Re: Security Violation in my Web Service

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 08/03/04


Date: Mon, 2 Aug 2004 22:49:40 -0500

Glad that worked. I wouldn't have thought to ask about the details on the
file stream.

Joe K.

"jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
news:C7E4C193-5F99-4245-B1E5-85A4240AC42E@microsoft.com...
> Thanks Joe. Great suggestion. The ASPNET (ASP Machine Account) is
accessing the componet, as expected. The real problem was in how the XML
file was being loaded. It was being loaded through a FileStream with
FileMode.Open which requires more than just Read access.
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
> > Oh well, so much for the easy answer.
> >
> > There is definitely a Windows security authorization problem here. I'd
> > enable auditing for object access in your local security policy and set
the
> > SACL on the file to enable auditing. Then, you should at least get an
audit
> > failure in the security event log saying who tried to access the file
and
> > why it failed.
> >
> > You might also try using Filemon from sysinternals to see this.
> >
> > Joe K.
> >
> > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > news:93F5797E-5DE5-40F9-A489-76E7A14ECCD5@microsoft.com...
> > > No, impersonation is not enabled.
> > >
> > > "Joe Kaplan (MVP - ADSI)" wrote:
> > >
> > > > Is impersonation enabled in the web server? If so, those
credentials
> > would
> > > > be use to access the file, not the ASPNET account.
> > > >
> > > > The FileIOPermission stuff won't help with an
> > UnauthorizedAccessException as
> > > > the UnauthorizedAccessException is caused by Windows security and
the
> > > > FileIOPermission is for CAS.
> > > >
> > > > Joe K.
> > > >
> > > > "jbothwel" <jbothwel@discussions.microsoft.com> wrote in message
> > > > news:475FF115-5D6A-47CA-B92C-4FBC88B7B6DD@microsoft.com...
> > > > > I've written a ASP .NET WEB Service that tries to load a xml
document
> > from
> > > > the file system and receive the following exception:
> > > > >
> > > > > Additional information:
System.Web.Services.Protocols.SoapException:
> > > > Server was unable to process request. --->
> > > > System.UnauthorizedAccessException: Access to the path
> > > >
> >
'c:\inetpub\wwwroot\AssuredOffice\policies\{420B2830-E718-11CF-893D-00A0C905
> > > > 4228}Policy.xml' is denied
> > > > >
> > > > > I've included the following in the AssemblyInfo.cs
> > > > >
> > > > > [assembly: FileIOPermission(SecurityAction.RequestMinimum,
> > > > All=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > > >
> > > > > I've also tried putting this attribute on the method that tries to
> > load
> > > > the xml document
> > > > >
> > > > > [FileIOPermission(SecurityAction.Assert,
> > > > Read=@"C:\Inetpub\wwwroot\AssuredOffice\Policies")]
> > > > >
> > > > >
> > > > > I've checked the ACl on the file and directory to ensure that the
> > ASPNET
> > > > account has read access -- what I'm I missing?
> > > > >
> > > >
> > > >
> > > >
> >
> >
> >