Web Service Security problem

From: Russ (russk2_at_eticomm.net)
Date: 05/15/04

  • Next message: Bill Bush: "Remoting.Channels.Tcp" 
    Date: Fri, 14 May 2004 21:11:55 -0400

    Hello. I'm still struggling with a million new concepts in this .NET
    world, so forgive me if the answers are obvious.

    I wrote a test web service using managed C++. It works ok on
    localhost but I need it to open files on another machine on the lan.
    When I try to do that, it fails with error 2 (file not found). But
    the file is there and accessible through windows explorer and normal
    application programs.

    Security auditing on the target machine (Win2K server) indicates a
    failed logon attempt by user ASPNET every time I try to open the file.
    It says "unknown user or bad password".

    I think the problem is the use of the user ASPNET for trying to access
    another computer on the lan. How can I cause the web service to use a
    different username that is known to the domain server?

    I read somewhere that asp.net security does not apply to non .NET
    resources. Since I am trying to open a simple text file (using
    CFile::Open or even fopen), I don't think the solution is to be found
    in machine.config or web.config. I have tried changing the username
    in the process model in machine.config on the server to "SYSTEM", and
    same on the workstation on which the web service is running, but to no
    avail.

    Another possible issue is the ASPNET account on the server. That
    account was initially disabled when I looked at it. Each security
    audit indicated that the user domain was the workstation. After
    enabling the ASPNET account on the server, subsequent security audit
    failures showed the domain of the ASPNET user to be the server. But
    it still fails.

    Help?

    Russ

  • Next message: Bill Bush: "Remoting.Channels.Tcp"

    Relevant Pages

    • RE: Web Service Implementation Security Question
      ... Server was unable to process ... CompilerParameters parameters, Assembly assembly, Hashtable assemblies) at ... > As for the security problems regarding on using TypedDAtaset in asp.net ... Web Service Implementation Security Question ...
      (microsoft.public.inetserver.iis.security)
    • Re: Web Service Security problem
      ... the server. ... the failed logon attempt was ASPNET. ... >Allowin that account access to lan resources would be a large security risk. ... >> Another possible issue is the ASPNET account on the server. ...
      (microsoft.public.dotnet.framework.aspnet.webservices)
    • RE: WSE 2.0, smart client, Username authentication, no x.509
      ... web services WSE 3.0 hosts them without a web server for you (read the WSE ... To perform authentication, because your database does not contain user ... the implementation William Stacey has uses Security ... > server where my web service is ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: Web Service Security problem
      ... The web service project should hav a web.config. ... Allowin that account access to lan resources would be a large security risk. ... > different username that is known to the domain server? ... > Another possible issue is the ASPNET account on the server. ...
      (microsoft.public.dotnet.framework.aspnet.webservices)
    • ADOMD.NET and Sharepoint
      ... I have a web service that uses ADOMD.NET. ... The Security ... the web service works on the server with sharepoint. ... mscorlib, Version=1.0.5000.0, Culture=neutral, ...
      (microsoft.public.sharepoint.portalserver.development)