VB.NET (2.0) impersonate not working -- iis security

NathanC
5/17/2007 1:33:01 PM

I have a web project that is running this code: (generalized for security)

refWMIService = GetObject("winmgmts:\\computer_name")
colcomputers = refWMIService.ExecQuery("Select * From
Win32_OperatingSystem")
For Each refComputer In colcomputers
If refComputer.reboot() = 0 Then
Response.Write("reboot")
Else
Response.Write("nope")
End If

This is WMI functionality and on the remote computer - the ASPNET account
obviously does not have permission to do this - and I can see Failed Audit
events in the computer security log. So, I have added this bit of code to the
web.config file for the project:

<identity impersonate="true" userName="subdomain.domain.com\username"
password="password" />

When I rebuild the project and even restart IIS - the call is still hitting
the remote computer as ASPNET account - although my understanding is that
because of the impersonate web.config tag - it should send using the higher
access credentials.

Any thoughts? Thanks,

David Wang
5/18/2007 3:49:24 AM

[quoted text, click to view]

I do not believe WMI security model works that way.

Just because you tell ASP.Net to impersonate a user identity to
execute WMI code, it does not mean that WMI flows the thread-
impersonated user identity across to the other machine. I believe with
WMI you have to give the username/password in code to the WMI
connection itself.

See how to do this with with the IIS6 Administration scripts like
iisback.vbs which shows how to make remote WMI calls using a specified
user credential.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

iis security : VB.NET (2.0) impersonate not working