Re: Help in WMI in ASP.net application
From: Gerry Hickman (gerry666uk_at_yahoo.co.uk)
Date: 02/17/05
- Next message: Philippe L. Balmanno: "Re: Application/popup focus"
- Previous message: John _at_ X: "Help in WMI in ASP.net application"
- In reply to: John _at_ X: "Help in WMI in ASP.net application"
- Next in thread: Samster: "Re: Help in WMI in ASP.net application"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 17 Feb 2005 20:42:52 +0000
Hi,
WMI is supposed to be Microsoft's implementation of WBEM, but in reality
the only way to achieve this is by hacking and damaging security. The
official Microsoft solution is to "Enable delegation on the IIS". Of
course not many SysAdmins in a real enterprise will allow this.
The problem stems from not being able to use NTLM over more than one
network hop; the password has been "hashed" after the first hop, so you
can't pass it to a second server.
Options include:
1. Using plain text passwords in your ASP (security risk)
2. Using plain text passwords in a COMponent (security risk)
3. Use Basic authentication on a web form (annoying, and also a security
risk)
4. Enable Delegation on the IIS (security risk)
5. Hack your computers
6. Hack your security
7. Use Basic auth with a web form over an SSL link (annoying but maybe
security is ok?)
8. Run IIS and ASP.NET with a different account (security risk)
I don't understnad why you "created a DLL" and "made a VB form", this
sounds like a very convoluted way of starting and stopping a few services.
John @ X wrote:
> Hi there,
> We have been having trouble with the WMI in ASP.Net 2.0 application. let me
> explain what we try to accomplish and please advice if this is the feasible
> and correct solution if not help us to do it the right way.
>
> There are many Services (such as Tomcat/watchdog events NT service/JVMI
> services) which run on a remote servers(windows 2003/2000 server) and we
> would like to stop the service from a ASP.Net application (web application).
> We have created a DLL which can invoke the WMI APIs to stop/start the
> services. The parameters that we pass or the server name (the host name),
> user name who has administrative previleges on thsoe servers and the password
> for that user. We are using the SystemName\cvim2 as the namespace.
> Everything is working well when we try to invoke the DLL in development
> environment (we are able to stop/start any servers remotely in Win XP
> machine. But when we move to the production server the issue is that the
> services are not able to be stopped or started. But we are able to query the
> services. (we are able to find the services status thro the DLL).
> We made a test application in VB form and tested in the production server as
> well as from a remote machine it is giving the correct result. The only issue
> which I am thinking of is IMPERSONATION of the user. When I log in from a
> development server I am running as an administrator for the Web application
> and it is able to commuicate to the remote server with the credentials I am
> passing. But when I login to the PRODUCTION server after deploying the
> ASP.net application I am using ASP.net user account which is not an
> administrator. Is this the cause for this mishap. Please advice and help me
> to fix this problem. It is been three days I am struggling to get this out
> but in vain I am unable to figure out where things are going. i even tried
> uninstalling the whole stuff like ASP .net, .net framework, web server but
> none helps.
> Any help would be greatly appreciated.
> Thanks
> John
-- Gerry Hickman (London UK)
- Next message: Philippe L. Balmanno: "Re: Application/popup focus"
- Previous message: John _at_ X: "Help in WMI in ASP.net application"
- In reply to: John _at_ X: "Help in WMI in ASP.net application"
- Next in thread: Samster: "Re: Help in WMI in ASP.net application"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
