Re: IIS application pool identities and ASP.NET
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 05/22/04
- Next message: David Wang [Msft]: "Re: Performance problems IIS 6.0 running in IIS 5 (Isolation Mode) vs.Worker Process Isolation Mode"
- Previous message: ScottO: "Re: 7.5 Gig File Won't Download"
- In reply to: Peter Johansen: "IIS application pool identities and ASP.NET"
- Next in thread: Peter Johansen: "Re: IIS application pool identities and ASP.NET"
- Reply: Peter Johansen: "Re: IIS application pool identities and ASP.NET"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 21 May 2004 17:06:15 -0700
This is not really a question for IIS. I suggest you ask an ASP.Net forum.
IIS has handed control to ASP.Net when your ASP.Net code executes, giving it
a process identity of Network Service and thread identity of IUSR -- and if
ASP.Net chose to call RevertToSelf prior to executing any code, that is an
ASP.Net behavior.
In other words, I suspect you have anonymous access enabled in IIS and that
you had ASP.Net's "identity" section configured to "impersonate". This
would lead you to first see IUSR_machinename inside your ASP.Net code, and
when you subsequently changed the thread token to Administrator, that also
worked. However, you're saying that when you then CoCreateInstance on the
DLL from managed code, it does so using process identity. Something has
called RevertToSelf, and it wasn't IIS...
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Peter Johansen" <peterJohan13384SPAMSUCKS@hotmail.com> wrote in message news:Pmtrc.101655$0qd.58978@twister01.bloor.is.net.cable.rogers.com... Hi, I posted this question in ASP.NET newsgroup but later thought it may be more relevant to this group. If anyone can shed some light on this for me I'd appreciate it. ---------------------------------------------------------------------------- I'm trying to figure out a simple problem but I'm stumped. I have an application that needs to access a .dll that (for security reasons) only grants permissions to the Administrators group. Since the application pool's identity is the default "Network Service", I was thinking I'll just impersonate the "Administrator" account in my ASP.NET code. Now, when I check the value of "WindowsIdentity.GetCurrent().Name" BEFORE the identity switch it reports the identity as that of the anonymous "MACHINE\IUSR_machine" account. When I check the same value right AFTER the switch it reports "MACHINE\Administrator". So the identity switch seems to be successful. However, when I try to access the .dll right after that, I get the "Can't create ActiveX object" error. That's because when I check access to the .dll with FileMon it reports that it's still trying to access the .dll as the "Network Service" user! What am I missing? Why is it using the identoty of the application pool, and NOT the impersonated identity for access to the .dll? Thanks for any help! ----------------------------------------------------------------------------
- Next message: David Wang [Msft]: "Re: Performance problems IIS 6.0 running in IIS 5 (Isolation Mode) vs.Worker Process Isolation Mode"
- Previous message: ScottO: "Re: 7.5 Gig File Won't Download"
- In reply to: Peter Johansen: "IIS application pool identities and ASP.NET"
- Next in thread: Peter Johansen: "Re: IIS application pool identities and ASP.NET"
- Reply: Peter Johansen: "Re: IIS application pool identities and ASP.NET"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
