|
|
You're in the
dotnet component services
group:Access denied to file from ServicedComponent
dotnet component services:
before: I wrote a ServicedComponent that reads and writes files to a folder on a network share. Platform is Windows 2000. It gets called by ASPNET (local account) that do not have access to the folder. But I configured this component to run as Server ([assembly: ApplicationActivation(ActivationOption.Server)]) with following settings: [assembly: ApplicationAccessControl(true,AccessChecksLevel=AccessChecksLevelOption.ApplicationComponent, Authentication=AuthenticationOption.Packet, ImpersonationLevel=ImpersonationLevelOption.Impersonate)] I set Identity to run under my domain account (in development environment). I put this component into GAC and registered with regsvcs.exe component method has line like: FileInfo _file = new FileInfo("\\server01\share$\Data\somefile.pdf"); I am not getting any Exception, but in Wahtch window I see following: ((System.MarshalByRefObject)(((System.IO.FileSystemInfo)(_file)))) __identity <undefined value> System.Object ERROR_ACCESS_DENIED 5 int ERROR_INVALID_PARAMETER 87 int Length <error: an exception of type: {System.IO.IOException} occurred> long That makes me think that I am missing something in configuration of the Component. Again, I would heartly apprecciate any clue on what I am missing with this Component.
Serviced components do not need to be in the GAC.
I'll ask the obvious question: Does the domain account have rights to read/write to that network share? You do realize that "share$" (I assume this is a physical drive) is an "admin share" and requires the account to be an administrator on the box that hosts the share itself? What happens if you create a normal share and try to hit that instead? -- Klaus H. Probst, MVP http://www.vbbox.com/ [quoted text, click to view] "VK" <vk@nowhere.net> wrote in message ApplicationAccessControl(true,AccessChecksLevel=AccessChecksLevelOption.Applnews:XG4jd.37204$fF6.11561548@news4.srv.hcvlny.cv.net... > I would greatly appreciate help on issue that looks as have been resolved > before: > > I wrote a ServicedComponent that reads and writes files to a folder on a > network share. > Platform is Windows 2000. > It gets called by ASPNET (local account) that do not have access to the > folder. > But I configured this component to run as Server ([assembly: > ApplicationActivation(ActivationOption.Server)]) with following settings: > [assembly: > icationComponent, [quoted text, click to view] > Authentication=AuthenticationOption.Packet, > ImpersonationLevel=ImpersonationLevelOption.Impersonate)] > > I set Identity to run under my domain account (in development environment). > I put this component into GAC and registered with regsvcs.exe > > component method has line like: > > FileInfo _file = new FileInfo("\\server01\share$\Data\somefile.pdf"); > > I am not getting any Exception, but in Wahtch window I see following: > > ((System.MarshalByRefObject)(((System.IO.FileSystemInfo)(_file)))) > __identity <undefined value> System.Object > > ERROR_ACCESS_DENIED 5 int > ERROR_INVALID_PARAMETER 87 int > Length <error: an exception of type: {System.IO.IOException} occurred> long > > That makes me think that I am missing something in configuration of the > Component. > Again, I would heartly apprecciate any clue on what I am missing with this > Component. > >
Don't use local account - set processModel account to a domain acount.
[quoted text, click to view] "VK" <vk@nowhere.net> wrote in message ApplicationAccessControl(true,AccessChecksLevel=AccessChecksLevelOption.Applnews:XG4jd.37204$fF6.11561548@news4.srv.hcvlny.cv.net... > I would greatly appreciate help on issue that looks as have been resolved > before: > > I wrote a ServicedComponent that reads and writes files to a folder on a > network share. > Platform is Windows 2000. > It gets called by ASPNET (local account) that do not have access to the > folder. > But I configured this component to run as Server ([assembly: > ApplicationActivation(ActivationOption.Server)]) with following settings: > [assembly: > icationComponent, [quoted text, click to view] > Authentication=AuthenticationOption.Packet, > ImpersonationLevel=ImpersonationLevelOption.Impersonate)] > > I set Identity to run under my domain account (in development environment). > I put this component into GAC and registered with regsvcs.exe > > component method has line like: > > FileInfo _file = new FileInfo("\\server01\share$\Data\somefile.pdf"); > > I am not getting any Exception, but in Wahtch window I see following: > > ((System.MarshalByRefObject)(((System.IO.FileSystemInfo)(_file)))) > __identity <undefined value> System.Object > > ERROR_ACCESS_DENIED 5 int > ERROR_INVALID_PARAMETER 87 int > Length <error: an exception of type: {System.IO.IOException} occurred> long > > That makes me think that I am missing something in configuration of the > Component. > Again, I would heartly apprecciate any clue on what I am missing with this > Component. > >
Yes, domain account has write permission (as well as administrator) on the
share. Checked against normal share - the same result. Also - since it is my first COM+ component - I noticed that I did not do following: - I did not have public interfaces in the Component, just public static methods (inside of which I create an instance of the class) - I did not set any roles for the Component Should I have to have them? Thanks in advance, Victor Kh.
You have to have public methods in the class hosted by COM+, otherwise you
won't be able to call anything on it =) Roles are for *client* authentication. If you turn on security for the COM+ application then you need at least one role with one account (or group) in it to access the components in the application. Otherwise you don't need roles. -- Klaus H. Probst, MVP http://www.vbbox.com/ [quoted text, click to view] "VK" <vk@nowhere.net> wrote in message news:kVVjd.47993$fF6.20490136@news4.srv.hcvlny.cv.net... > Yes, domain account has write permission (as well as administrator) on the > share. > Checked against normal share - the same result. > > Also - since it is my first COM+ component - I noticed that I did not do > following: > - I did not have public interfaces in the Component, just public static > methods (inside of which I create an instance of the class) > - I did not set any roles for the Component > > Should I have to have them? > > Thanks in advance, > Victor Kh. > >
Like I wrote before, I do have public methods:
public class fileMgr { protected FileInfo fl; public fileMgr() {} public static long Copy (string sourceFileName, string targetFileName) { fileMgr mgr = new fileMgr(); mgr.fl = new FileInfo(sourceFileName); if (mgr.fl.Exists) { mgr.fl.Copy(targetFileName) } else { throw new ex("Missing file " + sourceFileName); } } } In the web page I call: fileMgr.Copy("\\server01\share$\Data01\somefile.pdf","\\server02\normalshare\Data02\newname.pdf"); Because of security problem I am always getting that file does not exists. That why I am saying that it looks like I am missing something in configuration of the COM+ component. Tried different things - did not find any thing yet. Any hint would be greatly appreciated Vic
Well, ultimately the issue here is the COM+ *security* configuration, not
the public interface of your components. If you are getting an access denied exception then there's really not much you can do except ensure that you *are* running the COM+ application under the correct identity (have you verified that you are running in COM+ at all? If it's a server application, can you see it "spinning" when it activates in the COM+ admin?) and that it has the necessary permissions to read/write that share. -- Klaus H. Probst, MVP http://www.vbbox.com/ [quoted text, click to view] "VK" <vk@nowhere.net> wrote in message fileMgr.Copy("\\server01\share$\Data01\somefile.pdf","\\server02\normalsharenews:osokd.58128$fF6.25364174@news4.srv.hcvlny.cv.net... > Like I wrote before, I do have public methods: > > public class fileMgr { > > protected FileInfo fl; > public fileMgr() {} > > public static long Copy (string sourceFileName, string targetFileName) > { > fileMgr mgr = new fileMgr(); > mgr.fl = new FileInfo(sourceFileName); > if (mgr.fl.Exists) > { > mgr.fl.Copy(targetFileName) > } > else > { > throw new ex("Missing file " + sourceFileName); > } > > } > > } > > In the web page I call: > > \Data02\newname.pdf"); [quoted text, click to view] > > Because of security problem I am always getting that file does not exists. > That why I am saying that it looks like I am missing something in > configuration of the COM+ component. > Tried different things - did not find any thing yet. > Any hint would be greatly appreciated > > Vic > >
[quoted text, click to view] "VK" <vk@nowhere.net> wrote in message news:4xTkd.66570$fF6.30308322@news4.srv.hcvlny.cv.net... > Yes, I do. I see the icon spinning in Component Services control center when > I call the method. OK, just checking. [quoted text, click to view] > I use my own domain account to make sure it has permissions to read/write on > the network share. If you use it as the COM+ identity, does it work? [quoted text, click to view] > Maybe, I am missing any Service Pack? Well, I'd make sure you have the latest of everything but a simple thing like should work regardless. [quoted text, click to view] > Does it matter if I try this component on Win2K Workstation, not Server? No, they behave exactly the same. The other thing I could think of is maybe a firewall that's blocking traffic from one server to another? FWIW, I'm running W2KPro here and I just tried a simple COM+ app under a domain account and I can access the c$ share on my Windows 2003 server after making the account an admin on the box. -- Klaus H. Probst, MVP http://www.vbbox.com/
Yes, I do. I see the icon spinning in Component Services control center when
I call the method. I use my own domain account to make sure it has permissions to read/write on the network share. Maybe, I am missing any Service Pack? Does it matter if I try this component on Win2K Workstation, not Server? Victor [quoted text, click to view] "Klaus H. Probst" <usenet001@vbbox.com> wrote in message news:%23lhpcg6xEHA.2788@TK2MSFTNGP15.phx.gbl... > Well, ultimately the issue here is the COM+ *security* configuration, not > the public interface of your components. > > If you are getting an access denied exception then there's really not much > you can do except ensure that you *are* running the COM+ application under > the correct identity (have you verified that you are running in COM+ at > all? > If it's a server application, can you see it "spinning" when it activates > in > the COM+ admin?) and that it has the necessary permissions to read/write > that share. > > > -- > Klaus H. Probst, MVP > http://www.vbbox.com/ > > > "VK" <vk@nowhere.net> wrote in message > news:osokd.58128$fF6.25364174@news4.srv.hcvlny.cv.net... >> Like I wrote before, I do have public methods: >> >> public class fileMgr { >> >> protected FileInfo fl; >> public fileMgr() {} >> >> public static long Copy (string sourceFileName, string targetFileName) >> { >> fileMgr mgr = new fileMgr(); >> mgr.fl = new FileInfo(sourceFileName); >> if (mgr.fl.Exists) >> { >> mgr.fl.Copy(targetFileName) >> } >> else >> { >> throw new ex("Missing file " + sourceFileName); >> } >> >> } >> >> } >> >> In the web page I call: >> >> > fileMgr.Copy("\\server01\share$\Data01\somefile.pdf","\\server02\normalshare > \Data02\newname.pdf"); >> >> Because of security problem I am always getting that file does not >> exists. >> That why I am saying that it looks like I am missing something in >> configuration of the COM+ component. >> Tried different things - did not find any thing yet. >> Any hint would be greatly appreciated >> >> Vic >> >> > >
[quoted text, click to view]
>If you use it as the COM+ identity, does it work? If I understand correctly the question, I use this account for my COM+ component. I set up this component as Server application and changed identity from Interactive user to this domain account. I thought, it would be the trick of impersonation ( I set to Packet/Impersonate) of user - no it does not work. My domain account has Admin rights on both boxes - my Win2Pro and another (where shares are - both: $ and public), that COM+ is accessing. Victor [quoted text, click to view] "Klaus H. Probst" <usenet001@vbbox.com> wrote in message news:OrR2BoHyEHA.3104@TK2MSFTNGP15.phx.gbl... > > "VK" <vk@nowhere.net> wrote in message > news:4xTkd.66570$fF6.30308322@news4.srv.hcvlny.cv.net... >> Yes, I do. I see the icon spinning in Component Services control center > when >> I call the method. > > OK, just checking. > >> I use my own domain account to make sure it has permissions to read/write > on >> the network share. > > If you use it as the COM+ identity, does it work? > >> Maybe, I am missing any Service Pack? > > Well, I'd make sure you have the latest of everything but a simple thing > like should work regardless. > >> Does it matter if I try this component on Win2K Workstation, not Server? > > No, they behave exactly the same. > > The other thing I could think of is maybe a firewall that's blocking > traffic > from one server to another? > > FWIW, I'm running W2KPro here and I just tried a simple COM+ app under a > domain account and I can access the c$ share on my Windows 2003 server > after > making the account an admin on the box. > > > -- > Klaus H. Probst, MVP > http://www.vbbox.com/ > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
April 2008
May 2008
| home · blog · groups | Questions? Comments? Contact the dn |