Re: Exception Management App Block - System.ComponentModel.Win32Ex

This doesn't really explain why it works if IUSR_MACHINE is a member of the
Domain Admins group. There must be an ACL somewhere. What about the
HKLM\System\CurrentControlSet\Services\EventLog\Application\CustomSD value?



"Steven Cheng[MSFT]" <v-schang@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:dd5mUUnPFHA.1564@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Steven,
>
> Thanks for the followup.
> After some further tests, I think the problem is something limited on the
> WIN2K3 server. In fact, not only the default IUSR_MACHINE, any account(
> even a custom created local account) which has sufficient permission on
> the
> eventlog will failt to write entry when configured as IIS virutual dir's
> anomymous account and implicitly impersonated in the ASP.NET.( <identity
> impersonate="true" />)
>
> So currently on W2K3 box, I think we have the following approachs:
> 1. Disable anonymous access for the IIS virutal dir and let the asp.net
> running under the default process identity( or if impersonate, impersonate
> the client user rather than the IIS's anonymous user).
>
> 2. If we still need to impersonate a certain account, we should use the
> following configuration to specify the fixed account
> <identity impersonate="true" userName="..." password="..." />
>
> Anyway, since IIS anonymous acccount are too restricted, generally we'd
> better avoid impersonate this account directly. (using the default process
> idenity of asp.net is the perfered means).
>
> Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
>
>
>


.

Relevant Pages

  • Re: Sql Reporting Serviced - > ASP.NET ACCESS DENIED!
    ... The account you are logging in to when on the server doesn't have the ... do you have <Impersonate> set to True? ... > Exception Details: System.UnauthorizedAccessException: Access to the path ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to use WindowsPrincipal properly??
    ... > If you want to check if the user is in the local computers security group ... > used by the general public you have to use Basic Authentication of course. ... You can logon a set account ... > WindowsIndentity which is then used to Impersonate. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Exception Management App Block - System.ComponentModel.Win32Ex
    ... CustomSD value to give all authenticated users write access: ... In fact, not only the default IUSR_MACHINE, any account( ... Disable anonymous access for the IIS virutal dir and let the asp.net ... >> running under the default process identity(or if impersonate, ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Impersonate
    ... saving a Excel document in ASP.NET webapplication, ... Regarding on the problem you mentioned, I think the account is the first ... You should either impersonate through the web.config setting or use code. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Domain could not be contacted problem
    ... > can either make the process run under a domain account, ... > To impersonate a domain account, you generally do this by enabling ... > impersonating the authenticated user in IIS. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
Loading