmpLine, Len(tmpLine) - 1) & ".tif"
  259.                                 Me.ME_Params &= TmpImageFile & " "
  260.                                 AtPass = 1
  261.                             Else
  262.                                 TmpImagePath = Microsoft.VisualBasic.Strings.Right(tmpLine, Len(tmpLine) - 1)
  263.                                 Me.ME_Params &= TmpImagePath & " "
  264.                             End If
  265.                         Else
  266.                             Me.ME_Params &= tmpLine & " "
  267.  
  268.                         End If
  269.                         tmpLine = istream.ReadLine
  270.                     Loop
  271.  
  272.                     istream.Close()
  273.                     istream = Nothing
  274.                 End If
  275.             Catch ex As Exception
  276.  
  277.  
  278.                 Me.ME_ErrMsg.Add(Me.IniPath & " cannot be read from." + vbNewLine + ex.Source + vbNewLine + ex.Message)
  279.  
  280.             End Try
  281.  
  282.  
  283.             Me.ME_Ready = True
  284.  
  285.         End Sub
  286.  
  287.         Private Function PerformMove() As Boolean
  288.             'will move the file to the working directory
  289.             PerformMove = False
  290.  
  291.  
  292.             Try
  293.  
  294.                 File.Copy(Me.FileName, Me.WorkingDirectory & "\" & Me.TmpImageFile, True)
  295.                 ' File.Delete(Me.FileName)
  296.                 PerformMove = True
  297.  
  298.             Catch ex As Exception
  299.  
  300.                 Me.ME_ErrMsg.Add("Copying scanned file " & Me.FileName & " to working directory " & Me.WorkingDirectory & " Failed" & vbNewLine & _
  301.                     ex.Source & vbNewLine & ex.Message)
  302.  
  303.             End Try
  304.  
  305.  
  306.  
  307.         End Function
  308. #End Region
  309.  
  310.  
  311.  
  312.     End Class
  313.  
  314.  
  315.  
  316. End Namespace

*****Fusion Errors******
*** Assembly Binder Log Entry (6/19/2007 @ 2:21:16 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
Running under executable C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = <my user name>
LOG: DisplayName = Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = http://localhost/
LOG: Initial PrivatePath = bin
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = IEXPLORE.EXE
Calling assembly : (Unknown).
===
LOG: Start binding of native image Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.

*** Assembly Binder Log Entry (6/19/2007 @ 2:21:15 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
Running under executable C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = <my user name>
LOG: DisplayName = IIEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = file:///C:/Program Files/Internet Explorer/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = IEXPLORE.EXE
Calling assembly : IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
===
LOG: Start binding of native image IIEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.



*** Assembly Binder Log Entry (6/19/2007 @ 2:21:15 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
Running under executable C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = <my user name>
LOG: DisplayName = IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = file:///C:/Program Files/Internet Explorer/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = IEXPLORE.EXE
Calling assembly : (Unknown).
===
LOG: Start binding of native image IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.
Jun 19 '07 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.