| Groups | Blog | Home |
iis security : IIS6, IIS7 and VS2005
I'm developing an web application with DCOM interfaces.
When I run the application from VS2005 (internal Web Server), I don't have any problem accessing to the DCOM hosted by another machine. When I run the application from a virtual directory configured in IIS 7 (Windows Vista), I can access too without problems. But When I run the application from a virtual directori configured in IIS6 (Windows 2003 Server), I can't access to the DCOM machine. I try everything, same users and passwords, same workgroup, etc, but the problem is just with IIS6. Any suggestion
[quoted text, click to view]
On Apr 23, 4:34=A0pm, "Paul Calderon" <pcalder...@gmail.com> wrote: > I'm developing an web application with DCOM interfaces. > > When I run the application from VS2005 (internal Web Server), I don't have= > any problem accessing to the DCOM hosted by another machine. > > When I run the application from a virtual directory configured in IIS 7 > (Windows Vista), I can access too without problems. > > But When I run the application from a virtual directori configured in IIS6= > (Windows 2003 Server), I can't access to the DCOM machine. > > I try everything, same users and passwords, same workgroup, etc, but the > problem is just with IIS6. > > Any suggestion This does not look like an IIS6 problem because it does nothing special for or against DCOM. You need to start looking at what is different between the machines and your requirements of DCOM. For example, is the firewall enabled on Windows Server 2003. DCOM can require additional inbound ports which if denied by the firewall causes failures, and the Windows Server 2003 firewall is very restrictive. And on what OS are you running the VS 2005 test? Windows Server 2003 or some other OS? //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang
I have 3 Machines
Machine 1 (DCom Container) Windows 2003 Server Machine 2 (Web App Container) Windows 2003 Server Machine 3 (Developer Machine) Windows Vista Machine 1 have just the components we need to access from network (GIS Components) Machine 2 have the website over IIS6 (can't access to the Machine 1 components), but if i run from Visual Studio there, the components are accesible. Machine 3 have a copy of the site over IIS7 (Vista), and there is no problem, when I run in Visual Studio, the components are accesible too All the firewalls are disabled. In this scenario we have 3 web servers, (IIS6, IIS7 and Visual Studio Web Server), I think is the way how each server try to connect to machine1, I'm using the same impesonalization from the 3 webservers, but I have problems just with IIS6 Any other suggestion "David Wang" <w3.4you@gmail.com> escribió en el mensaje de noticias news:b5758e81-4633-4ea0-b43e-1b371aca5df7@j33g2000pri.googlegroups.com... [quoted text, click to view] On Apr 23, 4:34 pm, "Paul Calderon" <pcalder...@gmail.com> wrote: > I'm developing an web application with DCOM interfaces. > > When I run the application from VS2005 (internal Web Server), I don't have > any problem accessing to the DCOM hosted by another machine. > > When I run the application from a virtual directory configured in IIS 7 > (Windows Vista), I can access too without problems. > > But When I run the application from a virtual directori configured in IIS6 > (Windows 2003 Server), I can't access to the DCOM machine. > > I try everything, same users and passwords, same workgroup, etc, but the > problem is just with IIS6. > > Any suggestion This does not look like an IIS6 problem because it does nothing special for or against DCOM. You need to start looking at what is different between the machines and your requirements of DCOM. For example, is the firewall enabled on Windows Server 2003. DCOM can require additional inbound ports which if denied by the firewall causes failures, and the Windows Server 2003 firewall is very restrictive. And on what OS are you running the VS 2005 test? Windows Server 2003 or some other OS? //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang //
[quoted text, click to view]
On Apr 24, 7:35=A0am, "Paul Calderon" <pcalder...@gmail.com> wrote: > I have 3 Machines > > Machine 1 (DCom Container) Windows 2003 Server > > Machine 2 (Web App Container) Windows 2003 Server > > Machine 3 (Developer Machine) Windows Vista > > Machine 1 have just the components we need to access from network (GIS > Components) > > Machine 2 have the website over IIS6 (can't access to the Machine 1 > components), but if i run from Visual Studio there, the components are > accesible. > > Machine 3 have a copy of the site over IIS7 (Vista), and there is no > problem, when I run in Visual Studio, the components are accesible too > > All the firewalls are disabled. > > In this scenario we have 3 web servers, (IIS6, IIS7 and Visual Studio Web > Server), I think is the way how each server try to connect to machine1, I'= m > using the same impesonalization from the 3 webservers, but I have problems= > just with IIS6 > > Any other suggestion > > "David Wang" <w3.4...@gmail.com> escribi=F3 en el mensaje de noticiasnews:= b5758e81-4633-4ea0-b43e-1b371aca5df7@j33g2000pri.googlegroups.com... > On Apr 23, 4:34 pm, "Paul Calderon" <pcalder...@gmail.com> wrote: > > > I'm developing an web application with DCOM interfaces. > > > When I run the application from VS2005 (internal Web Server), I don't ha= ve > > any problem accessing to the DCOM hosted by another machine. > > > When I run the application from a virtual directory configured in IIS 7 > > (Windows Vista), I can access too without problems. > > > But When I run the application from a virtual directori configured in II= S6 > > (Windows 2003 Server), I can't access to the DCOM machine. > > > I try everything, same users and passwords, same workgroup, etc, but the= > > problem is just with IIS6. > > > Any suggestion > > This does not look like an IIS6 problem because it does nothing > special for or against DCOM. > > You need to start looking at what is different between the machines > and your requirements of DCOM. > > For example, is the firewall enabled on Windows Server 2003. DCOM can > require additional inbound ports which if denied by the firewall > causes failures, and the Windows Server 2003 firewall is very > restrictive. > > And on what OS are you running the VS 2005 test? Windows Server 2003 > or some other OS? > > //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang > // What authentication protocol are using, and are you trying to impersonate using that user credential. All secured protocols will not allow you to impersonate and hop off the box. When you run from Visual Studio, you do so as the interactive logon user so there is no "double hop". However, when you make a request to IIS to do the same thing, that is double-hop. This is classic security behavior of Windows. IIS6 and IIS7 haven't changed how the security model works, so your configuration difference between them will give you the hint. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang
I'm Impersonating from my asp.net app with the Administrator User, but I
think is the way how IIS from one machine is recongized over the DCom server "David Wang" <w3.4you@gmail.com> escribió en el mensaje de noticias news:0c029d5f-c4c4-49ba-beea-a4ce6af11373@q1g2000prf.googlegroups.com... [quoted text, click to view] On Apr 24, 7:35 am, "Paul Calderon" <pcalder...@gmail.com> wrote: > I have 3 Machines > > Machine 1 (DCom Container) Windows 2003 Server > > Machine 2 (Web App Container) Windows 2003 Server > > Machine 3 (Developer Machine) Windows Vista > > Machine 1 have just the components we need to access from network (GIS > Components) > > Machine 2 have the website over IIS6 (can't access to the Machine 1 > components), but if i run from Visual Studio there, the components are > accesible. > > Machine 3 have a copy of the site over IIS7 (Vista), and there is no > problem, when I run in Visual Studio, the components are accesible too > > All the firewalls are disabled. > > In this scenario we have 3 web servers, (IIS6, IIS7 and Visual Studio Web > Server), I think is the way how each server try to connect to machine1, > I'm > using the same impesonalization from the 3 webservers, but I have problems > just with IIS6 > > Any other suggestion > > "David Wang" <w3.4...@gmail.com> escribió en el mensaje de > noticiasnews:b5758e81-4633-4ea0-b43e-1b371aca5df7@j33g2000pri.googlegroups.com... > On Apr 23, 4:34 pm, "Paul Calderon" <pcalder...@gmail.com> wrote: > > > I'm developing an web application with DCOM interfaces. > > > When I run the application from VS2005 (internal Web Server), I don't > > have > > any problem accessing to the DCOM hosted by another machine. > > > When I run the application from a virtual directory configured in IIS 7 > > (Windows Vista), I can access too without problems. > > > But When I run the application from a virtual directori configured in > > IIS6 > > (Windows 2003 Server), I can't access to the DCOM machine. > > > I try everything, same users and passwords, same workgroup, etc, but the > > problem is just with IIS6. > > > Any suggestion > > This does not look like an IIS6 problem because it does nothing > special for or against DCOM. > > You need to start looking at what is different between the machines > and your requirements of DCOM. > > For example, is the firewall enabled on Windows Server 2003. DCOM can > require additional inbound ports which if denied by the firewall > causes failures, and the Windows Server 2003 firewall is very > restrictive. > > And on what OS are you running the VS 2005 test? Windows Server 2003 > or some other OS? > > //Davidhttp://w3-4u.blogspot.comhttp://blogs.msdn.com/David.Wang > // What authentication protocol are using, and are you trying to impersonate using that user credential. All secured protocols will not allow you to impersonate and hop off the box. When you run from Visual Studio, you do so as the interactive logon user so there is no "double hop". However, when you make a request to IIS to do the same thing, that is double-hop. This is classic security behavior of Windows. IIS6 and IIS7 haven't changed how the security model works, so your configuration difference between them will give you the hint. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang //
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |