Re: Remote control of windows service with windows 2003 server
From: pberna (xxx_at_iol.it)
Date: 11/15/04
- Next message: Steve C. Orr [MVP, MCSD]: "Re: ASP.NET & Access Database!"
- Previous message: Scott Simons: "RE: posting to SQL"
- In reply to: Scott Allen: "Re: Remote control of windows service with windows 2003 server"
- Next in thread: Scott Allen: "Re: Remote control of windows service with windows 2003 server"
- Reply: Scott Allen: "Re: Remote control of windows service with windows 2003 server"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 15 Nov 2004 19:06:12 GMT
Dear Scott,
Thank again. I'm trying to use your indication now
The application is used only to start/stop a service remotely and to
launch/terminate an application remotely. Yes, the application is exposed to
the internet.
I think that I could also use Windows Authentication instead of Web Form
authentication, but I have a company firewall between the client and the
server (under my full control), so I want to be sure that all messages are
based on http protocol. Sorry but I'm moving the first step on this
technology
Regards,
Paolo
"Scott Allen" <bitmask@[nospam].fred.net> ha scritto nel messaggio
news:pbjhp0tn5pduf9dsgcilp61750s3roplpq@4ax.com...
> Hi pberna:
>
> Impersonation is more difficult in forms authentication. If you use
> the username and password attributes of the <identity> tag then yes,
> you are passing the username and password for a windows account. Every
> local resource ASP.NET touches will be done with the credentials
> specified in the <identity> tag, for example, file access, service
> control, connecting to a database with a trusted connection.
>
> Is the web application soley for the purpose of controlling the
> service? Is it exposed to the Internet?
>
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
>
> On Mon, 15 Nov 2004 07:10:03 -0800, pberna
> <pberna@discussions.microsoft.com> wrote:
>
>>Dear Scott,
>>
>>Thanks for your indications
>>I red the article, but I'm not sure if impersonation is applicable to the
>>Forms
>>authentication mode. What do you think ? Am I wrong ?
>>
>>1) If impersonation is also active using the Forms authentication mode,
>>should the user name related to the token "userName"
>>
>><identity impersonate="true" userName="contoso\Jane" password="pass"/>
>>
>>be equal to a Windows User name ?
>>
>>2) Are there any relationship between Windows password of a Windows User
>>and
>>the password of the same User indicated in the web.config file ?
>>
>>3) If the ASPNET impersonate a user using the Forms authentication mode,it
>>means that the .NET application can access to all resource available for
>>that
>>user ?
>>
>>Thank you
>>Paolo
>>
>>"Scott Allen" wrote:
>>
>>> Hi pberna:
>>>
>>> It's generally a bad idea to run ASP.NET under an administrator
>>> account, as it makes it easier for a malicious user to have admin
>>> rights on a machine. Have you investigated impersonation?
>>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetimpersonation.asp
>>>
>>> As for the NETWORK SERVICE account, there are two types of accounts on
>>> the machine: user accounts and built in security principals. The built
>>> in security principals do not appear in the list of users. You can
>>> still add them to a group if you go to My computer -> Manage ->
>>> Groups. You can right click a group and select Properties, then click
>>> Add. You can type in the name you need, or click Advanced and Find Now
>>> to select the principal from a list - you'll notice at the top of the
>>> dialog under Object Types the dialog will search for both user objects
>>> and built in security principal objects.
>>>
>>> In any case, a best practice is to avoid elevating the privileges of
>>> any of these built in accounts. Impersonation is a safer approach.
>>>
>>> --
>>> Scott
>>> http://www.OdeToCode.com/blogs/scott/
>>>
>>> On Sat, 13 Nov 2004 19:36:21 GMT, "pberna" <xxx@iol.it> wrote:
>>>
>>> >Dear all,
>>> >
>>> >I built a Web Form application to start and stop a Windows Service
>>> >remotely.
>>> >I successful tested the application on Windows 2000 server + IIS. I
>>> >must
>>> >include the ASPNET user
>>> >to the Administration group (on server side) to have the necessary
>>> >authorization to start a Windows Service (I don't understand why "Power
>>> >User" rights are not enough to do the same thing)
>>> >
>>> >Although I'm able to start a service using windows 2000 server
>>> >platform, I'm
>>> >not able to do the same things in the Windows 2003 server edition
>>> >where the
>>> >same Web Form application has been installed (.NET framework has been
>>> >installed by default during Windows server installation process). I
>>> >know
>>> >that in Windows 2003 server the default account for a ASPNET
>>> >applications is
>>> >NETWORK SERVICE, but I don't find any user with this name in the user
>>> >list/group. If I try to create this user and error message tell me that
>>> >the
>>> >NETWORK SERVICE user is already defined. The problem is that it doesn't
>>> >appear in the user list (My computer-> Manage > user)
>>> >
>>> >Any idea ?
>>> >
>>> >Thank you
>>> >Best Regards
>>> >
>>>
>>>
>
- Next message: Steve C. Orr [MVP, MCSD]: "Re: ASP.NET & Access Database!"
- Previous message: Scott Simons: "RE: posting to SQL"
- In reply to: Scott Allen: "Re: Remote control of windows service with windows 2003 server"
- Next in thread: Scott Allen: "Re: Remote control of windows service with windows 2003 server"
- Reply: Scott Allen: "Re: Remote control of windows service with windows 2003 server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
