Re: How Bad Is It?

From: Mike Moore [MS] (michmo@online.microsoft.com)
Date: 12/17/02 

From: michmo@online.microsoft.com ("Mike Moore [MS]")
Date: Tue, 17 Dec 2002 20:21:02 GMT

Hi Lee,

That particular snippet from the RegMon log doesn't help me. All three
entries show success and we're looking for an error. So far, we've been
assuming that it is the access to the COM object. What happens if you set
the machine.config file to user "machine" and also remove the calls to the
COM object from your code. Does it still get an error?

On your TEST machine, write a new ASP.NET project with one page. This page
will have one button. In the code-behind button click event, call the COM
object with values that you type directly in the code (so there is nothing
extra, such as looking at cookies). Then set the config file to use
"machine" and see if it causes the error. If it does cause the error, then
use this page for further testing and do the following.

Get RegMon and FileMon logs of the error. Mail them to me at [remove
".online"] michmo@online.microsoft.com. I will post our results so that
everyone else can see it.

NOTE: If I can't solve the problem with these logs, we may soon reach the
point where I cannot go further in the context of a newsgroup issue. If
this occurs, I will post a note saying that we've reached that point and
list some options for you to contact Microsoft support for one no one
assistance. Meanwhile, please send me the files.

Thank you, Mike Moore
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

--------------------
>Content-Class: urn:content-classes:message
>From: "Lee Seidel" <lee.seidel@capbuecross.com>
>Sender: "Lee Seidel" <lee.seidel@capbuecross.com>
>References: <05e401c2a2e0$ecc51c30$89f82ecf@TK2MSFTNGXA01>
<#M8v08UpCHA.1616@TK2MSFTNGP10> <7$Kb69VpCHA.896@cpmsftngxa09>
>Subject: Re: How Bad Is It?
>Date: Tue, 17 Dec 2002 08:13:37 -0800
>Lines: 160
>Message-ID: <04b601c2a5e7$41712e00$8df82ecf@TK2MSFTNGXA02>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcKl50FxzPugQYwJQAq8CA865leUbg==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: TK2MSFTNGXA02 10.40.1.51
>Path: cpmsftngxa06!cpmsftngxa10!cpmsftngxa09
>Xref: cpmsftngxa06 microsoft.public.dotnet.framework.aspnet.security:3402
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Thank...using these tools was a huge help and enabled us
>to see what is working in Test (where we have the
>machine.config) set to SYSTEM vs. what is happening in
>Production were it reamins as machine.
>
>The first two hits are identicle in Test and Prod. It
>accessec the COM object.
>
>That is as far as Prod gets. We are getting an object
>error.
>
>In Test this is what occurs:
>16.08561758 aspnet_wp.exe:3724 OpenKey
> HKLM\Software\Microsoft\COM3 SUCCESS Key:
>0xE2828DA0
>16.08566191 aspnet_wp.exe:3724 QueryValue
> HKLM\Software\Microsoft\COM3\REGDBVersion
> SUCCESS E7 00 00 00 00 00 00 00
>16.08570082 aspnet_wp.exe:3724 CloseKey
> HKLM\Software\Microsoft\COM3 SUCCESS Key:
>0xE2828DA0
>
>I am assuming that Test has access to COM#...whatever that
>is. Can you shed any light?
>>-----Original Message-----
>>Hi Lee
>>
>>I think Larry and Patrik have given you some very good
>information. I would
>>use FileMon and RegMon rather than Process Explorer (all
>of these are free
>>downloads from www.sysinternals.com). To optimize your
>use of these tools:
>>
>>Run them and look for the functions to turn logging on &
>off, to clear the
>>log, and to filter what gets logged. It's best to run
>tests on a test
>>machine as logging production machines can result in very
>long logs that
>>make it hard to pinpoint the error.
>>
>>The filter can take several types of text entries. You
>can specify a file
>>or registry entry to watch, or a process to watch. In
>this case, set it to
>>watch the asp.net worker process: aspnet_*.
>>
>>Then browse your application and get just to the point
>where you are about
>>to cause the error (no sense in logging more then
>required prior to the
>>error). Then stop the log and clear it. When you're
>ready, in quick
>>succession, start the log, cause the error, and stop the
>log. Again, no
>>sense logging more than required after the error occurs.
>>
>>Next, review the log. You can save it to disk and open it
>in a spread***
>>program. Scan through looking for "access denied". At
>first, don't worry
>>about other errors. For example, most logs include some
>attempts to find
>>files or registry keys that are not there. It can take a
>little getting
>>used to. Probably, you will see which item(s) are denied.
>Then use Windows
>>Explorer to grant NTFS permissions to the ASPNET account,
>or use
>>regedt32.exe to grant ASPNET permissions to registry keys.
>>
>>If the above fails, then there are other things you can
>try. I would start
>>by making a new web application with just a very few
>lines of code which
>>access this COM component. If this fails, then you have a
>much smaller
>>reproducible sample. If it works, then you need to look
>at what is
>>different between your minimal sample and your larger
>application.
>>
>>Please repost with your results.
>>
>>Thank you, Mike Moore
>>Microsoft, ASP.NET
>>
>>This posting is provided "AS IS", with no warranties, and
>confers no rights.
>>
>>--------------------
>>>From: "th" <th@rmsexxxcf.remove-xxx-and-this.cxxxom>
>>>References: <05e401c2a2e0$ecc51c30
>$89f82ecf@TK2MSFTNGXA01>
>>>Subject: Re: How Bad Is It?
>>>Date: Mon, 16 Dec 2002 23:14:04 +0100
>>>Lines: 31
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>>>Message-ID: <#M8v08UpCHA.1616@TK2MSFTNGP10>
>>>Newsgroups:
>microsoft.public.dotnet.framework.aspnet.security
>>>NNTP-Posting-Host: c213-100-95-180.swipnet.se
>213.100.95.180
>>>Path: cpmsftngxa09!TK2MSFTNGP08!TK2MSFTNGP10
>>>Xref: cpmsftngxa09
>microsoft.public.dotnet.framework.aspnet.security:3402
>>>X-Tomcat-NG:
>microsoft.public.dotnet.framework.aspnet.security
>>>
>>>Here are some reading about ASP.NET security.
>>>
>>>(http://msdn.microsoft.com/library/default.asp?
>url=/library/en-us/dnnetsec/
>>h
>>>tml/secnetlpMSDN.asp?frame=true)
>>>
>>>
>(http://msdn.microsoft.com/msdnmag/issues/01/11/security/de
>fault.aspx)
>>>
>>>(http://msdn.microsoft.com/library/default.asp?
>url=/msdnmag/issues/02/04/AS
>>P
>>>Sec/toc.asp?frame=true)
>>>
>>>(http://msdn.microsoft.com/library/default.asp?
>url=/msdnmag/issues/02/05/as
>>p
>>>sec2/toc.asp?frame=true)
>>>
>>>The first one is a MUST READ....
>>>
>>>/Patrik
>>>
>>>"Lee Seidel" <lee.seidel@capbluecross.com> wrote in
>message
>>>news:05e401c2a2e0$ecc51c30$89f82ecf@TK2MSFTNGXA01...
>>>> How bad is it to switch the user in the machine.config
>>>> file from "machine" to "SYSTEM"? We were able to
>overcome
>>>> insufficient security for ASPNET id via this method.
>We
>>>> resorted to this after giving ASPNET administrator
>rights
>>>> on the box did not resolve the dreaded Insufficient
>>>> Access .NET error.
>>>>
>>>> Please share your thoughts on this.
>>>>
>>>> Thanks.
>>>
>>>
>>>
>>
>>.
>>
>

Quantcast