 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Interop / November 2003Impersonation with ActiveX EXE
Hi, I have an ASP.NET application written in VB.NET. We have several COM DLLs written in VB 6 and I have one COM EXE (ActiveX EXE) written in VB 6 as well. I am using account impersonation in my Web.config file by adding the following tag: <identity impersonate="true" userName="user" password="pwd"></identity> In my machine.config file I am using the ASPNET account that has limited privileges. Impersonation works great, even accessing files over the network. Except when dealing with my COM EXE. I have a COM DLL that makes creates the COM EXE to do some processing. When I make the call into the COM DLL it can't create the COM EXE object. I get permission denied. After some fooling around it looks like when creating the COM EXE, the ASPNET account is used to run the COM EXE process. So if I give permission to launch the COM EXE in dcomcnfg to ASPNET, it works. So it seems when making a call like this: ASP.NET -> COM DLL -> COM EXE the account in machine.config is being used to run the COM EXE. Now if I try to call the COM EXE directly from my web page, impersonation works, like this: ASP.NET -> COM EXE Is this expected behaviour or am not doing something correct? Also, I tried specifiy the identity account for the COM EXE in dcomcnfg, the same one I used in my web.config file, but it seems to ignore it and just use the ASPNET account. The main thing I am trying to accomplish is specify an account to run my web app without using machine.config that could conflict with another web app. Thank you for your time, George Dear George, Thank you for your ost, I am reseaching this issue and update you soon. Thanks Jian Shen This posting is provided "AS IS" with no warranties, and confers no rights. Dear George, We can use LogonUser to imperonate directly. System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); //Insert your code that runs under the security context of the authenticating user here. impersonationContext.Undo(); You can read following document for details. INFO: Implementing Impersonation in an ASP.NET ApplicationPSS ID Number: Q306158 http://support.microsoft.com/?id=306158 Thanks Jian Shen This posting is provided "AS IS" with no warranties, and confers no rights. Jian, Thank you for your reply. Unfortunately, the code you provided below will not work with my app because I am using Forms Authentication and User.Identity is returning a System.Web.Security.FormsIdentity object. So I tried using the following code: Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity currentWindowsIdentity = WindowsIdentity.GetCurrent() impersonationContext = currentWindowsIdentity.Impersonate() This seems to work without errors and WindowsIdentity.GetCurrent() returns the account I am specifiying in Web.config, but I still recieve Permission Denied, the same error as before. I did some more reading on the Impersonate() method and there is an example using LogonUser, similar example from the article you sent me. I tried it but received the same results. Then looking in the documentation, the sample there states: ' This sample demonstrates the use of the WindowsIdentity class to impersonate a user. ' IMPORTANT NOTES: ' This sample can be run only on Windows XP. The default Windows 2000 security policy ' prevents this sample from executing properly, and changing the policy to allow ' proper execution presents a security risk. I am using Windows 2000 Server and so are all of my customers. Have you tried these examples with Windows 2000 Server? Lastly, the LogonUser API documentation states it cannot authenticate users against a remote computer, just the local computer. I am running Active Directory and all my customers are as well. Any other ideas to work around this issue? Thank you very much for your time, George >-----Original Message----- >Dear George, [quoted text clipped - 21 lines] > >This posting is provided "AS IS" with no warranties, and confers no rights. Dear George, Would you like to share your code to me so I can reproduce in my sode. My email address is jslin@microsoft.com Thanks Jian Shen This posting is provided "AS IS" with no warranties, and confers no rights. Hi George, This is security issue; I test your code in my Win2003. You need to add the user that running the IIS process to your administrator group. It works very well in my side. If you use Win2000, you can try to add ASPNET your local administrator group to test, you can start the task manager to find which user running the process. By the way, you need to restart the IIS to test when change the permission, sometime it will not refresh automatically. When you find it works, then you need to impersonate the user tat works. Thanks Jian Shen This posting is provided "AS IS" with no warranties, and confers no rights.
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.