Re: Security Violation in my Web Service
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 08/03/04
- Next message: ar: "Redirecting anon users - Forms or Windows Authentication"
- Previous message: [MSFT]: "RE: using System.Net.NetworkCredentials on windows NT"
- In reply to: jbothwel: "Re: Security Violation in my Web Service"
- Next in thread: jbothwel: "Re: Security Violation in my Web Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Aug 2004 22:49:40 -0500
Glad that worked. I wouldn't have thought to ask about the details on the
file stream.
Joe K.
"jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
news:C7E4C193-5F99-4245-B1E5-85A4240AC42E@microsoft.com...
> Thanks Joe. Great suggestion. The ASPNET (ASP Machine Account) is
accessing the componet, as expected. The real problem was in how the XML
file was being loaded. It was being loaded through a FileStream with
FileMode.Open which requires more than just Read access.
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
> > Oh well, so much for the easy answer.
> >
> > There is definitely a Windows security authorization problem here. I'd
> > enable auditing for object access in your local security policy and set
the
> > SACL on the file to enable auditing. Then, you should at least get an
audit
> > failure in the security event log saying who tried to access the file
and
> > why it failed.
> >
> > You might also try using Filemon from sysinternals to see this.
> >
> > Joe K.
> >
> > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > news:93F5797E-5DE5-40F9-A489-76E7A14ECCD5@microsoft.com...
> > > No, impersonation is not enabled.
> > >
> > > "Joe Kaplan (MVP - ADSI)" wrote:
> > >
> > > > Is impersonation enabled in the web server? If so, those
credentials
> > would
> > > > be use to access the file, not the ASPNET account.
> > > >
> > > > The FileIOPermission stuff won't help with an
> > UnauthorizedAccessException as
> > > > the UnauthorizedAccessException is caused by Windows security and
the
> > > > FileIOPermission is for CAS.
> > > >
> > > > Joe K.
> > > >
> > > > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > > > news:475FF115-5D6A-47CA-B92C-4FBC88B7B6DD@microsoft.com...
> > > > > I've written a ASP .NET WEB Service that tries to load a xml
document
> > from
> > > > the file system and receive the following exception:
> > > > >
> > > > > Additional information:
System.Web.Services.Protocols.SoapException:
> > > > Server was unable to process request. --->
> > > > System.UnauthorizedAccessException: Access to the path
> > > >
> >
'c:\inetpub\wwwroot\AssuredOffice\policies\{420B2830-E718-11CF-893D-00A0C905
> > > > 4228}Policy.xml' is denied
> > > > >
> > > > > I've included the following in the AssemblyInfo.cs
> > > > >
> > > > > [assembly: FileIOPermission(SecurityAction.RequestMinimum,
> > > > All=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > > >
> > > > > I've also tried putting this attribute on the method that tries to
> > load
> > > > the xml document
> > > > >
> > > > > [FileIOPermission(SecurityAction.Assert,
> > > > Read=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > > >
> > > > >
> > > > > I've checked the ACl on the file and directory to ensure that the
> > ASPNET
> > > > account has read access -- what I'm I missing?
> > > > >
> > > >
> > > >
> > > >
> >
> >
> >
- Next message: ar: "Redirecting anon users - Forms or Windows Authentication"
- Previous message: [MSFT]: "RE: using System.Net.NetworkCredentials on windows NT"
- In reply to: jbothwel: "Re: Security Violation in my Web Service"
- Next in thread: jbothwel: "Re: Security Violation in my Web Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
