Re: Permission Errors
- From: Russ <russk2@xxxxxxxxxxx>
- Date: Wed, 19 Oct 2005 13:21:58 -0400
On Wed, 19 Oct 2005 03:20:46 GMT, stcheng@xxxxxxxxxxxxxxxxxxxx (Steven
Cheng[MSFT]) wrote:
>Hi Russ,
>
>Thanks for your response.
>As you mentioned that you've use the following configuration in web.config
> <identity impersonate="true" userName="xps.PrsNj.local\Russ"
>password="xxx" />
>
>that means the webservice will running under the impersonate idenitity.
>Also, the "xps.PrsNj.local\Russ" is a local account on the XP machine, yes?
Yes.
> If so, it is not remotable to other remote machines. Are the xp client
>machine and win2k box in a domain
>environment? If so , you can try configured the webservice to running under
>a domain account so that it can be validated on the win2k server machine.
But why should I have to do this? I did not have to do it when the
dev machine was running W2K. It seems to me that when one builds a
web service on his local machine and then tries to debug it, the
permissions of the logged in developer should apply - especially when
impersonating that user.
However I have discovered that I can deploy the web service to the W2K
domain server and there it runs with no problems, except that I had to
change the impersonated user to a domain user. I did not have to do
this when the dev station was W2K. In other words, the web service,
running on the W2K server, would impersonate a local user on the W2K
dev station, and it would still work. Not so with the dev station
being XP.
Changing the impersonated user to a user on the domain does work when
the service is running on the domain server, so that was good enough
for me to decide that the new XP dev machine is up and usable. Next I
built the client for the web service, and that works too (as long as
the service runs on the domain server). My main problem now is that I
have to use remote debugging if I need to debug something - so I still
need to find the solution.
So now that I have proved that the XP dev station is usable, I went
ahead and executed the next step in upgrading my development platform.
I retired the W2K server and built a new W2003 domain server. I have
not yet got that server up to the point where I can run the web
service on it. A lot of other work, to make sure it could support our
legacy applications, was needed first. So I am not sure exactly how
the new server will affect all this - if at all.
I will get back to you on this in a day or three when I get everything
running again. In the meanwhile it would be good if you have any
other suggestions regarding being able to debug the web service on my
dev machine.
Thanks for your continued attention to this matter,
Regards, Russ
>
>In addition, is there SQLserver on the win2k box? If so, you can try let
>the webservice make connection to sqlserver so that you can watch which
>cilent account is logon at the server (through the SQLserver profiler). If
>no sqlserver available, you can try turning on the NTFS security audit on
>that shared folder at the 2k server machine. Thus , we can watch audit log
>to check the client account also.
>
>Thanks,
>
>Steven Cheng
>Microsoft Online Support
>
>Get Secure! www.microsoft.com/security
>(This posting is provided "AS IS", with no warranties, and confers no
>rights.)
>
>
>
>--------------------
>| NNTP-Posting-Date: Mon, 17 Oct 2005 08:42:39 -0500
>| From: Russ <russk2@xxxxxxxxxxx>
>| Newsgroups: microsoft.public.dotnet.general
>| Subject: Re: Permission Errors
>| Date: Mon, 17 Oct 2005 09:42:38 -0400
>| Message-ID: <d497l1h1nsn1tkovvt6pa7ajmclddjo8ua@xxxxxxx>
>| References: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
><yIIXqls0FHA.1172@xxxxxxxxxxxxxxxxxxxxx>
>| X-Newsreader: Forte Agent 3.0/32.763
>| MIME-Version: 1.0
>| Content-Type: text/plain; charset=us-ascii
>| Content-Transfer-Encoding: 7bit
>| Lines: 126
>| NNTP-Posting-Host: 68.37.155.53
>| X-Trace:
>sv3-gDWyCGpEupEX0j1fSbjlcEQCmafJ9o78ImvcZFRYgzuTJrUVBXNwSDFvEjXU0WYIV5S0Sj4x
>XAEYD4F!+gD1O9UCRQPn/fWaZqe5gZu0a+kJQob50YgYeH4Vz0b8yN5CDADz5iCAiAyr6i+J26IP
>8Kdp9Ub8!SFDYpnTo
>| X-Complaints-To: abuse@xxxxxxxxxxx
>| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
>| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
>| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
>complaint properly
>| X-Postfilter: 1.3.32
>| Path:
>TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!ne
>wsfeed1.ip.tiscali.net!proxad.net!216.239.36.134.MISMATCH!postnews.google.co
>m!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01.n
>ntp.dca.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
>| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52146
>| X-Tomcat-NG: microsoft.public.dotnet.general
>|
>| On Mon, 17 Oct 2005 03:18:00 GMT, stcheng@xxxxxxxxxxxxxxxxxxxx (Steven
>| Cheng[MSFT]) wrote:
>|
>| >Hi Russ,
>| >
>| >Welcome to MSDN newsgroup.
>| >From your description, you have a c++ built Webservcie which will access
>a
>| >remote file on a local domain server. This works well when deploying on
>a
>| >win2k server , however after move it to a winxp box, you found the
>| >webservice failed with permission error when perform the file accessing
>| >operation, yes?
>|
>| Not exactly. The web service is being built on the dev station running
>| under XP. It accesses a file on the W2K server. When I run or debug
>| it on the XP station, is when it fails. When I build and test the
>| same source code on a W2K Pro workstation there is no failure.
>|
>| Also, if I deploy the web service on the W2K server, it works ok. So
>| the problem is just with the XP workstation.
>|
>| >
>| >AS for the VC++ webservice is it hosed in IIS and how did you creating
>it
>| >and deploying it?
>|
>| I presume you mean hosted, not hosed? I would agree with either
>| statement, ha ha.
>|
>| It is created with Visual Studio using managed C++. It makes calls to
>| an unmanaged library and it is this library that makes the call to
>| open the server file. I have tried a variety of methods to deploy it.
>| VC++ deploys it automatically on the local machine, but I have also
>| built a deployment project and used that to deploy on the local
>| machine. Additionally I have tried manually creating a virtual
>| directory via IIS.
>|
>| > Generally the permission problem is likely caused by the
>| >webservice's process idenitity. For most service applications they're
>| >running under a non-interactive account(local account ) which won't be
>| >remotable. So when accessing resources on remote machine, such local
>| >service accont will be recoginzed as NULL session. For "windows
>explorer"
>| >or other standard windows applications, they're running under the
>| >interative logon user's account and when the interactive user is a
>domain
>| >user, it'll surely be valid to remote machine.
>|
>| In the web.config file, I have:
>|
>| <identity impersonate="true" userName="xps.PrsNj.local\Russ"
>| password="xxx" />
>|
>| Does not this allow the web service to take on the permissions of the
>| user account on the XP machine? (XPS is the machine name.)
>|
>| >
>| >So please have a check on this and feel free to post here if you have
>any
>| >further finding or questions.
>|
>| I'm sure this is the crux of the problem, but how do I go about
>| checking it out and curing it? And why does it fail under XP but not
>| under W2K Pro? I did discover that for XP, in my impersonate
>| statement I had to use the full domain name of the XPS machine,
>| xps.PrsNj.local, whereas in W2K all I needed was xps.russ.
>|
>| Thanks you. Russ
>|
>| >
>| >Steven Cheng
>| >Microsoft Online Support
>| >
>| >Get Secure! www.microsoft.com/security
>| >(This posting is provided "AS IS", with no warranties, and confers no
>| >rights.)
>| >
>| >
>| >
>| >
>| >--------------------
>| >| NNTP-Posting-Date: Sun, 16 Oct 2005 15:23:11 -0500
>| >| From: Russ <russk2@xxxxxxxxxxx>
>| >| Newsgroups: microsoft.public.dotnet.general
>| >| Subject: Permission Errors
>| >| Date: Sun, 16 Oct 2005 16:23:08 -0400
>| >| Message-ID: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
>| >| X-Newsreader: Forte Agent 3.0/32.763
>| >| MIME-Version: 1.0
>| >| Content-Type: text/plain; charset=us-ascii
>| >| Content-Transfer-Encoding: 7bit
>| >| Lines: 19
>| >| NNTP-Posting-Host: 68.37.155.53
>| >| X-Trace:
>|
>>sv3-WvRc+U+MgszlORlfxxo/gw1CB4QeCMbRWge6uJZfqu1poXRF9nyjO4sbT2RrSqItP0zWFP0
>F
>|
>>ICfXpfc!IGA9Jyv54ErQe3Cjgk8eO4N7M2LAayvzLbN87cmpOB8GJxt0WNYj77Zlz6C4uKfEoYW
>8
>| >EeDeRHbG!47Nts75I
>| >| X-Complaints-To: abuse@xxxxxxxxxxx
>| >| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
>| >| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
>| >| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
>| >complaint properly
>| >| X-Postfilter: 1.3.32
>| >| Path:
>|
>>TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!n
>e
>|
>>wsfeed1.ip.tiscali.net!news.glorb.com!postnews.google.com!news4.google.com!
>b
>|
>>order1.nntp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.co
>m
>| >!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
>| >| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52108
>| >| X-Tomcat-NG: microsoft.public.dotnet.general
>| >|
>| >|
>| >| Hello. My new dev machine is running XP Pro. In the past all
>| >| equipment has only used Windows 2000. I have had a lot of problems
>| >| getting my projects up and running on the new machine. The current
>| >| one is a permission error.
>| >|
>| >| The project is a VC++ Web Service. It works fine when the service is
>| >| hosted on the old W2K dev machine, but on the new XP machine I get a
>| >| permission error when the service tries to open a text file on the
>| >| Windows 2000 domain server. It is a standard fopen call across the
>| >| LAN. I have no problem opening the file from Windows Explorer, or
>| >| from a standard windows program on the XP machine, but with the Web
>| >| Service, when running on the XP machine, the fopen call returns NULL
>| >| and GetNextError returns 5 - permission error.
>| >|
>| >| I cannot find any reason - any help?
>| >|
>| >| Thanks, Russ
>| >|
>| >|
>|
.
- Follow-Ups:
- Re: Permission Errors
- From: Steven Cheng[MSFT]
- Re: Permission Errors
- References:
- Permission Errors
- From: Russ
- RE: Permission Errors
- From: Steven Cheng[MSFT]
- Re: Permission Errors
- From: Steven Cheng[MSFT]
- Permission Errors
- Prev by Date: Web Method Description
- Next by Date: Re: MS Team System and non-MS development
- Previous by thread: Re: Permission Errors
- Next by thread: Re: Permission Errors
- Index(es):
Relevant Pages
|
|
