473,223 Members | 1,727 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,223 software developers and data experts.

WEB-VB Impersonation within VB custom control question

I have a custom control that is embedded (using the object tag) in an html document.
  1. The control takes a path to a local client ini file.
  2. Reads the file.
  3. Executes the program specified in the ini on the client's PC.
  4. After the program has ended the control looks in a client side temp folder (specified by the ini file) for an image created by the executed program.
  5. If the image is there, then the control moves the file to a public folder on the server, and posts back to the server.

After this the server does "it's thing" with the image

So I've compiled the code and of course have security issues when running the control in IE (on localhost). I know that the use of the System.Diagnostics.Process is what is causing the problems. Example is that my sub StartScan() won't even pop up the message box because it uses System.Diagnostics.Process within itself, while the sub Test() will pop up the box with no problems. There are fusion errors, but cannot make sense of them. I've placed them at the bottom of this message if someone would like to take a look. Also changing the process isn’t a workaround. My department doesn't always know what program is used for scanning. The scanner is very old (plot size scanner) so any MS possibilities are also not doable (plus would require more coding for features). Also I never know where the app they are going to try to run, so changing the permissions to allow their local ASP user to run the program isn't a solution. The main problem here is that I want the code to run under the user's credentials within the IE browsers. It seems like it would be some type of impersonation, but I can only find examples for impersonation in ASP.NET or examples showing you how to run a process under another user if you know their name and password.

Any help is greatly appreicated.


Things I've already done
  • gacutil /cdl and remove temporary internet files between every build
  • Have given the control a strong name using a .snk file
  • Have turned off security using caspol -s off
  • Have given fulltrust

And of course the control will run inside of a stand alone VB.NET app without any problems (doesn't post to a server). When I do a “run as…” on the little VB.NET app, it inherits the given user’s permissions correctly (I’ve tested it with file permissions).

Also here are outputs telling what are the groups and permissions

caspol -all -resolvegroup c:\inetpub\wwwroot\docsuite\ClientHelper.dll
Microsoft (R) .NET Framework CasPol 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

Level = Enterprise
Code Groups:

1. All code: FullTrust
Level = Machine

Code Groups:
1. All code: Nothing
1.2. Zone - MyComputer: FullTrust

Level = User

Code Groups:
1. All code: FullTrust
Success

--------------------------------------------------------------------------------------------------------
caspol -all -resolvegroup //localhost/docsuite/ClientHelper.dll
Microsoft (R) .NET Framework CasPol 1.1.4322.573
Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.

The assembly at //localhost/docsuite/ClientHelper.dll cannot be loaded. Caspol
can make a partial determination of what evidence would be associated with this
assembly. If this evidence is used, the results are not necessarily accurate or
complete. Would you like to continue this operation using partial evidence? (y
es/no)
y

Level = Enterprise
Code Groups:
1. All code: FullTrust

Level = Machine
Code Groups:
1. All code: Nothing
1.4. Zone - Internet: Internet
1.4.1. All code: Same site Web.

Level = User
Code Groups:
1. All code: FullTrust
Success



****And here is the code.****
Expand|Select|Wrap|Line Numbers
  1. Imports System.IO
  2. Imports System.Security.Permissions
  3.  
  4. Namespace DocSuiteClient
  5.  
  6.         Public Class ClientHelper
  7.         Inherits System.Windows.Forms.Control
  8.  
  9. #Region " Component Designer generated code "
  10.  
  11.         Public Sub New()
  12.  
  13.  
  14.             MyBase.New()
  15.  
  16.             ' This call is required by the Component Designer.
  17.             InitializeComponent()
  18.  
  19.             'Add any initialization after the InitializeComponent() call            
  20.         End Sub
  21.  
  22.         'Control overrides dispose to clean up the component list.
  23.         Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
  24.             If disposing Then
  25.                 If Not (components Is Nothing) Then
  26.                     components.Dispose()
  27.                 End If
  28.             End If
  29.             MyBase.Dispose(disposing)
  30.         End Sub
  31.  
  32.         'Required by the Control Designer
  33.         Private components As System.ComponentModel.IContainer
  34.  
  35.         ' NOTE: The following procedure is required by the Component Designer
  36.         ' It can be modified using the Component Designer.  Do not modify it
  37.         ' using the code editor.
  38.         <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
  39.             components = New System.ComponentModel.Container
  40.         End Sub
  41.  
  42. #End Region
  43.  
  44.         Protected Overrides Sub OnPaint(ByVal pe As System.Windows.Forms.PaintEventArgs)
  45.             MyBase.OnPaint(pe)
  46.  
  47.             'Add your custom paint code here
  48.         End Sub
  49.  
  50.         '<ComClass(ComClass1.ClassId, ComClass1.InterfaceId, ComClass1.EventsId)> _
  51.  
  52.  
  53.         Protected Overrides Sub Finalize()
  54.  
  55.             myProcess.Dispose()
  56.  
  57.  
  58.             MyBase.Finalize()
  59.         End Sub
  60.  
  61. #Region "Default Consants"
  62.         'defaults incase the ini file is not to be found
  63.         Private Const gTmpImgPath As String = "c:\temp"
  64.         Private Const gTmpFileName As String = "tmp"
  65.         Private Const LocalIniPath As String = "C:\"
  66.         Private Const LocalIniFile As String = "MyINI.ini"
  67.         Private Const DwgScanProg As String = "notepad"
  68. #End Region
  69.  
  70. #Region "Private Member Vars"
  71.  
  72.  
  73.  
  74.         Private ME_INIPath As String = ""
  75.         Private ME_Ready As Boolean = False
  76.         Private ME_ErrMsg As New System.Collections.ArrayList  'Link list for easy error adding
  77.         Private ME_TmpImageFile As String = ""
  78.         Private TmpImagePath As String = ""
  79.         Private strIniLine As String = ""
  80.         Private ME_WorkingDirectory As String = ""
  81.         Private ME_Params As String = ""
  82.         Private ME_Scanning As Boolean = False
  83.         Private ME_FileName As String = ""
  84.         Private myProcess As System.Diagnostics.Process
  85. #End Region
  86.  
  87. #Region "Public Properties"
  88.         Public Property WorkingDirectory() As String
  89.             Get
  90.                 Return Me.ME_WorkingDirectory
  91.             End Get
  92.             Set(ByVal Value As String)
  93.                 Me.ME_WorkingDirectory = Value
  94.             End Set
  95.         End Property
  96.         Public Property TmpImageFile() As String
  97.             Get
  98.                 Return Me.ME_TmpImageFile
  99.             End Get
  100.             Set(ByVal Value As String)
  101.                 Me.ME_TmpImageFile = Value
  102.             End Set
  103.         End Property
  104.  
  105.         Public ReadOnly Property FileName() As String
  106.             Get
  107.                 Return (Me.ME_FileName)
  108.             End Get
  109.         End Property
  110.         Public ReadOnly Property Ready() As Boolean
  111.             Get
  112.                 Return (Me.ME_Ready)
  113.             End Get
  114.         End Property
  115.         Public ReadOnly Property ErrMsg() As String
  116.             Get
  117.                 'join the ArrayList with newlines for nice printing
  118.                 Return (Join(CType(Me.ME_ErrMsg.ToArray(GetType(String)), String()), vbNewLine & "------------------------------" & vbNewLine))
  119.             End Get
  120.         End Property
  121.         Public Property IniPath() As String
  122.             Get
  123.                 Return (Me.ME_INIPath)
  124.             End Get
  125.             Set(ByVal Value As String)
  126.                 Me.ME_INIPath = Value
  127.             End Set
  128.         End Property
  129.         Public ReadOnly Property Scanning() As Boolean
  130.             Get
  131.                 Return (Me.ME_Scanning)
  132.             End Get
  133.         End Property
  134. #End Region
  135.  
  136. #Region "Public Events"
  137.         Public Event ScanComplete()
  138.         Public Event ScanFailed()
  139. #End Region
  140.  
  141.  
  142.  
  143.  
  144. #Region "Public Subs/Funcs"
  145.  
  146.  
  147.         Public Sub StopScan()
  148.             'stops the waiting process
  149.             Me.ME_Scanning = False
  150.  
  151.             myProcess.Kill()
  152.  
  153.         End Sub
  154.  
  155.         Public Sub Test()
  156.             MsgBox("Test")
  157.         End Sub
  158.  
  159.         Public Sub StartScan()
  160.  
  161.             MsgBox("startScan")
  162.             If Not (Me.ME_Scanning) Then
  163.                 If Me.ME_Ready = False Then Me.LoadIni()
  164.  
  165.                 If Me.ME_Ready Then
  166.                     Try
  167.  
  168.                         'insure our drop directory exists
  169.                         If Not (Directory.Exists(Me.TmpImagePath)) Then Directory.CreateDirectory(Me.TmpImagePath)
  170.                         'clear out the drop file name if it exists for some reason
  171.                         If File.Exists(Me.TmpImagePath & "\" & Me.TmpImageFile) Then File.Delete(Me.TmpImagePath & "\" & Me.TmpImageFile)
  172.  
  173.  
  174.                         ' create a new process
  175.  
  176.  
  177.                         myProcess = New System.Diagnostics.Process
  178.                         With myProcess
  179.                             .StartInfo.FileName = Me.strIniLine
  180.                             .StartInfo.Arguments = Me.ME_Params
  181.                             .EnableRaisingEvents = True
  182.                             AddHandler .Exited, AddressOf Me.ProcessedEnded
  183.                             Me.ME_Scanning = True
  184.                             .Start()
  185.                         End With
  186.  
  187.  
  188.  
  189.                     Catch ex As Exception
  190.                         Me.ME_ErrMsg.Add("Error in StartScan" & vbNewLine & "Exe at " & Me.strIniLine & vbNewLine & ex.Source & vbNewLine & ex.Message)
  191.                         Me.ME_FileName = ""
  192.  
  193.                     Finally
  194.  
  195.  
  196.                     End Try
  197.  
  198.                 End If
  199.             End If
  200.         End Sub
  201. #End Region
  202.  
  203. #Region "Private Subs/Funcs"
  204.  
  205.         Private Sub ProcessedEnded(ByVal sender As Object, _
  206.           ByVal e As System.EventArgs)
  207.             MsgBox("Fired ProcessedEnded")
  208.  
  209.             'check flag to insure we got here because the app was closed
  210.             If Me.ME_Scanning Then
  211.  
  212.                 Me.ME_Scanning = False
  213.                 Me.ME_FileName = Me.TmpImagePath & "\" & Me.TmpImageFile
  214.  
  215.                 If PerformMove() Then
  216.                     RaiseEvent ScanComplete()
  217.                 Else
  218.                     Me.ME_FileName = ""
  219.                     RaiseEvent ScanFailed()
  220.                 End If
  221.  
  222.             Else
  223.  
  224.                 'app was not closed, user cancelled scan from form
  225.                 Me.ME_FileName = ""
  226.                 Me.ME_ErrMsg.Add("Scanning process stopped by user")
  227.  
  228.             End If
  229.  
  230.  
  231.  
  232.         End Sub
  233.  
  234.         Private Sub LoadIni()
  235.             MsgBox("LoadIni")
  236.             Dim AtPass As Integer = 0
  237.             Dim tmpLine As String = ""
  238.  
  239.             strIniLine = ""
  240.             'check to see if we can find the ini, if not, load defaults
  241.  
  242.             Try
  243.                 If Not (File.Exists(Me.IniPath)) Then
  244.                     Me.ME_ErrMsg.Add(Me.IniPath & " cannot be found.  A defaults will be used.")
  245.                     Me.strIniLine = DwgScanProg
  246.                     Me.ME_Params = "-T" & "Scan" & "-nodbs" & "-F" & "@" & gTmpFileName & "-P" & "@"
  247.                 Else
  248.  
  249.                     Dim istream As New StreamReader(Me.IniPath)
  250.                     tmpLine = istream.ReadLine
  251.                     Dim pass As Integer = 0
  252.                     Do While tmpLine <> ""
  253.  
  254.                         If pass = 0 Then Me.strIniLine = tmpLine
  255.                         pass += 1
  256.                         If Microsoft.VisualBasic.Strings.Left(tmpLine, 1) = "@" Then
  257.                             If AtPass = 0 Then
  258.                                 TmpImageFile = Microsoft.VisualBasic.Strings.Right(tmpLine, Len(tmpLine) - 1) & ".tif"
  259.                                 Me.ME_Params &= TmpImageFile & " "
  260.                                 AtPass = 1
  261.                             Else
  262.                                 TmpImagePath = Microsoft.VisualBasic.Strings.Right(tmpLine, Len(tmpLine) - 1)
  263.                                 Me.ME_Params &= TmpImagePath & " "
  264.                             End If
  265.                         Else
  266.                             Me.ME_Params &= tmpLine & " "
  267.  
  268.                         End If
  269.                         tmpLine = istream.ReadLine
  270.                     Loop
  271.  
  272.                     istream.Close()
  273.                     istream = Nothing
  274.                 End If
  275.             Catch ex As Exception
  276.  
  277.  
  278.                 Me.ME_ErrMsg.Add(Me.IniPath & " cannot be read from." + vbNewLine + ex.Source + vbNewLine + ex.Message)
  279.  
  280.             End Try
  281.  
  282.  
  283.             Me.ME_Ready = True
  284.  
  285.         End Sub
  286.  
  287.         Private Function PerformMove() As Boolean
  288.             'will move the file to the working directory
  289.             PerformMove = False
  290.  
  291.  
  292.             Try
  293.  
  294.                 File.Copy(Me.FileName, Me.WorkingDirectory & "\" & Me.TmpImageFile, True)
  295.                 ' File.Delete(Me.FileName)
  296.                 PerformMove = True
  297.  
  298.             Catch ex As Exception
  299.  
  300.                 Me.ME_ErrMsg.Add("Copying scanned file " & Me.FileName & " to working directory " & Me.WorkingDirectory & " Failed" & vbNewLine & _
  301.                     ex.Source & vbNewLine & ex.Message)
  302.  
  303.             End Try
  304.  
  305.  
  306.  
  307.         End Function
  308. #End Region
  309.  
  310.  
  311.  
  312.     End Class
  313.  
  314.  
  315.  
  316. End Namespace

*****Fusion Errors******
*** Assembly Binder Log Entry (6/19/2007 @ 2:21:16 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
Running under executable C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = <my user name>
LOG: DisplayName = Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = http://localhost/
LOG: Initial PrivatePath = bin
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = IEXPLORE.EXE
Calling assembly : (Unknown).
===
LOG: Start binding of native image Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.

*** Assembly Binder Log Entry (6/19/2007 @ 2:21:15 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
Running under executable C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = <my user name>
LOG: DisplayName = IIEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = file:///C:/Program Files/Internet Explorer/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = IEXPLORE.EXE
Calling assembly : IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
===
LOG: Start binding of native image IIEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.



*** Assembly Binder Log Entry (6/19/2007 @ 2:21:15 PM) ***

The operation failed.
Bind result: hr = 0x80070002. The system cannot find the file specified.

Assembly manager loaded from: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rwks.dll
Running under executable C:\Program Files\Internet Explorer\IEXPLORE.EXE
--- A detailed error log follows.

=== Pre-bind state information ===
LOG: User = <my user name>
LOG: DisplayName = IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
(Fully-specified)
LOG: Appbase = file:///C:/Program Files/Internet Explorer/
LOG: Initial PrivatePath = NULL
LOG: Dynamic Base = NULL
LOG: Cache Base = NULL
LOG: AppName = IEXPLORE.EXE
Calling assembly : (Unknown).
===
LOG: Start binding of native image IEHost, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a.
WRN: No matching native image found.
Jun 19 '07 #1
0 1907

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: Phillip J. Eby | last post by:
PEP: 333 Title: Python Web Server Gateway Interface v1.0 Version: $Revision: 1.1 $ Last-Modified: $Date: 2004/08/27 17:30:09 $ Author: Phillip J. Eby <pje at telecommunity.com> Discussions-To:...
0
by: Mike | last post by:
Sites using thumbnail preview for world wide web file navigation and searching. Below are list of sites that are either researching or providing thumbnail preview images for online web...
2
by: Carlos G Benevides | last post by:
I have a ASP.Net web application that has two assemblies that run under com+. Under Windows 2000 the two assemblies are added to com+ automatically when instantiated from the web site. For this...
4
by: Trond A. S. Andersen | last post by:
Hi, all! I'm trying to use the System.Web.Mail. "package" combinded with System.Web.Mail.SmtpMail in order to send MS Excel spreadsheets attached to mail messages. However, sending one single...
6
by: Ruslan | last post by:
Hello, I have to project: one ASN.NET project and another - Web Service in the same solution. I want to use the same web.config and global.asax files. Does it possible?
0
by: Erick Lopez | last post by:
When I send my web page to browser in ouput windows recibe this message and the web page the error BC32400 Please Help me Auto-attach to process ' aspnet_wp.exe' on machine 'TABLET'...
0
by: pd123 | last post by:
I'm new to C# and .net and I'm trying to create a form that will register users in a sql server database. I have the following code but when I run the code I get an error " The name 'Peter' is...
2
by: Jeff | last post by:
Hey asp.net 2.0 My asp.net 2.0 project has got a assembly load problem: Some of my web.config settings: <membership defaultProvider="AH_MembershipProvider" userIsOnlineTimeWindow="15">
20
by: =?Utf-8?B?cmtibmFpcg==?= | last post by:
I was executing the steps given in http://suppor.microsoft.com/kb/308359 for testing a sample web service application. However, the following line gives a compilation error: localhost.Service1...
2
by: =?Utf-8?B?YW5vbg==?= | last post by:
I am not sure if this is the right forum. Environment : Windows server 2008, IIS 7.0 I get the 'Could not load the file or assembly 'blowery.web.httpCompress' or one of its dependencies. The...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.