Re: Access is denied when calling DirectoryEntry
From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 11/01/02
- Next message: Boyan Dimitrov: "Windows authentication"
- Previous message: Jimco Add-ins: "Re: ASP.Net will not authenticate Me on local machine."
- In reply to: Ed leNoir: "Re: Access is denied when calling DirectoryEntry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> Date: Fri, 1 Nov 2002 15:29:06 +0100
Wrong, the TCB privilege is not required as "LogonUser is not called here (the credentials specified in the constructor are used to
perform a network logon).
Besides that suggesting to set the TCB privilege for non privileged accounts is a very bad suggestion, as it compromises the
security of the whole web application.
Willy.
"Ed leNoir" <edleno@safeco.com> wrote in message news:#iIAvcVgCHA.2272@tkmsftngp10...
> Grant the privalege "Act as part of the operating system" (also known as
> SE_TCB_PRIVELAGE) to ASPNET so it can do the logon. You have to use the
> local security policy editor. That seems preferable to using System. The
> requirement to have this privelage is dropped in Windows XP. There's a
> knowledge base article out there:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
>
> - Ed
>
> "Michael" <mastrauckas@appdevgrp.com> wrote in message
> news:b11d01c27f57$e17dde40$39ef2ecf@TKMSFTNGXA08...
> > Hello everyone. I have a problem i'm hoping someone can
> > help me with I'll copy and paste my code
> >
> > DirectoryEntry objDirPar = null;
> > int iLength = 0;
> > objDirPar = new DirectoryEntry
> > ("IIS://localhost/W3SVC/1/Root/QFDemo", "Administrator", "p
> > ass");
> > StringBuilder sbDefaultPage = new
> > StringBuilder(objDirPar.Properties
> > ["DefaultDoc"].Value.ToString());
> >
> > Now when I run this I get "Access is denied" when I call
> > objDirPar.Properties even though i'm using the
> > Adminstrator acccount in the constructor??? So I put this
> > into my web.config
> >
> > <identity impersonate="true" userName="Adminstrator"
> > password="pass"/> and I get the error:
> >
> > Parser Error Message: Could not create Windows user token
> > from the credentials specified in the config file. Error
> > from the operating system 'A required privilege is not
> > held by the client. '
> >
> > The only way i can fix this problem is by changing the
> > machine.config xml. If I change processModel tag and
> > changing userName from machine to system everything works
> > just fine. Now this is a big security hole if I do
> > this!!! So is there any other way I can do this without
> > putting this security hole in my web application?
> >
> > Also, on another note, can you share a Application
> > variable in ASP 3.0 with a Application variable in ASP.NET
> > if they're part of the same web application?
> >
> > Michael
> >
> >
> >
> >
> >
>
>
- Next message: Boyan Dimitrov: "Windows authentication"
- Previous message: Jimco Add-ins: "Re: ASP.Net will not authenticate Me on local machine."
- In reply to: Ed leNoir: "Re: Access is denied when calling DirectoryEntry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
