Re: Issue with ASP.NET client, COM Interop, and Identity impersonation
From: Willy Denoyette [MVP] (willy.denoyette_at_pandora.be)
Date: 10/04/04
- Next message: BluDog: "Can Someone Please Explain..."
- Previous message: Marina: "Re: Datagrid, on the side?"
- In reply to: Anil Krishnamurthy: "Re: Issue with ASP.NET client, COM Interop, and Identity impersonation"
- Next in thread: Anil Krishnamurthy: "Re: Issue with ASP.NET client, COM Interop, and Identity impersonation"
- Reply: Anil Krishnamurthy: "Re: Issue with ASP.NET client, COM Interop, and Identity impersonation"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 4 Oct 2004 16:33:04 +0200
ASPNET, that means that your config file is not like you said in your
original post.
/ snip
ASP.NET
{Web app} -------------Interop --------------->{COM Library}
(Domain\NetworkUser)
(LocalHost\IUSR_MachineName)
/end snip
Here you say that asp.net runs as (Domain\NetworkUser), but this is not the
case. So please change your web.config file to run the worker process as
Domain\NetworkUser.
Willy.
"Anil Krishnamurthy" <akrishnamurthy@nospam.air-worldwide.com> wrote in
message news:%23udstyhqEHA.4008@TK2MSFTNGP14.phx.gbl...
>
> "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
> news:e1wifEGqEHA.376@TK2MSFTNGP14.phx.gbl...
>> With impersonation turned off, all threads in the asp.net worker process
>> use the process token when accessing remote resources, and because your
>> in-proc COM object runs in the same security context of the caller (the
>> executing thread) it will use the same token, problem solved.
>
> When impersonation is turned off, the identity is ASPNET and since that is
> a
> local account, how can you access remote resources?
>
>> About your "aspcompat" remark. If your COM object is a threadingmodel =
>> apartment type object (STA) you better run in "aspcompat" mode.
>> If you don't, your object will run on the default STA thread provided by
> the
>> asp.net worker process, this will negatively impact the performance as
>> all
>> calls have to get marshaled.
>> Just curious, why can't you set aspcompat=true?
>
> Actually, the web application team informed me that they have switched to
> AspCompat mode and it does not help much. The problem is that the call to
> COM object comes from Java script and identity impersonation does not work
> in this case. I mentioned that AspCompat flag could not used because there
> is another application, a web service, that uses the same set of COM
> objects.
>
> Anil
>
>>
>> "Anil Krishnamurthy" <akrishnamurthy@nospam.air-worldwide.com> wrote in
>> message news:O07jprAqEHA.3760@TK2MSFTNGP09.phx.gbl...
>> >
>> > "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
>> > news:eYcNdGAqEHA.1816@TK2MSFTNGP09.phx.gbl...
>> >>
>> >> How is that possible? if asp.net is running in a domain identity
> context
>> > AND
>> >> you don't have impersonation enabled, the in-proc COM object should
>> >> run
>> > with
>> >> the same domain user's credentials, where else would the local account
>> >> identity come from?
>> >>
>> >
>> > Impersonation is enabled in Web.config and it is set to use a domain
>> > account. But on COM object side, when I try to get the user name, it is
>> > IUSR_MachineName and that is not what I want. Also, I cannot use
>> > AspCompat="true".
>> >
>> > Anil
>> >
>> >
>>
>>
>
>
- Next message: BluDog: "Can Someone Please Explain..."
- Previous message: Marina: "Re: Datagrid, on the side?"
- In reply to: Anil Krishnamurthy: "Re: Issue with ASP.NET client, COM Interop, and Identity impersonation"
- Next in thread: Anil Krishnamurthy: "Re: Issue with ASP.NET client, COM Interop, and Identity impersonation"
- Reply: Anil Krishnamurthy: "Re: Issue with ASP.NET client, COM Interop, and Identity impersonation"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
