|
|
You're in the
asp.net
group:Impersonation woes
asp.net:
keeps throwing access denied errors. I am stumped. I think I have tried everything I know what to do. The webpage can read the file. Just fine. The com object can't. Create user group. Impersonate user. User has full rights to directory added everyone - full rights. no joy added admin - full rights no joy message box tells me that the page is executing under that user. no joy full rights to every user group i can find on the system. no joy ditch impersonation, admin rights to everybody. no joy message box tells me that the page is executing under network services give network services full rights. no joy share folder no joy create web sharing apply permissions no joy the com object can read the system and event logs without problem the com object can read the log file if fired from a dos prompt on the server why me lowd. why me????? -- Regards, Alvin Bruney [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] Got tidbits? Get it here... http://tinyurl.com/27cok
[quoted text, click to view]
> have you tried upping your asp rights in machine config. Yes. No joy.Out of curiosity - I wonder [quoted text, click to view] > what would happen if you use process.start cmd/com thing from asp.net This also fails with an access denied.> rather > than trying to invoke com from within asp.net Microsoft also doesn't support the com object (logparser) so i won't even be able to open a support ticket. This is the call that blows: MSUtil.LogQueryClassClass log = new LogQueryClassClass(); MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by cs-uri-stem", null); The com object is logparser available with win2k and up or at logparser.com. This call will work without a problem on my machine. But not on the server. -- Regards, Alvin Bruney [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] Got tidbits? Get it here... http://tinyurl.com/27cok [quoted text, click to view] "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message news:O441s53LEHA.2592@tk2msftngp13.phx.gbl... > Alvin, > > have you tried upping your asp rights in machine config. > > Try setting the process model username to system > userName="SYSTEM" > > Sounds to me like your com object is expecting to find a window of some > type > to enable it to run, and cant find a window. Out of curiosity - I wonder > what would happen if you use process.start cmd/com thing from asp.net > rather > than trying to invoke com from within asp.net > > Regards > > John Timney > Microsoft Regional Director > Microsoft MVP > > "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message > news:uLPSoZzLEHA.3956@TK2MSFTNGP10.phx.gbl... >> From a webpage, I am calling a com object which needs to read a file. It >> keeps throwing access denied errors. I am stumped. I think I have tried >> everything I know what to do. The webpage can read the file. Just fine. > The >> com object can't. >> >> Create user group. >> Impersonate user. >> User has full rights to directory >> added everyone - full rights. no joy >> added admin - full rights no joy >> message box tells me that the page is executing under that user. no joy >> full rights to every user group i can find on the system. no joy >> ditch impersonation, admin rights to everybody. no joy >> message box tells me that the page is executing under network services >> give network services full rights. no joy >> share folder no joy >> create web sharing apply permissions no joy >> the com object can read the system and event logs without problem >> the com object can read the log file if fired from a dos prompt on the >> server >> >> why me lowd. why me????? >> >> -- >> Regards, >> Alvin Bruney >> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] >> Got tidbits? Get it here... http://tinyurl.com/27cok >> >> > >
Alvin,
have you tried upping your asp rights in machine config. Try setting the process model username to system userName="SYSTEM" Sounds to me like your com object is expecting to find a window of some type to enable it to run, and cant find a window. Out of curiosity - I wonder what would happen if you use process.start cmd/com thing from asp.net rather than trying to invoke com from within asp.net Regards John Timney Microsoft Regional Director Microsoft MVP [quoted text, click to view] "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message news:uLPSoZzLEHA.3956@TK2MSFTNGP10.phx.gbl... > From a webpage, I am calling a com object which needs to read a file. It > keeps throwing access denied errors. I am stumped. I think I have tried > everything I know what to do. The webpage can read the file. Just fine. The > com object can't. > > Create user group. > Impersonate user. > User has full rights to directory > added everyone - full rights. no joy > added admin - full rights no joy > message box tells me that the page is executing under that user. no joy > full rights to every user group i can find on the system. no joy > ditch impersonation, admin rights to everybody. no joy > message box tells me that the page is executing under network services > give network services full rights. no joy > share folder no joy > create web sharing apply permissions no joy > the com object can read the system and event logs without problem > the com object can read the log file if fired from a dos prompt on the > server > > why me lowd. why me????? > > -- > Regards, > Alvin Bruney > [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] > Got tidbits? Get it here... http://tinyurl.com/27cok > >
Sounds like your stuck.
I've worked round this type of impossible thing to do in web srever world before by having a socket listener running on the desktop and actually invoking windowed type things via that - implies you have a logged in user on your server which is kind of hacky but it requires no permissions or impersonation and bypasses the web restrictions. You might be able to find out who write it at MS if you drop a line into the pivate groups. Regards John Timney Microsoft Regional Director Microsoft MVP [quoted text, click to view] "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message news:erk#1v4LEHA.1052@TK2MSFTNGP12.phx.gbl... > > have you tried upping your asp rights in machine config. > Yes. No joy. > > Out of curiosity - I wonder > > what would happen if you use process.start cmd/com thing from asp.net > > rather > > than trying to invoke com from within asp.net > This also fails with an access denied. > > Microsoft also doesn't support the com object (logparser) so i won't even be > able to open a support ticket. > > This is the call that blows: > > MSUtil.LogQueryClassClass log = new LogQueryClassClass(); > MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from > C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by > cs-uri-stem", null); > > The com object is logparser available with win2k and up or at logparser.com. > This call will work without a problem on my machine. But not on the server. > > -- > Regards, > Alvin Bruney > [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] > Got tidbits? Get it here... http://tinyurl.com/27cok > "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message > news:O441s53LEHA.2592@tk2msftngp13.phx.gbl... > > Alvin, > > > > have you tried upping your asp rights in machine config. > > > > Try setting the process model username to system > > userName="SYSTEM" > > > > Sounds to me like your com object is expecting to find a window of some > > type > > to enable it to run, and cant find a window. Out of curiosity - I wonder > > what would happen if you use process.start cmd/com thing from asp.net > > rather > > than trying to invoke com from within asp.net > > > > Regards > > > > John Timney > > Microsoft Regional Director > > Microsoft MVP > > > > "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message > > news:uLPSoZzLEHA.3956@TK2MSFTNGP10.phx.gbl... > >> From a webpage, I am calling a com object which needs to read a file. It > >> keeps throwing access denied errors. I am stumped. I think I have tried > >> everything I know what to do. The webpage can read the file. Just fine. > > The > >> com object can't. > >> > >> Create user group. > >> Impersonate user. > >> User has full rights to directory > >> added everyone - full rights. no joy > >> added admin - full rights no joy > >> message box tells me that the page is executing under that user. no joy > >> full rights to every user group i can find on the system. no joy > >> ditch impersonation, admin rights to everybody. no joy > >> message box tells me that the page is executing under network services > >> give network services full rights. no joy > >> share folder no joy > >> create web sharing apply permissions no joy > >> the com object can read the system and event logs without problem > >> the com object can read the log file if fired from a dos prompt on the > >> server > >> > >> why me lowd. why me????? > >> > >> -- > >> Regards, > >> Alvin Bruney > >> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] > >> Got tidbits? Get it here... http://tinyurl.com/27cok > >> > >> > > > > > >
John,
look at my eyes. can you tell i have been up all night? your socket idea gave me a clue so i impersonated to an authenticated user on the machine and boom. candy.... Apparently, asp.net only allows authenticated users to do that kind of thing - makes sense too. thanks for everything -- Regards, Alvin Bruney [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] Got tidbits? Get it here... http://tinyurl.com/27cok [quoted text, click to view] "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message news:e33LnE7LEHA.2736@TK2MSFTNGP11.phx.gbl... > Sounds like your stuck. > > I've worked round this type of impossible thing to do in web srever world > before by having a socket listener running on the desktop and actually > invoking windowed type things via that - implies you have a logged in user > on your server which is kind of hacky but it requires no permissions or > impersonation and bypasses the web restrictions. > > You might be able to find out who write it at MS if you drop a line into > the > pivate groups. > > Regards > > John Timney > Microsoft Regional Director > Microsoft MVP > > "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message > news:erk#1v4LEHA.1052@TK2MSFTNGP12.phx.gbl... >> > have you tried upping your asp rights in machine config. >> Yes. No joy. >> >> Out of curiosity - I wonder >> > what would happen if you use process.start cmd/com thing from asp.net >> > rather >> > than trying to invoke com from within asp.net >> This also fails with an access denied. >> >> Microsoft also doesn't support the com object (logparser) so i won't even > be >> able to open a support ticket. >> >> This is the call that blows: >> >> MSUtil.LogQueryClassClass log = new LogQueryClassClass(); >> MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from >> C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by >> cs-uri-stem", null); >> >> The com object is logparser available with win2k and up or at > logparser.com. >> This call will work without a problem on my machine. But not on the > server. >> >> -- >> Regards, >> Alvin Bruney >> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] >> Got tidbits? Get it here... http://tinyurl.com/27cok >> "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message >> news:O441s53LEHA.2592@tk2msftngp13.phx.gbl... >> > Alvin, >> > >> > have you tried upping your asp rights in machine config. >> > >> > Try setting the process model username to system >> > userName="SYSTEM" >> > >> > Sounds to me like your com object is expecting to find a window of some >> > type >> > to enable it to run, and cant find a window. Out of curiosity - I > wonder >> > what would happen if you use process.start cmd/com thing from asp.net >> > rather >> > than trying to invoke com from within asp.net >> > >> > Regards >> > >> > John Timney >> > Microsoft Regional Director >> > Microsoft MVP >> > >> > "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message >> > news:uLPSoZzLEHA.3956@TK2MSFTNGP10.phx.gbl... >> >> From a webpage, I am calling a com object which needs to read a file. > It >> >> keeps throwing access denied errors. I am stumped. I think I have >> >> tried >> >> everything I know what to do. The webpage can read the file. Just >> >> fine. >> > The >> >> com object can't. >> >> >> >> Create user group. >> >> Impersonate user. >> >> User has full rights to directory >> >> added everyone - full rights. no joy >> >> added admin - full rights no joy >> >> message box tells me that the page is executing under that user. no >> >> joy >> >> full rights to every user group i can find on the system. no joy >> >> ditch impersonation, admin rights to everybody. no joy >> >> message box tells me that the page is executing under network services >> >> give network services full rights. no joy >> >> share folder no joy >> >> create web sharing apply permissions no joy >> >> the com object can read the system and event logs without problem >> >> the com object can read the log file if fired from a dos prompt on the >> >> server >> >> >> >> why me lowd. why me????? >> >> >> >> -- >> >> Regards, >> >> Alvin Bruney >> >> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] >> >> Got tidbits? Get it here... http://tinyurl.com/27cok >> >> >> >> >> > >> > >> >> > >
A result ............... hooray!!!
-- Regards John Timney Microsoft Regional Director Microsoft MVP [quoted text, click to view] "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message news:OijkRgFMEHA.2500@TK2MSFTNGP12.phx.gbl... > John, > look at my eyes. can you tell i have been up all night? > > your socket idea gave me a clue so i impersonated to an authenticated user > on the machine and boom. candy.... > > Apparently, asp.net only allows authenticated users to do that kind of > thing - makes sense too. > > thanks for everything > > -- > Regards, > Alvin Bruney > [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] > Got tidbits? Get it here... http://tinyurl.com/27cok > "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message > news:e33LnE7LEHA.2736@TK2MSFTNGP11.phx.gbl... > > Sounds like your stuck. > > > > I've worked round this type of impossible thing to do in web srever world > > before by having a socket listener running on the desktop and actually > > invoking windowed type things via that - implies you have a logged in user > > on your server which is kind of hacky but it requires no permissions or > > impersonation and bypasses the web restrictions. > > > > You might be able to find out who write it at MS if you drop a line into > > the > > pivate groups. > > > > Regards > > > > John Timney > > Microsoft Regional Director > > Microsoft MVP > > > > "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message > > news:erk#1v4LEHA.1052@TK2MSFTNGP12.phx.gbl... > >> > have you tried upping your asp rights in machine config. > >> Yes. No joy. > >> > >> Out of curiosity - I wonder > >> > what would happen if you use process.start cmd/com thing from asp.net > >> > rather > >> > than trying to invoke com from within asp.net > >> This also fails with an access denied. > >> > >> Microsoft also doesn't support the com object (logparser) so i won't even > > be > >> able to open a support ticket. > >> > >> This is the call that blows: > >> > >> MSUtil.LogQueryClassClass log = new LogQueryClassClass(); > >> MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from > >> C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by > >> cs-uri-stem", null); > >> > >> The com object is logparser available with win2k and up or at > > logparser.com. > >> This call will work without a problem on my machine. But not on the > > server. > >> > >> -- > >> Regards, > >> Alvin Bruney > >> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] > >> Got tidbits? Get it here... http://tinyurl.com/27cok > >> "John Timney (Microsoft MVP)" <timneyj@despammed.com> wrote in message > >> news:O441s53LEHA.2592@tk2msftngp13.phx.gbl... > >> > Alvin, > >> > > >> > have you tried upping your asp rights in machine config. > >> > > >> > Try setting the process model username to system > >> > userName="SYSTEM" > >> > > >> > Sounds to me like your com object is expecting to find a window of some > >> > type > >> > to enable it to run, and cant find a window. Out of curiosity - I > > wonder > >> > what would happen if you use process.start cmd/com thing from asp.net > >> > rather > >> > than trying to invoke com from within asp.net > >> > > >> > Regards > >> > > >> > John Timney > >> > Microsoft Regional Director > >> > Microsoft MVP > >> > > >> > "Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message > >> > news:uLPSoZzLEHA.3956@TK2MSFTNGP10.phx.gbl... > >> >> From a webpage, I am calling a com object which needs to read a file. > > It > >> >> keeps throwing access denied errors. I am stumped. I think I have > >> >> tried > >> >> everything I know what to do. The webpage can read the file. Just > >> >> fine. > >> > The > >> >> com object can't. > >> >> > >> >> Create user group. > >> >> Impersonate user. > >> >> User has full rights to directory > >> >> added everyone - full rights. no joy > >> >> added admin - full rights no joy > >> >> message box tells me that the page is executing under that user. no > >> >> joy > >> >> full rights to every user group i can find on the system. no joy > >> >> ditch impersonation, admin rights to everybody. no joy > >> >> message box tells me that the page is executing under network services > >> >> give network services full rights. no joy > >> >> share folder no joy > >> >> create web sharing apply permissions no joy > >> >> the com object can read the system and event logs without problem > >> >> the com object can read the log file if fired from a dos prompt on the > >> >> server > >> >> > >> >> why me lowd. why me????? > >> >> > >> >> -- > >> >> Regards, > >> >> Alvin Bruney > >> >> [ASP.NET MVP http://mvp.support.microsoft.com/default.aspx] > >> >> Got tidbits? Get it here... http://tinyurl.com/27cok > >> >> > >> >> > >> > > >> > > >> > >> > > > > > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |