 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / CLR / March 2005GAC, Fusion.dll and Access Denied
We have a series of COM+ applications written in vb.net. Each consists of a component which is contained in a strong-named DLL hosted in the GAC. I am trying to write a "simple" software distribution application which will allow us to maintain our development environments - having to manually configure GAC and COM+ on many remote machines everytime we change a DLL is a time-consuming error-prone chore. My application is an intranet asp.net application. What it needs to do is... 1) Copy a new DLL from a "release directory" to a remote server 2) Install that DLL into the GAC 3) (re)Configure the COM+ application which uses the DLL. It does (1) and (3) quite happily. I've tried numerous different ways of doing (2) with limited success. If I start another process which runs pstools/psexec from the webapplication's server to execute gacutil on the remote machine, it WORKS....But only if the webapplication is running on localhost. if the webapp is running on a server it executes GACUTIL OK, but GACUTIL reports an "access denied" error. If I make the webapplication call a webservice on the remote server and include your GAC-API wrapper within that webservice, I *always* get "access is denied" as the exception thrown from the HRESULT of the GAC Install. Even if I attach the admin credentials to the webservice method call and <impersonate> on the webservice itself. Even if the calling webapp is running on localhost. I think I read somewhere that to install into the GAC the code has to be running with FullTrust and as an Administrator. I think both of these must be true (How do I tell in code?) as I have given "Local Intranet" zone FULLTRUST and the webservice's current identity is an administrator. As the exception is thrown by the wrapper, I can't see what's causing it in Fusion.dll. Fusion log viewer doesn't shed any light - I don't see any failures. FileMon doesn't shed any light - I don't see any failures. I've tried asserting permissions in case it's something-up-the-callstack that the "access is denied" is failing on, but I've no idea what to assert, because I can't see the real exception. Please advise what else I can do to fix this. That is odd. FileMon should give you some information. Are you running FileMon on the right machine? Sample managed code to check if you are admin or not : http://blogs.msdn.com/brada/archive/2004/10/01/236870.aspx There is a bug in v1.0/v1.1 fusion GAC API that it *remembers* the permission you have when install. If the first time installation failed due to permission reason (like you are not admin), any subsequent installation will fail (in the same process), regardless whether you have permission or not. But I don't see how this bug will affect you.  SignatureJunfeng Zhang http://blogs.msdn.com/junfeng This posting is provided "AS IS" with no warranties, and confers no rights. > We have a series of COM+ applications written in vb.net. Each consists > of a component which is contained in a strong-named DLL hosted in the [quoted text clipped - 48 lines] > > Please advise what else I can do to fix this. Thanks for your reply. I've carried on with my investigations and.... As I expected, the code is running as an Admin (The isinrole check confirms it). I've run filemon again and the only bit of interest is.... 34 08:54:42 w3wp.exe:3992 OPEN C:\WINDOWS\help\iisHelp\common\401-1.htm SUCCESS Options: Open Access: All 35 08:54:42 w3wp.exe:3992 QUERY INFORMATION C:\WINDOWS\help\iisHelp\common\401-1.htm SUCCESS FileFsVolumeInformation 36 08:54:42 w3wp.exe:3992 QUERY INFORMATION C:\WINDOWS\help\iisHelp\common\401-1.htm BUFFER OVERFLOW FileAllInformation 37 08:54:42 w3wp.exe:3992 QUERY INFORMATION C:\WINDOWS\help\iisHelp\common\401-1.htm SUCCESS Length: 1539 38 08:54:42 w3wp.exe:3992 READ C:\WINDOWS\help\iisHelp\common\401-1.htm SUCCESS Offset: 0 Length: 1539 39 08:54:42 w3wp.exe:3992 CLOSE C:\WINDOWS\help\iisHelp\common\401-1.htm SUCCESS 40 08:54:42 w3wp.exe:3992 QUERY INFORMATION C:\WINDOWS\assembly\GAC SUCCESS Attributes: D 41 08:54:42 w3wp.exe:3992 QUERY INFORMATION C:\WINDOWS\assembly\GAC\c:\program files\allianceleicester\feefetcher\feefetcher_com.dll NAME INVALID Attributes: Error Line 41 looks a bit strange. "feefetcher_com.dll" is the dll I am trying to install into the GAC, but I don't know where the "c:\windows\assembly\gac".... bit of this path is coming from. I pass the "C:\program files...." bit. The error I get is.... System.UnauthorizedAccessException: Access is denied. at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode, IntPtr errorInfo) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32 errorCode) However, if I logon to the remote machine using TS and call the same "GacManagedAccess" DLL from a console app with the same arguments, running as the same user as my webservice.....it works fine. Dave Interesting. Sorry that is not much I can help you more. It does sound like you did not use the APIs correctly but I can't not tell. You will have to keep debugging. SignatureJunfeng Zhang http://blogs.msdn.com/junfeng This posting is provided "AS IS" with no warranties, and confers no rights. > Thanks for your reply. I've carried on with my investigations and.... > [quoted text clipped - 45 lines] > > Dave Can you tell me if this is an ACL related "access is denied" or a CAS "access is denied"? I'm using the same DLL to call the Fusion API's in both cases........I can't see any reason why it would work from an interactive logon, but fail from an impersonated logon of the same user unless it was CAS related......Is there a reason? If it is CAS related, can you tell me what permission I'll need to ASSERT in my DLL to prevent the stack-crawl going back to the aspnet user's level....? Sorry for all the questions, but I feel like I'm shooting in the dark. I'm an application programmer, not a systems programmer. It really shouldn't be this difficult to release a DLL! Dave It is ACL. Fusion don't use CAS, since fusion is all unmanaged. SignatureJunfeng Zhang http://blogs.msdn.com/junfeng This posting is provided "AS IS" with no warranties, and confers no rights. > Can you tell me if this is an ACL related "access is denied" or a CAS > "access is denied"? [quoted text clipped - 13 lines] > > Dave
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.