Re: Want to Reboot server from ASPX page
From: Sharon (talsharon_at_hotmail.com)
Date: 04/19/04
- Next message: Miguel Dias Moura: "Re: Problem with language. Thank You."
- Previous message: Rick Strahl [MVP]: "Re: Design Time Support"
- In reply to: Chris Botha: "Re: Want to Reboot server from ASPX page"
- Next in thread: Sharon: "Re: Want to Reboot server from ASPX page"
- Reply: Sharon: "Re: Want to Reboot server from ASPX page"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 19 Apr 2004 03:58:52 +0200
maybe this way will work:
aspx page
=========
<%@ Page Language="cs" %>
<%@ import namespace="System.Threading" %>
<%@ import namespace="test" %>
<%
string[] passArr = new string[2]{"arr val 1", "arr val 2"};
ThreadProc tp = new ThreadProc(passArr);
Thread t = new Thread(new ThreadStart(tp.ThreadProcStart));
t.Start();
%>
<html>
<head>
</head>
<body>
</body>
</html>
thread class
==========
using System.Threading;
using System.IO;
namespace test
{
public class ThreadProc
{
private string[] m_dispStrArr;
public ThreadProc(string[] inStrArr) {
m_dispStrArr = inStrArr;
}
public void ThreadProcStart() {
for (int i = 0; i < 20; i++)
{
StreamWriter fsw =
File.AppendText(System.AppDomain.CurrentDomain.BaseDirectory + "\\log.txt");
fsw.WriteLine("m_dispStr: " + m_dispStrArr[0] + " " + m_dispStrArr[1]
+ " i: " + i);
fsw.Close();
fsw = null;
Thread.Sleep(1000);
}
}
}
}
it works but, maybe you can find a flaw?
"Chris Botha" <chris_s_botha@AT_h.o.t.m.a.i.l.com> wrote in message
news:OntwFfZJEHA.3544@TK2MSFTNGP10.phx.gbl...
> I don't think impersonation works with forms authentication, but I may be
> wrong, always some surprise somewhere (it works with Integrated Widows
auth,
> as well as Basic Auth).
> To switch anonymous access off, run IIS Service Manager, find your Web App
> under the Default Web Site, right click on it, properties, then Directory
> Security, then hit the top edit button and uncheck the anonymous access.
> After doing this, hitting the page with IE, if you are not an
authenticated
> user, you will be prompted to sign in (if you are authenticated, it won't
> prompt you), and that will be the user impersonated (unless you specified
a
> username/password on the impersonate line in the web.config file).
>
> Second solution, I'm not sure if it will work, but it may, write an
ActiveX
> dll, install it in COM+ specifying the credentials it should run under,
and
> call it from your aspx page. Beware that if it works, anyone hitting the
> page can re-boot the computer.
>
> I don't know what setting the "user='SYSTEM'" in the machine.config does.
>
> "Terry" <anonymous@discussions.microsoft.com> wrote in message
> news:7C3AB4EA-79F3-4465-9A5E-DD8379D164D3@microsoft.com...
> > OK, I have verified that the shutdown related code is working fine from
> > a regular app.
> >
> > How do I switch off anonymous access to the virtual directory?
> > Are you talking about adding a statement like <deny user="?">
> > in my web.config file or are you talking about a setting in
> > the IIS Service Mgr.
> >
> > I am using a simple application based 'Forms' authentication.
> > In this case if I use <identity impersonate="true" /> who would
> > it be impersonating ... or in this case because I am using Forms
> > authentication would I have to spell all that out like
> > <identity impersonate="true" userName="abc" password="def">
> >
> > I am still a little puzzled by all this impersonate stuff ... if you do
> > impersonation what is the point of setting the user='SYSTEM' in
> > the machine.config file?
> >
> > Thanks,
> >
> > Terry
> >
> > ----- Chris Botha wrote: -----
> >
> > Terry, first get the code to run in a normal Windows App, so you
know
> that
> > it works.
> > After that, it should be a security issue, and impersonation should
> work,
> > but you also have to switch off anonymous access to the virtual
> directory
> > for impersonation to work.
> > To ensure that your impersonation is set up correctly, add a test
> call
> > somewhere in a form, returning the current user, and check that it
is
> what
> > you expect (not the anonymous, or ASP.NET user, etc). To get the
> current
> > user, call
> > System.Security.Principal.WindowsIdentity.GetCurrent().Name
> >
> > "Terry" <anonymous@discussions.microsoft.com> wrote in message
> > news:27B39478-93C0-42AE-9ECE-A49E9EC01AE7@microsoft.com...
> > > I am developing a asp.net web based service application for our
> product.
> > > I am trying to trigger a reboot of the server based on a user
> request.
> > > I believe I have all the appropriate code for AdjustingTokens etc
> and
> > > all those calls seem to succeed, however, the final call to
> ExitWindowsEx
> > > is failing with 'Access Denied'.
> > >> In my machine.config, I have already set the userName to
'System'
> as I
> > > seem to require this for some other functionality I implemented.
I
> also
> > tried
> > > to impersonate a local user account with admin priviledges via my
> > applications
> > > web.config file but that failed as well with the same 'Access
> Denied' (by
> > the
> > > way what exactly does 'impersonate' in the web.config do when the
> > machine.config
> > > file already lets me specify the user as 'SYSTEM'?)
> > >> I expect there is some other security thing that I need to
twiddle
> ... any
> > ideas greatly
> > > appreciated (with as much detail as possible, I am very new to
this
> whole
> > web security
> > > stuff).
> > >> Thanks,
> > >> Terry
> > >
>
>
- Next message: Miguel Dias Moura: "Re: Problem with language. Thank You."
- Previous message: Rick Strahl [MVP]: "Re: Design Time Support"
- In reply to: Chris Botha: "Re: Want to Reboot server from ASPX page"
- Next in thread: Sharon: "Re: Want to Reboot server from ASPX page"
- Reply: Sharon: "Re: Want to Reboot server from ASPX page"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
