Re: Security problems when running code from different machine

From: Lewis Wang [MSFT] (v-lwang_at_online.microsoft.com)
Date: 08/29/03 

Date: Fri, 29 Aug 2003 10:31:06 GMT

Hi John,

Thanks for your posting. I am checking this issue, and will get back to you
with my findings.

Best regards,
Lewis

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "John Boghossian" <john.boghossian@investorab.com>
| References: <ulnUPiKaDHA.2572@TK2MSFTNGP12.phx.gbl>
<DLQ1DtraDHA.1608@cpmsftngxa06.phx.gbl>
| Subject: Re: Security problems when running code from different machine
| Date: Fri, 29 Aug 2003 08:34:04 +0200
| Lines: 275
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <O#dKNefbDHA.3360@tk2msftngp13.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: 212.209.235.35
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:6464
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Actually i have come a bit closer to the problem but i am not sure what
| solution i should implement.
|
| As you indicated there is a problem with authority for the remote client
to
| run the code. When I tested, the remote user was logged on with the same
| account as i use to run it locally. When debugging the code i found that
| when the request came from the user requesting the page by localhost itīs
| System.Security.Principal.WindowsIdentity.Authenticationtype is Negotiate
| and iwhen the code is run from a remote client the Authenticationtype is
| NTLM.
|
| So as a temporary solution I switch user in code by calling LogonUser in
| "advapi32.dll"
|
| I have attached the file clsad.txt which contains the code in question. In
| the function createdatatable you will se the call to findall and the
| temporary user switching.
|
|
| "Lewis Wang [MSFT]" <v-lwang@online.microsoft.com> wrote in message
| news:DLQ1DtraDHA.1608@cpmsftngxa06.phx.gbl...
| > Hi John,
| >
| > The webmethod "directorysearcher.findall" may not be able to be accessed
| > from a remote machine. Please open the webservice using IE from another
| > machine, and click the "findall" method. Does the webservice give you
any
| > information like: "The test form is only available for requests from the
| > local machine"? Please let me know if I misunderstood your concern,
| thanks.
| >
| > To resolve this problem, you may add the following lines in web.config:
| >
| > <system.web>
| > . .­
| > <configuration>
| > . .
| > <webServices>
| > <protocols>
| > <add name="HttpSoap"/>
| > <add name="HttpPost"/>
| > <add name="HttpGet"/>
| > <add name="Documentation"/>
| > </protocols>
| > </webServices>
| >
| > </system.web>
| > </configuration>
| >
| > The following is an article for your reference.
| > Configuration Options for XML Web Services Created Using ASP.NET
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
| > l/cpconconfigurationoptionsforaspnetwebservices.asp
| >
| > Hope this helps.
| >
| > Best regards,
| > Lewis
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| >
| > --------------------
| > | From: "John Boghossian" <john.boghossian@investorab.com>
| > | Subject: Security problems when running code from different machine
| > | Date: Fri, 22 Aug 2003 14:26:08 +0200
| > | Lines: 19
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <ulnUPiKaDHA.2572@TK2MSFTNGP12.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| > | NNTP-Posting-Host: 212.209.235.35
| > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| > | Xref: cpmsftngxa06.phx.gbl
| > microsoft.public.dotnet.framework.aspnet.security:6397
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
| > |
| > | Hi there,
| > |
| > | On my develop machine i have a virtual root which requires integrated
| > | security and doesnīt allow anonymous access and in my web.config i
have
| > | <identity impersonate="true" />.
| > |
| > | In here i have a small web app that requests a OU list from AD and
| > presents
| > | it in a grid.
| > | When i run it from my develop machine by requesting
| > | http://machine/vroot/page.aspx it works but when i run it from another
| > | machines IE and open the page by enetering
| http://machine/vroot/page.aspx
| > | the result is empty.
| > |
| > | There is NO runtime error going on because i have debugged the code
and
| > the
| > | directorysearcher.findall just returns an empty result.
| > |
| > | Any ideas
| > |
| > |
| > |
| >
|
|
|

Relevant Pages

  • Re: Lottery Strategies
    ... RGL Gremlin aka "John Griffin" wrote.. ... You alone have destroyed this Newsgroup with the most repetitive, ... A sampling of the posting history of giant bimbo Sherry ... "I said 'the only way,' bimbos. ...
    (rec.gambling.lottery)
  • Re: Christ only 5% of posts here make it past my kill filters
    ... you may not recall John Curtis who posted at the same time as ... Chris Raum, White Dragon (also posting as ~WD), and T. R. Ellis. ... John Curtis was the moving force behind my getting together with him, ... Michael Ejercito ...
    (soc.men)
  • Re: Ping Don Moody
    ... Posting libelous material ... Why ask John to do your dirty work? ... subject and they had better bugger off somewhere quiet and rethink whether they are suited to study the subject. ... When he was finished he told me to bugger off and earn enough money to pay a garage, and never again lift the bonnet and fiddle with what was under it. ...
    (soc.genealogy.britain)
  • Re: Someone Just E-mailed Me The Next Chapter
    ... I did not respond with "utmost ferocity" because I thought we were friends ... You accomplished, with one dumb post, what John and Gerry have not been able ... I bet the bitch wasn't counting on me posting MY private ...
    (rec.gambling.lottery)
  • Re: Teaching (and Learning) Assembly Language, Part 2
    ... I just got an email yesterday from someone requesting that I ... > put this information into a BLOG on Webster, in addition to posting it ...
    (alt.lang.asm)
Loading