RE: file permissions
From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 10/16/03
- Next message: Helen: "Re: Persistent 'nonsecure content' message when loading a file into an IFRAME element"
- Previous message: JACK: "Role Based Security : difference betweenn XP and 2K pro"
- In reply to: James Martin: "RE: file permissions"
- Next in thread: James Martin: "RE: file permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Oct 2003 16:40:44 GMT
James,
This is definitely a permissions issue. The easiest way to troubleshoot
these issues it to use Filemon from www.sysinternals.com. You can get a
log of the request and look for an ACCDENIED. The new version will tell
you what the user account is that is being denied access and where they are
being denied.
Jim Cheshire [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------
>Content-Class: urn:content-classes:message
>From: "James Martin" <anonymous@discussions.microsoft.com>
>Sender: "James Martin" <anonymous@discussions.microsoft.com>
>References: <037001c39338$6513bd70$a101280a@phx.gbl>
<web8eg1kDHA.688@cpmsftngxa06.phx.gbl>
>Subject: RE: file permissions
>Date: Wed, 15 Oct 2003 16:55:18 -0700
>Lines: 179
>Message-ID: <0a9601c39377$c94fd730$a101280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Thread-Index: AcOTd8lNFW+h1BH6S7y6nZmtQUdOYg==
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa06.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7196
>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Okay in web.config I have :
>
><authentication mode="Windows" />
><authorization>
> <deny users="?" />
></authorization>
><identity impersonate="true" userName="" password=""/>
>
>
>I added mydomain\ASPNET to the ACL.
>
>When I attempt to access the page I am NO LONGER prompted
>for a username/password/domain and the web page returned
>reports the following:
>
>Server Error in '/Apps' Application.
>-----------------------------------------------------------
>---------------------
>
>Access is denied.
>Description: An unhandled exception occurred during the
>execution of the current web request. Please review the
>stack trace for more information about the error and where
>it originated in the code.
>
>Exception Details: System.ApplicationException: Access is
>denied.
>
>Source Error:
>
>An unhandled exception was generated during the execution
>of the current web request. Information regarding the
>origin and location of the exception can be identified
>using the exception stack trace below.
>
>Stack Trace:
>
>
>[ApplicationException: Access is denied.
>]
>
>System.Security.Principal.WindowsIdentity._ResolveIdentity
>(IntPtr userToken) +0
> System.Security.Principal.WindowsIdentity.get_Name() +71
>
>System.Web.Configuration.AuthorizationConfigRule.IsUserAllo
>wed(IPrincipal user, String verb) +100
>
>System.Web.Configuration.AuthorizationConfig.IsUserAllowed
>(IPrincipal user, String verb) +81
> System.Web.Security.UrlAuthorizationModule.OnEnter
>(Object source, EventArgs eventArgs) +178
>
>System.Web.SyncEventExecutionStep.System.Web.HttpApplicatio
>n+IExecutionStep.Execute() +60
> System.Web.HttpApplication.ExecuteStep(IExecutionStep
>step, Boolean& completedSynchronously) +87
>
>
>
>>-----Original Message-----
>>James,
>>
>>In the scenario you describe, you will need to give the
>aspnet_wp.exe
>>process account access or make it a member of your
>group. By default, this
>>would be the ASPNET account.
>>
>>You can also enable impersonation and deny
>unauthenticated users so that
>>you get the identity of the user actually browsing the
>site.
>>
>>Jim Cheshire [MSFT]
>>Developer Support
>>ASP.NET
>>jamesche@online.microsoft.com
>>
>>This post is provided as-is with no warranties and
>confers no rights.
>>
>>--------------------
>>>Content-Class: urn:content-classes:message
>>>From: "James Martin"
><anonymous@discussions.microsoft.com>
>>>Sender: "James Martin"
><anonymous@discussions.microsoft.com>
>>>Subject: file permissions
>>>Date: Wed, 15 Oct 2003 09:21:31 -0700
>>>Lines: 58
>>>Message-ID: <037001c39338$6513bd70$a101280a@phx.gbl>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain;
>>> charset="iso-8859-1"
>>>Content-Transfer-Encoding: 7bit
>>>X-Newsreader: Microsoft CDO for Windows 2000
>>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>>Thread-Index: AcOTOGUTgn87zP1oTlWgylW3LfDTgQ==
>>>Newsgroups:
>microsoft.public.dotnet.framework.aspnet.security
>>>Path: cpmsftngxa06.phx.gbl
>>>Xref: cpmsftngxa06.phx.gbl
>>microsoft.public.dotnet.framework.aspnet.security:7186
>>>NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
>>>X-Tomcat-NG:
>microsoft.public.dotnet.framework.aspnet.security
>>>
>>>I have a W2K server, running IIS 6 and Active Directory
>>>Services. I have an ASP.Net application off the root web
>>>directory named "Apps". Within the IIS Manager I have
>the
>>>Authentication method set to "Anonymous Access" as well
>>>as "Authenticated Access" using "Integrated Windows
>>>Authentication" for both the root web and the "Apps" sub-
>>>directory. All files and directories under the "Apps"
>>>folder are set in this manner.
>>>
>>>The web config file is set to use "Windows" for
>>>Authentication and "*" for Authorization.
>>>
>>>Using Explorer I have changed the permissions for one
>file
>>>in the "Apps" directory. For this file, let's call
>>>it "myfile.aspx", I have removed the "Everyone" group.
>The
>>>permissions for this file are as follows:
>>>
>>>Creator Owner - Full Control
>>>System - Full Control
>>>mydomain\Administrators - Full Control
>>>mydomain\MyGroup - Read, Read/Execute
>>>
>>>If I attempt to access any file on this web via a web
>>>browser it works as it should with the exception of this
>>>single file, "myfile.aspx". When attempting to access
>this
>>>file it will ask for a username/password/domain and will
>>>not accept anyone, including anyone from
>>>the "Administrators" or "MyGroup" groups.
>>>The error I get in the browser is:
>>>
>>>Server Error in '/Apps' Application.
>>>---------------------------------------------------------
>--
>>>---------------------
>>>
>>>Access is denied.
>>>Description: An error occurred while accessing the
>>>resources required to serve this request. You might not
>>>have permission to view the requested resources.
>>>
>>>Error message 401.3: You do not have permission to view
>>>this directory or page using the credentials you
>supplied
>>>(access denied due to ACLs). Ask the Web server's
>>>administrator to give you access
>>>to 'c:\inetpub\wwwroot\apps\myfile.aspx'.
>>>
>>>
>>>---------------------------------------------------------
>--
>>>---------------------
>>>Version Information: Microsoft .NET Framework
>>>Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
>>>
>>>This is the same basic configuration I use on other web
>>>servers for security and have not had this problem
>before.
>>>I have another server within this domain that is
>>>configured in the same manner that works although it is
>>>not an ASP.Net application. I have tried this from
>systems
>>>logged into the domain and from systems not logged into
>>>the domain with the same results.
>>>
>>
>>.
>>
>
- Next message: Helen: "Re: Persistent 'nonsecure content' message when loading a file into an IFRAME element"
- Previous message: JACK: "Role Based Security : difference betweenn XP and 2K pro"
- In reply to: James Martin: "RE: file permissions"
- Next in thread: James Martin: "RE: file permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
