Re: Permission Errors
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Thu, 20 Oct 2005 09:49:12 GMT
Thanks for your followup Russ,
For local account, it can be authenticated on a remote server as long as
there is a duplicated mapping account which has the same username and
password on the target remote server. So not sure whether the wi2k client
and server share such a account which is used as the asp.net's process
identity at that time.
For remote debugging, it'll be a bit hard to configure, here is the related
msdn reference:
#Debugging Web Applications on a Remote Server
http://msdn.microsoft.com/library/en-us/vsdebug/html/vxtskdebuggingwebapplic
ationonremoteserver.asp?frame=true
Hope helps. Thanks,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| NNTP-Posting-Date: Wed, 19 Oct 2005 12:21:48 -0500
| From: Russ <russk2@xxxxxxxxxxx>
| Newsgroups: microsoft.public.dotnet.general
| Subject: Re: Permission Errors
| Date: Wed, 19 Oct 2005 13:21:58 -0400
| Message-ID: <5rucl19shv3gethdvaaf8c7k8can0sn0en@xxxxxxx>
| References: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
<yIIXqls0FHA.1172@xxxxxxxxxxxxxxxxxxxxx>
<d497l1h1nsn1tkovvt6pa7ajmclddjo8ua@xxxxxxx>
<4unziwF1FHA.1172@xxxxxxxxxxxxxxxxxxxxx>
| X-Newsreader: Forte Agent 3.0/32.763
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Lines: 254
| NNTP-Posting-Host: 68.37.155.53
| X-Trace:
sv3-jtKs6ibccbcdVOqD7r0U0Nv1pR88uVIsTjSQRO/b4YNtC+c0kWEJkVyings++mPIi4yGliHb
bBqRXX7!3nlKJ7Vz4T7VqZZCzfW4LsLP6KIhDx660IlMuENAqhUErGdA+hZDcmQvXH9Uhq4easwG
t3FRAAbL!PoRmgA+B
| X-Complaints-To: abuse@xxxxxxxxxxx
| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01
nntp.dca.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52368
| X-Tomcat-NG: microsoft.public.dotnet.general
|
| On Wed, 19 Oct 2005 03:20:46 GMT, stcheng@xxxxxxxxxxxxxxxxxxxx (Steven
| Cheng[MSFT]) wrote:
|
| >Hi Russ,
| >
| >Thanks for your response.
| >As you mentioned that you've use the following configuration in
web.config
| > <identity impersonate="true" userName="xps.PrsNj.local\Russ"
| >password="xxx" />
| >
| >that means the webservice will running under the impersonate idenitity.
| >Also, the "xps.PrsNj.local\Russ" is a local account on the XP machine,
yes?
|
| Yes.
|
| > If so, it is not remotable to other remote machines. Are the xp client
| >machine and win2k box in a domain
| >environment? If so , you can try configured the webservice to running
under
| >a domain account so that it can be validated on the win2k server
machine.
|
| But why should I have to do this? I did not have to do it when the
| dev machine was running W2K. It seems to me that when one builds a
| web service on his local machine and then tries to debug it, the
| permissions of the logged in developer should apply - especially when
| impersonating that user.
|
| However I have discovered that I can deploy the web service to the W2K
| domain server and there it runs with no problems, except that I had to
| change the impersonated user to a domain user. I did not have to do
| this when the dev station was W2K. In other words, the web service,
| running on the W2K server, would impersonate a local user on the W2K
| dev station, and it would still work. Not so with the dev station
| being XP.
|
| Changing the impersonated user to a user on the domain does work when
| the service is running on the domain server, so that was good enough
| for me to decide that the new XP dev machine is up and usable. Next I
| built the client for the web service, and that works too (as long as
| the service runs on the domain server). My main problem now is that I
| have to use remote debugging if I need to debug something - so I still
| need to find the solution.
|
| So now that I have proved that the XP dev station is usable, I went
| ahead and executed the next step in upgrading my development platform.
| I retired the W2K server and built a new W2003 domain server. I have
| not yet got that server up to the point where I can run the web
| service on it. A lot of other work, to make sure it could support our
| legacy applications, was needed first. So I am not sure exactly how
| the new server will affect all this - if at all.
|
| I will get back to you on this in a day or three when I get everything
| running again. In the meanwhile it would be good if you have any
| other suggestions regarding being able to debug the web service on my
| dev machine.
|
| Thanks for your continued attention to this matter,
|
| Regards, Russ
|
| >
| >In addition, is there SQLserver on the win2k box? If so, you can try let
| >the webservice make connection to sqlserver so that you can watch which
| >cilent account is logon at the server (through the SQLserver profiler).
If
| >no sqlserver available, you can try turning on the NTFS security audit
on
| >that shared folder at the 2k server machine. Thus , we can watch audit
log
| >to check the client account also.
| >
| >Thanks,
| >
| >Steven Cheng
| >Microsoft Online Support
| >
| >Get Secure! www.microsoft.com/security
| >(This posting is provided "AS IS", with no warranties, and confers no
| >rights.)
| >
| >
| >
| >--------------------
| >| NNTP-Posting-Date: Mon, 17 Oct 2005 08:42:39 -0500
| >| From: Russ <russk2@xxxxxxxxxxx>
| >| Newsgroups: microsoft.public.dotnet.general
| >| Subject: Re: Permission Errors
| >| Date: Mon, 17 Oct 2005 09:42:38 -0400
| >| Message-ID: <d497l1h1nsn1tkovvt6pa7ajmclddjo8ua@xxxxxxx>
| >| References: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
| ><yIIXqls0FHA.1172@xxxxxxxxxxxxxxxxxxxxx>
| >| X-Newsreader: Forte Agent 3.0/32.763
| >| MIME-Version: 1.0
| >| Content-Type: text/plain; charset=us-ascii
| >| Content-Transfer-Encoding: 7bit
| >| Lines: 126
| >| NNTP-Posting-Host: 68.37.155.53
| >| X-Trace:
|
>sv3-gDWyCGpEupEX0j1fSbjlcEQCmafJ9o78ImvcZFRYgzuTJrUVBXNwSDFvEjXU0WYIV5S0Sj4
x
|
>XAEYD4F!+gD1O9UCRQPn/fWaZqe5gZu0a+kJQob50YgYeH4Vz0b8yN5CDADz5iCAiAyr6i+J26I
P
| >8Kdp9Ub8!SFDYpnTo
| >| X-Complaints-To: abuse@xxxxxxxxxxx
| >| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
| >| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| >| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
| >complaint properly
| >| X-Postfilter: 1.3.32
| >| Path:
|
>TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!n
e
|
>wsfeed1.ip.tiscali.net!proxad.net!216.239.36.134.MISMATCH!postnews.google.c
o
|
>m!news4.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01.
n
|
>ntp.dca.giganews.com!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
| >| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52146
| >| X-Tomcat-NG: microsoft.public.dotnet.general
| >|
| >| On Mon, 17 Oct 2005 03:18:00 GMT, stcheng@xxxxxxxxxxxxxxxxxxxx (Steven
| >| Cheng[MSFT]) wrote:
| >|
| >| >Hi Russ,
| >| >
| >| >Welcome to MSDN newsgroup.
| >| >From your description, you have a c++ built Webservcie which will
access
| >a
| >| >remote file on a local domain server. This works well when deploying
on
| >a
| >| >win2k server , however after move it to a winxp box, you found the
| >| >webservice failed with permission error when perform the file
accessing
| >| >operation, yes?
| >|
| >| Not exactly. The web service is being built on the dev station running
| >| under XP. It accesses a file on the W2K server. When I run or debug
| >| it on the XP station, is when it fails. When I build and test the
| >| same source code on a W2K Pro workstation there is no failure.
| >|
| >| Also, if I deploy the web service on the W2K server, it works ok. So
| >| the problem is just with the XP workstation.
| >|
| >| >
| >| >AS for the VC++ webservice is it hosed in IIS and how did you
creating
| >it
| >| >and deploying it?
| >|
| >| I presume you mean hosted, not hosed? I would agree with either
| >| statement, ha ha.
| >|
| >| It is created with Visual Studio using managed C++. It makes calls to
| >| an unmanaged library and it is this library that makes the call to
| >| open the server file. I have tried a variety of methods to deploy it.
| >| VC++ deploys it automatically on the local machine, but I have also
| >| built a deployment project and used that to deploy on the local
| >| machine. Additionally I have tried manually creating a virtual
| >| directory via IIS.
| >|
| >| > Generally the permission problem is likely caused by the
| >| >webservice's process idenitity. For most service applications they're
| >| >running under a non-interactive account(local account ) which won't
be
| >| >remotable. So when accessing resources on remote machine, such local
| >| >service accont will be recoginzed as NULL session. For "windows
| >explorer"
| >| >or other standard windows applications, they're running under the
| >| >interative logon user's account and when the interactive user is a
| >domain
| >| >user, it'll surely be valid to remote machine.
| >|
| >| In the web.config file, I have:
| >|
| >| <identity impersonate="true" userName="xps.PrsNj.local\Russ"
| >| password="xxx" />
| >|
| >| Does not this allow the web service to take on the permissions of the
| >| user account on the XP machine? (XPS is the machine name.)
| >|
| >| >
| >| >So please have a check on this and feel free to post here if you have
| >any
| >| >further finding or questions.
| >|
| >| I'm sure this is the crux of the problem, but how do I go about
| >| checking it out and curing it? And why does it fail under XP but not
| >| under W2K Pro? I did discover that for XP, in my impersonate
| >| statement I had to use the full domain name of the XPS machine,
| >| xps.PrsNj.local, whereas in W2K all I needed was xps.russ.
| >|
| >| Thanks you. Russ
| >|
| >| >
| >| >Steven Cheng
| >| >Microsoft Online Support
| >| >
| >| >Get Secure! www.microsoft.com/security
| >| >(This posting is provided "AS IS", with no warranties, and confers no
| >| >rights.)
| >| >
| >| >
| >| >
| >| >
| >| >--------------------
| >| >| NNTP-Posting-Date: Sun, 16 Oct 2005 15:23:11 -0500
| >| >| From: Russ <russk2@xxxxxxxxxxx>
| >| >| Newsgroups: microsoft.public.dotnet.general
| >| >| Subject: Permission Errors
| >| >| Date: Sun, 16 Oct 2005 16:23:08 -0400
| >| >| Message-ID: <thd5l1lg2kgrr5107kbktq5s3p3o8nev50@xxxxxxx>
| >| >| X-Newsreader: Forte Agent 3.0/32.763
| >| >| MIME-Version: 1.0
| >| >| Content-Type: text/plain; charset=us-ascii
| >| >| Content-Transfer-Encoding: 7bit
| >| >| Lines: 19
| >| >| NNTP-Posting-Host: 68.37.155.53
| >| >| X-Trace:
| >|
|
>>sv3-WvRc+U+MgszlORlfxxo/gw1CB4QeCMbRWge6uJZfqu1poXRF9nyjO4sbT2RrSqItP0zWFP
0
| >F
| >|
|
>>ICfXpfc!IGA9Jyv54ErQe3Cjgk8eO4N7M2LAayvzLbN87cmpOB8GJxt0WNYj77Zlz6C4uKfEoY
W
| >8
| >| >EeDeRHbG!47Nts75I
| >| >| X-Complaints-To: abuse@xxxxxxxxxxx
| >| >| X-DMCA-Complaints-To: dmca@xxxxxxxxxxx
| >| >| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL
headers
| >| >| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
| >| >complaint properly
| >| >| X-Postfilter: 1.3.32
| >| >| Path:
| >|
|
>>TK2MSFTNGXA01.phx.gbl!TK2MSFTFEED02.phx.gbl!tornado.fastwebnet.it!tiscali!
n
| >e
| >|
|
>>wsfeed1.ip.tiscali.net!news.glorb.com!postnews.google.com!news4.google.com
!
| >b
| >|
|
>>order1.nntp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.c
o
| >m
| >| >!nntp.comcast.com!news.comcast.com.POSTED!not-for-mail
| >| >| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.dotnet.general:52108
| >| >| X-Tomcat-NG: microsoft.public.dotnet.general
| >| >|
| >| >|
| >| >| Hello. My new dev machine is running XP Pro. In the past all
| >| >| equipment has only used Windows 2000. I have had a lot of problems
| >| >| getting my projects up and running on the new machine. The current
| >| >| one is a permission error.
| >| >|
| >| >| The project is a VC++ Web Service. It works fine when the service
is
| >| >| hosted on the old W2K dev machine, but on the new XP machine I get a
| >| >| permission error when the service tries to open a text file on the
| >| >| Windows 2000 domain server. It is a standard fopen call across the
| >| >| LAN. I have no problem opening the file from Windows Explorer, or
| >| >| from a standard windows program on the XP machine, but with the Web
| >| >| Service, when running on the XP machine, the fopen call returns NULL
| >| >| and GetNextError returns 5 - permission error.
| >| >|
| >| >| I cannot find any reason - any help?
| >| >|
| >| >| Thanks, Russ
| >| >|
| >| >|
| >|
|
.
- References:
- Permission Errors
- From: Russ
- RE: Permission Errors
- From: Steven Cheng[MSFT]
- Re: Permission Errors
- From: Steven Cheng[MSFT]
- Re: Permission Errors
- From: Russ
- Permission Errors
- Prev by Date: Strange error when using a WebClient in debug
- Next by Date: Re: Need a regex
- Previous by thread: Re: Permission Errors
- Next by thread: Re: Permission Errors
- Index(es):
Relevant Pages
|
