serviced components and forms authentication = frustration :(

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Brian Newtz - 26 Mar 2004 14:53 GMT

Hi everyone,

I'm in desperate need of help here, I'm about to pull my hair out over this
one.

I wrote a serviced component in C#, which basically just performs System.IO
operations like File.Exists, Directory.Exists, etc. The reason I wrote this
is to allow me to retreive and query the file system on UNC paths from
asp.net. This all worked great from my intranet site which uses windows
authentication and impersonation; allowing me to only have to worry about
the permissions of the configured com+ server identity.

Now I need to use the same functionality for our public site. This site uses
forms authentication and a custom principal class to manage the roles of the
user. The problem is that I get the error:

QueryInterface for interface UncDataManager.IUncDataManager failed.

at the point that I call a method on my serviced component. What really gets
me is that if I change my web.config to allow anonymous users, and then turn
impersonation on, using my own windows credentials (I explicitly specify
them in web.config), my serviced component runs just fine.

Digging into MSDN I found that the serviced component will be invoked by the
current Win32 thread identity, which can be seen by doing a
WindowsIdentity.GetCurrent(). With forms authentication, this should be
equal to the processModel account, which I verified to be true. My
processModel identity is a domain account which has read/write permissions
to all the necessary directories. I even tried adding the processModel
account to the local administrators group, but still no luck.

Something sure doesn't seem right here, (especially since it works when I
use impersonation), but I'm out of ideas. I've even tried using a
WindowsImpersonationContext to impersonate the WindowsIdentity.GetCurrent()
account (the processModel account) before making a call to to the serviced
component method, but that didn't work either.

Please help!!!
-Brian

Reply to this Message

Brian Newtz - 26 Mar 2004 16:50 GMT

I don't know if this may help diagnose my problem further, but while
watching processes when calling a method for my serviced component I've
noticed something.

If, from a fresh boot of the system, I fire up a browser and go to my
intranet site (where the serviced component works), and request a page that
uses one of its methods, everything works like normal, and a dllhost.exe
process is created (the component server). If I then browse to the extranet
site and log in via forms authentication (where the serviced component
normally DOESN'T work), it now WORKS!

Now if I switch the order that I open the sites in from a fresh boot, I get
the queryinterface error from the extranet site, and then I ALSO get an
error on the intranet site!

I get this error until I kill the aspnet_wp.exe process and it has to
restart itself. Then the intranet works again. It seems like whatever
initial credentials are supplied to the worker process on the first aspx
request is what it continues to use from that point on, even if both
websites are in separate applications in IIS.

So what's going on here? If the intranet kicks off aspnet_wp under the
context of the first domain user to request a page, and those credentials
are used from that point on, what's the difference between that account and
the processModel account which is used by the extranet site (which I also
have as a domain user)? The processModel account belongs to the same domain
groups that all of our other domain users belong to.

Utterly confused,
-Brian

> Hi everyone,
>
[quoted text clipped - 35 lines]
> Please help!!!
> -Brian

Reply to this Message

serviced components and forms authentication = frustration :(

Free Magazines