Re: Permission Errors
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Wed, 19 Oct 2005 03:20:46 GMT
Hi Russ,
Thanks for your response.
As you mentioned that you've use the following configuration in web.config
<identity impersonate="true" userName="xps.PrsNj.local\Russ"
password="xxx" />
that means the webservice will running under the impersonate idenitity.
Also, the "xps.PrsNj.local\Russ" is a local account on the XP machine, yes?
If so, it is not remotable to other remote machines. Are the xp client
machine and win2k box in a domain
environment? If so , you can try configured the webservice to running under
a domain account so that it can be validated on the win2k server machine.
In addition, is there SQLserver on the win2k box? If so, you can try let
the webservice make connection to sqlserver so that you can watch which
cilent account is logon at the server (through the SQLserver profiler). If
no sqlserver available, you can try turning on the NTFS security audit on
that shared folder at the 2k server machine. Thus , we can watch audit log
to check the client account also.
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| NNTP-Posting-Date: Mon, 17 Oct 2005 08:42:39 -0500
| From: Russ <russk2@xxxxxxxxxxx>
| Newsgroups: microsoft.public.dotnet.general
| Subject: Re: Permission Errors
| Date: Mon, 17 Oct 2005 09:42:38 -0400
| Message-ID: <d497l1h1nsn1tkovvt6pa7ajmclddjo8ua@xxxxxxx>
| References: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
<yIIXqls0FHA.1172@xxxxxxxxxxxxxxxxxxxxx>
| X-Newsreader: Forte Agent 3.0/32.763
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Lines: 126
| NNTP-Posting-Host: 68.37.155.53
| X-Trace:
sv3-gDWyCGpEupEX0j1fSbjlcEQCmafJ9o78ImvcZFRYgzuTJrUVBXNwSDFvEjXU0WYIV5S0Sj4x
XAEYD4F!+gD1O9UCRQPn/fWaZqe5gZu0a+kJQob50YgYeH4Vz0b8yN5CDADz5iCAiAyr6i+J26IP
8Kdp9Ub8!SFDYpnTo
| X-Complaints-To: abuse@xxxxxxxxxxx
| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!ne
wsfeed1.ip.tiscali.net!proxad.net!216.239.36.134.MISMATCH!postnews.google.co
m!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01.n
ntp.dca.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52146
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| On Mon, 17 Oct 2005 03:18:00 GMT, stcheng@xxxxxxxxxxxxxxxxxxxx (Steven
| Cheng[MSFT]) wrote:
|
| >Hi Russ,
| >
| >Welcome to MSDN newsgroup.
| >From your description, you have a c++ built Webservcie which will access
a
| >remote file on a local domain server. This works well when deploying on
a
| >win2k server , however after move it to a winxp box, you found the
| >webservice failed with permission error when perform the file accessing
| >operation, yes?
|
| Not exactly. The web service is being built on the dev station running
| under XP. It accesses a file on the W2K server. When I run or debug
| it on the XP station, is when it fails. When I build and test the
| same source code on a W2K Pro workstation there is no failure.
|
| Also, if I deploy the web service on the W2K server, it works ok. So
| the problem is just with the XP workstation.
|
| >
| >AS for the VC++ webservice is it hosed in IIS and how did you creating
it
| >and deploying it?
|
| I presume you mean hosted, not hosed? I would agree with either
| statement, ha ha.
|
| It is created with Visual Studio using managed C++. It makes calls to
| an unmanaged library and it is this library that makes the call to
| open the server file. I have tried a variety of methods to deploy it.
| VC++ deploys it automatically on the local machine, but I have also
| built a deployment project and used that to deploy on the local
| machine. Additionally I have tried manually creating a virtual
| directory via IIS.
|
| > Generally the permission problem is likely caused by the
| >webservice's process idenitity. For most service applications they're
| >running under a non-interactive account(local account ) which won't be
| >remotable. So when accessing resources on remote machine, such local
| >service accont will be recoginzed as NULL session. For "windows
explorer"
| >or other standard windows applications, they're running under the
| >interative logon user's account and when the interactive user is a
domain
| >user, it'll surely be valid to remote machine.
|
| In the web.config file, I have:
|
| <identity impersonate="true" userName="xps.PrsNj.local\Russ"
| password="xxx" />
|
| Does not this allow the web service to take on the permissions of the
| user account on the XP machine? (XPS is the machine name.)
|
| >
| >So please have a check on this and feel free to post here if you have
any
| >further finding or questions.
|
| I'm sure this is the crux of the problem, but how do I go about
| checking it out and curing it? And why does it fail under XP but not
| under W2K Pro? I did discover that for XP, in my impersonate
| statement I had to use the full domain name of the XPS machine,
| xps.PrsNj.local, whereas in W2K all I needed was xps.russ.
|
| Thanks you. Russ
|
| >
| >Steven Cheng
| >Microsoft Online Support
| >
| >Get Secure! www.microsoft.com/security
| >(This posting is provided "AS IS", with no warranties, and confers no
| >rights.)
| >
| >
| >
| >
| >--------------------
| >| NNTP-Posting-Date: Sun, 16 Oct 2005 15:23:11 -0500
| >| From: Russ <russk2@xxxxxxxxxxx>
| >| Newsgroups: microsoft.public.dotnet.general
| >| Subject: Permission Errors
| >| Date: Sun, 16 Oct 2005 16:23:08 -0400
| >| Message-ID: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
| >| X-Newsreader: Forte Agent 3.0/32.763
| >| MIME-Version: 1.0
| >| Content-Type: text/plain; charset=us-ascii
| >| Content-Transfer-Encoding: 7bit
| >| Lines: 19
| >| NNTP-Posting-Host: 68.37.155.53
| >| X-Trace:
|
>sv3-WvRc+U+MgszlORlfxxo/gw1CB4QeCMbRWge6uJZfqu1poXRF9nyjO4sbT2RrSqItP0zWFP0
F
|
>ICfXpfc!IGA9Jyv54ErQe3Cjgk8eO4N7M2LAayvzLbN87cmpOB8GJxt0WNYj77Zlz6C4uKfEoYW
8
| >EeDeRHbG!47Nts75I
| >| X-Complaints-To: abuse@xxxxxxxxxxx
| >| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
| >| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| >| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
| >complaint properly
| >| X-Postfilter: 1.3.32
| >| Path:
|
>TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!n
e
|
>wsfeed1.ip.tiscali.net!news.glorb.com!postnews.google.com!news4.google.com!
b
|
>order1.nntp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.co
m
| >!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
| >| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52108
| >| X-Tomcat-NG: microsoft.public.dotnet.general
| >|
| >|
| >| Hello. My new dev machine is running XP Pro. In the past all
| >| equipment has only used Windows 2000. I have had a lot of problems
| >| getting my projects up and running on the new machine. The current
| >| one is a permission error.
| >|
| >| The project is a VC++ Web Service. It works fine when the service is
| >| hosted on the old W2K dev machine, but on the new XP machine I get a
| >| permission error when the service tries to open a text file on the
| >| Windows 2000 domain server. It is a standard fopen call across the
| >| LAN. I have no problem opening the file from Windows Explorer, or
| >| from a standard windows program on the XP machine, but with the Web
| >| Service, when running on the XP machine, the fopen call returns NULL
| >| and GetNextError returns 5 - permission error.
| >|
| >| I cannot find any reason - any help?
| >|
| >| Thanks, Russ
| >|
| >|
|
.
- Follow-Ups:
- Re: Permission Errors
- From: Russ
- Re: Permission Errors
- From: Russ
- Re: Permission Errors
- References:
- Permission Errors
- From: Russ
- RE: Permission Errors
- From: Steven Cheng[MSFT]
- Permission Errors
- Prev by Date: Customize Exception Handling Application Block
- Next by Date: Window Service on Shutdown
- Previous by thread: RE: Permission Errors
- Next by thread: Re: Permission Errors
- Index(es):
Relevant Pages
|
