Re: ASP.NET security issue

From: Leo de Ruyter (LeoDeRuyter@Hotmail.com)
Date: 10/31/02 

From: "Leo de Ruyter" <LeoDeRuyter@Hotmail.com>
Date: Thu, 31 Oct 2002 11:53:45 +0100

Ed,

Thanks, I think you put me on the right track!

Leo.

"Ed leNoir" <EDLENO@safeco.com> wrote in message
news:57f8df53.0210302123.65ff6ffb@posting.google.com...
> There's a MS article on the security needed by aspnet on a web server.
> The prior poster mentioned some of the dirs. Get the KB article (I
> don't have it in front of me right now) but a search on aspnet and
> winnt\temp should find it. It's not a long list of directories, but
> they do have to have rights. In your case it may be as you thought
> that the account the process is running under can't build the
> assemblies either into winnt\assemblies or winnt\microsoft.net, etc.
>
> If you are using impersonation then the impersonating account may also
> need access - certainly to the winnt\microsoft.net dirs I know for
> certain.
>
> Another common problem with impersonation is if your app needs to
> create one time keys in the registry. In this case the app only works
> after an admin uses it because then their security is allowed to write
> the key. A good example of this problem is a dotnet application that
> writes to the event log. It's documented that you have to either (1)
> have an admin use the system the first time, or (2) create a key using
> a .reg file and include it in your installation.
>
> The aspnet account security settings are known to get broken by
> installing some other microsoft products. I've had to uninstall and
> reinstall the dotnet framework so the file acls for the aspnet account
> would be re-setup.
>
> - Ed
>
> "Leo de Ruyter" <LeoDeRuyter@Hotmail.com> wrote in message
news:<aplirs$ln1$1@reader11.wxs.nl>...
> > In fact everything works fine if an administrator is FIRST to run the
> > ASP.NET application. The problem only exists RIGHT AFTER deployment. The
> > administrator has to run the app first in order to let the 'regular
user'
> > run the app after the administrator has.
> >
> > Leo.
> >
> >
> > "developer1996" <developer1996@operamail.com> wrote in message
> > news:132101c27b6e$c5653b00$3bef2ecf@TKMSFTNGXA10...
> > > I ran into this error before. I had to double check all
> > > the directories user ASPNET was accessing. Check your
> > > file permissions on these directories...
> > >
> > > Temp
> > > WINNT\Microsoft.NET - [ALSO THE CHILD DIRECTORIES].
> > > Make sure the user ASPNET has access to these directories.
> > >
> > > Depending on what your appliction does you may have to
> > > give write access.
> > >
> > >
> > > >-----Original Message-----
> > > >Hi all,
> > > >
> > > >After copying an ASP.NET application from a development
> > server to a
> > > >webserver, the following situations apply to my situation:
> > > >
> > > >1 - An administrator is able to start the application the
> > first time via the
> > > >internet. After that, regular users are able to start the
> > application via
> > > >the internet. Everything works fine.
> > > >
> > > >2 - If a regular user tries to start the ASP.NET for the
> > first time, without
> > > >the administrator starting the application before him, a
> > familiar security
> > > >message appaers: 'Failed start monitoring directory
> > changes'.
> > > >
> > > >So in order to make things work I have to start the
> > application(s) as an
> > > >administrator first to enable all regular users to start
> > the application
> > > >afterwards.
> > > >
> > > >N.B.: IIS is running with basic authentication and with
> > ASP.NET-,
> > > >administrator- and certain regular user-rights on the
> > application directory.
> > > >
> > > >I assume this has something to do with the fact that a
> > regular user is not
> > > >able to JIT-compile the ASP.NET appliaction. Is this the
> > case and how can it
> > > >be solved?
> > > >
> > > >
> > > >Thanks in advance,
> > > >Leo de Ruyter.
> > > >
> > > >
> > > >.
> > > >

Relevant Pages

  • Re: gacutil and co. DLL built under 2beta, deploying to IIS5+DotNet Framework 1.1?
    ... but the first time a method was called. ... a question from a year ago (2003-10-22 -- in the parallel aspnet group ... user ASPNET write permission in c:\winnt\temp. ... gave ASPNET that permission. ...
    (microsoft.public.dotnet.framework.setup)
  • Re: COM Component and Security
    ... Hi Lior, ... | Subject: Re: COM Component and Security ... | ASPNET user and not my NT user. ... |> information on the thread before impersonation began. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: COM Component and Security
    ... it will affect the way ASPNET functions. ... Implementing Impersonation in an ASP.NET Application ... | Subject: Re: COM Component and Security ... Assuming you're reverting at the right time, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Web Service Security problem
    ... the server. ... the failed logon attempt was ASPNET. ... >Allowin that account access to lan resources would be a large security risk. ... >> Another possible issue is the ASPNET account on the server. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: ASP.NET security issue
    ... There's a MS article on the security needed by aspnet on a web server. ... have an admin use the system the first time, or create a key using ... > administrator has to run the app first in order to let the 'regular user' ...
    (microsoft.public.dotnet.framework.aspnet.security)