Re: Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET
From: Willy Denoyette [MVP] (willy.denoyette_at_pandora.be)
Date: 05/06/04
- Next message: John Puopolo: ".NET Rules Engine"
- Previous message: Hans Kesting: "Re: out parameters"
- In reply to: Ben Dewey: "Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET"
- Next in thread: Ben Dewey: "Re: Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET"
- Reply: Ben Dewey: "Re: Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 6 May 2004 17:35:14 +0200
Ben,
Your code run's as "ASPNET" and uses ASPNET's access token when connecting
to WMI, however, ASPNET has no privileges to change the filesystem object
ACL's.
So you need to run this code with elevated privileges, here you have a
number of options:
- or, impersonate a power user (using your web config file, or in code),
- or, run this from a server type COM+ application, using a power user's
identity.
I would also suggest to use the System.DirectoryServices namespace (and add
a reference to Activeds.tlb) instead of WMI to manage FS ACL's, that way
you don't have to add System.Management stuff to your code, and you don't
have to care about WMI security settings.
Willy.
"Ben Dewey" <bdewey01@hotmail.com> wrote in message
news:a708280.0405060543.2a7ef1@posting.google.com...
> Project:
> ----------------------------
>
> I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
> utilizing ActiveDirectory and windows security to manage the
> permissions. Why reinvent the wheel, right? Everything so far is
> working well with the Active Directory. The problem I am having is
> with adding File Permissions to a directory. I am currently using
> some code courtesy of "Willy Denoyette [MVP]"
>
> Problem:
> ----------------------------
>
> When I try to add user permissions to a specific folder using the same
> code in a sample console app it works correctly. When I execute the
> code from ASP.NET I get a return code of 1307, everytime.
>
> Which means - 1307 This security ID may not be assigned as the owner
> of this object.
> (http://www.hiteksoftware.com/mize/Knowledge/articles/049.htm).
>
> Can anyone tell me why this is happening? Willy?
>
> Environment:
> ----------------------------
>
> I am developing with Framework 1.1 and Windows XP. The users are
> coming from AD on a Windows 2003 Server.
>
> I have given ASPNET object full access to the folder C:\test. I have
> also give ASPNET object full access to Root/CIMV2 in
> CompMgmt.msc/Services and Apps/WMI Control
>
> Code:
> ----------------------------
> The DsSettings Object is just a simple class tht contains the Login
> and Path information for LDAP.
>
>
> public bool GrantPermission(string username, string domain, DsSettings
> settings)
> {
> try
> {
>
> byte[] bSid = (byte[])DsWrapper.GetUser(username,
> settings).DsEntry.Properties["objectSID"].Value;
> ManagementObject LogicalFileSecuritySetting = new
> ManagementObject( new ManagementPath(
> @"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path='c:\\test'") );
> ManagementBaseObject outParams;
> outParams =
> LogicalFileSecuritySetting.InvokeMethod("GetSecurityDescriptor",
> null, null);
>
> ManagementBaseObject Descriptor =
> ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
> ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
> Descriptor.Properties["DACL"].Value ) );
>
> ManagementObject newTrusteeUser = ( new ManagementClass(
> @"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
> newTrusteeUser["Domain"] = domain;
> newTrusteeUser["Name"] = username;
> newTrusteeUser["SID"] = bSid;
>
> ManagementObject newACEUser = ( new ManagementClass(
> @"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
> newACEUser["Trustee"] = newTrusteeUser;
> newACEUser["AceFlags"] = 3;
> newACEUser["AceType"] = 0;
> newACEUser["AccessMask"] = 2032127;// Full Access Mask
> ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
> {newACEUser};
> Descriptor.Properties["DACL"].Value = DACLObjectNew;
> ManagementBaseObject inParams = null;
> inParams =
> LogicalFileSecuritySetting.GetMethodParameters("SetSecurityDescriptor");
> inParams["Descriptor"] = Descriptor;
> outParams =
> LogicalFileSecuritySetting.InvokeMethod("SetSecurityDescriptor",
> inParams, null);
>
> // This line is where I get a result back of 1307 in ASP.NET
> uint result= (uint)(outParams.Properties["ReturnValue"].Value);
>
> LogicalFileSecuritySetting.Dispose();
> return true;
> }
> catch(Exception exp)
> {
> throw exp;
> }
> }
>
>
> Logs:
> ----------------------------
> C:\WINDOWS\system32\WBEM\Logs\Framework.log
> ----------------------------
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:06.093 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:06.203 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:06.203 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:07.968 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:07.984 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:07.984 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:08.000 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:08.093 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:08.093 thread:1916
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:08.203 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:08.203 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:08.218 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:08.218 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
> Shell Name Explorer.exe in Registry not found in process
> list. 05/06/2004 09:39:08.312 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
> Unable to locate Shell Process, Impersonation failed. 05/06/2004
> 09:39:08.312 thread:2540
> [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
- Next message: John Puopolo: ".NET Rules Engine"
- Previous message: Hans Kesting: "Re: out parameters"
- In reply to: Ben Dewey: "Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET"
- Next in thread: Ben Dewey: "Re: Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET"
- Reply: Ben Dewey: "Re: Error 1307: Adding File Permissions to NTFS using System.Management Object in ASP.NET"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
