 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Component Services / November 2004Access denied to file from ServicedComponent
I would greatly appreciate help on issue that looks as have been resolved before: I wrote a ServicedComponent that reads and writes files to a folder on a network share. Platform is Windows 2000. It gets called by ASPNET (local account) that do not have access to the folder. But I configured this component to run as Server ([assembly: ApplicationActivation(ActivationOption.Server)]) with following settings: [assembly: ApplicationAccessControl(true,AccessChecksLevel=AccessChecksLevelOption.ApplicationComponent, Authentication=AuthenticationOption.Packet, ImpersonationLevel=ImpersonationLevelOption.Impersonate)] I set Identity to run under my domain account (in development environment). I put this component into GAC and registered with regsvcs.exe component method has line like: FileInfo _file = new FileInfo("\\server01\share$\Data\somefile.pdf"); I am not getting any Exception, but in Wahtch window I see following: ((System.MarshalByRefObject)(((System.IO.FileSystemInfo)(_file)))) __identity <undefined value> System.Object ERROR_ACCESS_DENIED 5 int ERROR_INVALID_PARAMETER 87 int Length <error: an exception of type: {System.IO.IOException} occurred> long That makes me think that I am missing something in configuration of the Component. Again, I would heartly apprecciate any clue on what I am missing with this Component. Serviced components do not need to be in the GAC. I'll ask the obvious question: Does the domain account have rights to read/write to that network share? You do realize that "share$" (I assume this is a physical drive) is an "admin share" and requires the account to be an administrator on the box that hosts the share itself? What happens if you create a normal share and try to hit that instead?  SignatureKlaus H. Probst, MVP http://www.vbbox.com/ > I would greatly appreciate help on issue that looks as have been resolved > before: [quoted text clipped - 7 lines] > ApplicationActivation(ActivationOption.Server)]) with following settings: > [assembly: ApplicationAccessControl(true,AccessChecksLevel=AccessChecksLevelOption.Appl icationComponent, > Authentication=AuthenticationOption.Packet, > ImpersonationLevel=ImpersonationLevelOption.Impersonate)] [quoted text clipped - 19 lines] > Again, I would heartly apprecciate any clue on what I am missing with this > Component. Yes, domain account has write permission (as well as administrator) on the share. Checked against normal share - the same result. Also - since it is my first COM+ component - I noticed that I did not do following: - I did not have public interfaces in the Component, just public static methods (inside of which I create an instance of the class) - I did not set any roles for the Component Should I have to have them? Thanks in advance, Victor Kh. You have to have public methods in the class hosted by COM+, otherwise you won't be able to call anything on it =) Roles are for *client* authentication. If you turn on security for the COM+ application then you need at least one role with one account (or group) in it to access the components in the application. Otherwise you don't need roles. SignatureKlaus H. Probst, MVP http://www.vbbox.com/ > Yes, domain account has write permission (as well as administrator) on the > share. [quoted text clipped - 10 lines] > Thanks in advance, > Victor Kh. Like I wrote before, I do have public methods: public class fileMgr { protected FileInfo fl; public fileMgr() {} public static long Copy (string sourceFileName, string targetFileName) { fileMgr mgr = new fileMgr(); mgr.fl = new FileInfo(sourceFileName); if (mgr.fl.Exists) { mgr.fl.Copy(targetFileName) } else { throw new ex("Missing file " + sourceFileName); } } } In the web page I call: fileMgr.Copy("\\server01\share$\Data01\somefile.pdf","\\server02\normalshare\Data02\newname.pdf"); Because of security problem I am always getting that file does not exists. That why I am saying that it looks like I am missing something in configuration of the COM+ component. Tried different things - did not find any thing yet. Any hint would be greatly appreciated Vic Well, ultimately the issue here is the COM+ *security* configuration, not the public interface of your components. If you are getting an access denied exception then there's really not much you can do except ensure that you *are* running the COM+ application under the correct identity (have you verified that you are running in COM+ at all? If it's a server application, can you see it "spinning" when it activates in the COM+ admin?) and that it has the necessary permissions to read/write that share. SignatureKlaus H. Probst, MVP http://www.vbbox.com/ > Like I wrote before, I do have public methods: > [quoted text clipped - 21 lines] > > In the web page I call: fileMgr.Copy("\\server01\share$\Data01\somefile.pdf","\\server02\normalshare \Data02\newname.pdf"); > Because of security problem I am always getting that file does not exists. > That why I am saying that it looks like I am missing something in [quoted text clipped - 3 lines] > > Vic Yes, I do. I see the icon spinning in Component Services control center when I call the method. I use my own domain account to make sure it has permissions to read/write on the network share. Maybe, I am missing any Service Pack? Does it matter if I try this component on Win2K Workstation, not Server? Victor > Well, ultimately the issue here is the COM+ *security* configuration, not > the public interface of your components. [quoted text clipped - 45 lines] >> >> Vic > Yes, I do. I see the icon spinning in Component Services control center when > I call the method. OK, just checking. > I use my own domain account to make sure it has permissions to read/write on > the network share. If you use it as the COM+ identity, does it work? > Maybe, I am missing any Service Pack? Well, I'd make sure you have the latest of everything but a simple thing like should work regardless. > Does it matter if I try this component on Win2K Workstation, not Server? No, they behave exactly the same. The other thing I could think of is maybe a firewall that's blocking traffic from one server to another? FWIW, I'm running W2KPro here and I just tried a simple COM+ app under a domain account and I can access the c$ share on my Windows 2003 server after making the account an admin on the box. SignatureKlaus H. Probst, MVP http://www.vbbox.com/ >If you use it as the COM+ identity, does it work? If I understand correctly the question, I use this account for my COM+ component. I set up this component as Server application and changed identity from Interactive user to this domain account. I thought, it would be the trick of impersonation ( I set to Packet/Impersonate) of user - no it does not work. My domain account has Admin rights on both boxes - my Win2Pro and another (where shares are - both: $ and public), that COM+ is accessing. Victor >> Yes, I do. I see the icon spinning in Component Services control center > when [quoted text clipped - 25 lines] > after > making the account an admin on the box. Don't use local account - set processModel account to a domain acount. > I would greatly appreciate help on issue that looks as have been resolved > before: [quoted text clipped - 7 lines] > ApplicationActivation(ActivationOption.Server)]) with following settings: > [assembly: ApplicationAccessControl(true,AccessChecksLevel=AccessChecksLevelOption.Appl icationComponent, > Authentication=AuthenticationOption.Packet, > ImpersonationLevel=ImpersonationLevelOption.Impersonate)] [quoted text clipped - 19 lines] > Again, I would heartly apprecciate any clue on what I am missing with this > Component. I am still at the same point, that's what I see at target computer Event Log : Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 11/19/04 Time: 1:02:48 PM User: NT AUTHORITY\SYSTEM Computer: SOURCECOMPUTER Description: Logon Failure: Reason: Unknown user name or bad password User Name: ASPNET Domain: TARGETCOMPUTER Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: TARGETCOMPUTER It tells me that Component Services do not do any impersonation at all. WHY??? Thanks, Victor "VK" <vk@nowhere.net> wrote in message news:... > >If you use it as the COM+ identity, does it work? > [quoted text clipped - 37 lines] >> after >> making the account an admin on the box. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.