Re: Using GAC from a Web Service
From: Mickey Williams (my)
Date: 03/31/04
- Next message: lalo: "Web services in spanish"
- Previous message: Mike Lynch: "Add attributes to Web Service Response"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 31 Mar 2004 10:32:29 -0800
You're right - you need full trust if you're using OLE DB. The GAC doesn't
change security requirements or privilege, which makes sense because it's
trivial for a bad guy to deploy an evil component into the GAC. Is there any
chance you could move to MSDE? You'll get perf and stability benefits, and
you won't require full trust.
I'm really not an Access guy, but try putting the MDB in a specific folder,
and granting rights to the security principal that your site is running
under (grant rights to that specific folder only) via ACLs. And you really
should run the ASP.NET process under a security principal that has as few
privileges as possible, so don't run as SYSTEM - your process will be way
too dangerous if it's compromised.
You've probably heard this before, but MDBs aren't recommended for
contentious access via arbitrary threads, and that's what you'll get with
ASP.NET - so even after you get this working, you may see perf and stability
problems.
-- Mickey Williams Author, "Microsoft Visual C# .NET Core Reference", MS Press www.servergeek.com "John" <anonymous@discussions.microsoft.com> wrote in message news:FC6E3E86-866C-47C8-976A-EABF26A9A219@microsoft.com... > > Hi Micky: > > Thanks for your reply. My Web Service has to open an OleDbConnection (which requires Full Trust), and also it has to write to the event log. > > Actually, while the web service runs great on IIS 5, I am having alot of permissions problems in IIS 6, and I am trying to remedy the situation by sandboxing, but it doesn't seem to make any difference whether I put the assembly in the GAC or not. > > Do you happen to know exactly what I need to configure on IIS 6 in order for my web service to be able to access an MDB file via OLEDB and write to the event log? I got it working on 1 machine (except the event log access from the sandboxed class) with IIS 6, but I can't seem to replicate this on another IIS 6 machine. > > So far, I have tried: > > 1) Using the GAC class mentioned above (this doesn't seem to have any effect either way - hence my question) > 2) Giving NETWORK SERVICE read/write perms on the folder containing the MDB file. (This has a definite effect) > 3) Adding my web service under the Web Service Extensions node of IISADMIN ( as in 1, no effect either way) > > Can you think of anything else I may be missing. Like I said, it works on one IIS 6 (regardless of 1,3) and not on another. > > Many thanks, > > John > > ----- Mickey Williams wrote: ----- > > Where did you see the recommendation for the GAC install? Although you get a > number of benefits if you use a strong name, I don't see anything in your > scenario description that requires an installation to the GAC. > > -- > Mickey Williams > Author, "Microsoft Visual C# .NET Core Reference", MS Press > www.servergeek.com > > > "John" <anonymous@discussions.microsoft.com> wrote in message > news:DE9EBFDD-B7AE-4E09-B869-792F3564B16B@microsoft.com... > > I have a web service that accesses a DB and writes to the event log. > According to MS, it is recommended to SANDBOX the DB code into a trusted > assembly and put it in the GAC. > >> I have attempted to do this by creating a class, and then referencing it > (from its local project) in my project, then I sign it and install it in the > GAC. > >> Is this correct, or is the version in the GAC not being referenced since > there is a local version in the Web service folder? > > >
- Next message: lalo: "Web services in spanish"
- Previous message: Mike Lynch: "Add attributes to Web Service Response"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
