Re: Web Service Security problem

From: Russ (russk2_at_eticomm.net)
Date: 05/15/04

  • Next message: Jan Tielens: "Re: WSE 1.0" 
    Date: Sat, 15 May 2004 13:18:38 -0400

    Thank you for that. This solves the problem of accessing a text file.
    But I still have another permission problem that you MAY be able to
    help me with.

    I have Pervasive Software's Btrieve engine (version 2000i) running on
    the server. Although I can now access a text file, trying to open one
    of the Btrieve files via a call to it's requester (from the web
    service) fails with an error 94 - permission error.

    Before I added impersonation to the web.config, the user name shown in
    the failed logon attempt was ASPNET. Now the user name and domain are
    changed to the ones specified, but the logon still fails (only when
    the request is through the Btrieve engine). Access to the same file
    is successful when the request is done from a normal windows client
    program (unmanaged code and not a web service).

    I know this is probably a Btrieve problem, and I have posted a query
    to the appropriate news group, but I thought I would ask here too in
    case you, or anyone, has any idea how to cure this.

    Thanks, Russ

    On Sat, 15 May 2004 05:47:06 -0400, "CodeMeister"
    <codemeister@codemeister.net> wrote:

    >The web service project should hav a web.config.
    >
    >In the web.config file, set the identity element as follows:
    >
    ><identity impersonate="true" userName="domain\someuser"
    >password="somepassword" />
    >
    >make sure the domain\someuser has access permission to the files on te lan.
    >
    >The ASPNET account is the default account used by the .Net process for
    >ASP.Net. It is used by default for every ASP.Net application on a machine.
    >Allowin that account access to lan resources would be a large security risk.
    >
    >Since the web.config is a text file, the username and password elements
    >should be encrypted if you are using .Net 1.1. The information on encryption
    >can be found at
    >http://support.microsoft.com/default.aspx?scid=kb;en-us;329290
    >
    >
    >
    >"Russ" <russk2@eticomm.net> wrote in message
    >news:qiqaa0dmjbvjk56j2stiplf3m5apad7ijn@4ax.com...
    >> Hello. I'm still struggling with a million new concepts in this .NET
    >> world, so forgive me if the answers are obvious.
    >>
    >> I wrote a test web service using managed C++. It works ok on
    >> localhost but I need it to open files on another machine on the lan.
    >> When I try to do that, it fails with error 2 (file not found). But
    >> the file is there and accessible through windows explorer and normal
    >> application programs.
    >>
    >> Security auditing on the target machine (Win2K server) indicates a
    >> failed logon attempt by user ASPNET every time I try to open the file.
    >> It says "unknown user or bad password".
    >>
    >> I think the problem is the use of the user ASPNET for trying to access
    >> another computer on the lan. How can I cause the web service to use a
    >> different username that is known to the domain server?
    >>
    >> I read somewhere that asp.net security does not apply to non .NET
    >> resources. Since I am trying to open a simple text file (using
    >> CFile::Open or even fopen), I don't think the solution is to be found
    >> in machine.config or web.config. I have tried changing the username
    >> in the process model in machine.config on the server to "SYSTEM", and
    >> same on the workstation on which the web service is running, but to no
    >> avail.
    >>
    >> Another possible issue is the ASPNET account on the server. That
    >> account was initially disabled when I looked at it. Each security
    >> audit indicated that the user domain was the workstation. After
    >> enabling the ASPNET account on the server, subsequent security audit
    >> failures showed the domain of the ASPNET user to be the server. But
    >> it still fails.
    >>
    >> Help?
    >>
    >> Russ
    >

  • Next message: Jan Tielens: "Re: WSE 1.0"

    Relevant Pages

    • Re: Windows Identity and IIS6.0
      ... Please undo your permission changes to ISA_User and ASPNET account -- they ... On IIS6, ASP.Net is configured to not impersonate, and the Application Pool ... My operating system is Win 2003, Framework is 1.1 and Web Server is IIS 6.0 ... I have give Full permission to the ISA_User account and ASPNET Account. ...
      (microsoft.public.inetserver.iis)
    • Re: Web Service Security problem
      ... The web service project should hav a web.config. ... Allowin that account access to lan resources would be a large security risk. ... > different username that is known to the domain server? ... > Another possible issue is the ASPNET account on the server. ...
      (microsoft.public.dotnet.framework.aspnet.webservices)
    • Web Service Security problem
      ... I wrote a test web service using managed C++. ... failed logon attempt by user ASPNET every time I try to open the file. ... different username that is known to the domain server? ... I read somewhere that asp.net security does not apply to non .NET ...
      (microsoft.public.dotnet.framework.aspnet.webservices)
    • Re: Access a Network Share From ASP.NET
      ... If you have correctly followed instructions on creating custom ASPNET ... server also your development machine? ... You should now have command prompt window running as ASPNET account ... Go there and check share permissions and file permissions ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Problems with authenticated users accessing asps
      ... the ASPNET user (or more accurately as the user that is running the ASPNET ... So even if the site is NT auth and the user logs in, ... actual file access for read and write is as the aspnet account. ... > I have IIS serving static content and asp's from IIS6 on Win2003 Server. ...
      (microsoft.public.inetserver.iis.security)