Re: System.UnauthorizedAccessException: Access is denied

From: Prodip Saha (psaha_at_bear.com)
Date: 09/02/04

  • Next message: Matthew Wieder: "Re: HELP! CreateProcessWithLogonW issue"
    Date: Thu, 2 Sep 2004 08:27:11 -0500
    
    

    ASPNET account is local to the web server machine and normally it is not a
    domain account. Granting permission to the ASPNET account may not bring any
    good because it has no permission outside the box.

    Are you implementing Windows Integrated Authentication? If so, you can turn
    the impersonation to true (i.e. use the original callers domain account) in
    code before calling the COM+ component and turn it back to false by using
    Undo method. You can also trun the impersonation to true at all time but it
    really depends on the architecture of the application.

    If you are not using the Windows Integrated Authentication, you can
    impersonate a specific user with their username and password. Look at this
    article on how to do it--
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp

    A lot more can be said but it's hard to comment w/o knowing the architecture
    of the asp.net application.

    Prodip

    "Efi" <Efi@discussions.microsoft.com> wrote in message
    news:CDA0A038-24E8-4D31-A7FC-D7029CE0000B@microsoft.com...
    > Hi,
    > We have a simple 3 tier application which its core application is VC++ 6.0
    > ATL COM running as a server application in the COM+. An asp pipe is in
    charge
    > of handling the requests and passes it to the COM for processing.
    >
    > We are now trying to migrate the asp pipe to Asp.Net (C#).
    >
    > When running the above configuration with Asp.Net on IIS 5.0 (W2K) we have
    > no problems but when trying the do it on IIS 6.0 (W2K3) we are getting the
    > following error which is basically access denied error on the line that
    tries
    > to create the COM instancing.
    > Access is denied.
    > Description: An unhandled exception occurred during the execution of the
    > current web request. Please review the stack trace for more information
    about
    > the error and where it originated in the code.
    >
    > Exception Details: System.UnauthorizedAccessException: Access is denied.
    >
    > ASP.NET is not authorized to access the requested resource. Consider
    > granting access rights to the resource to the ASP.NET request identity.
    > ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
    or
    > Network Service on IIS 6) that is used if the application is not
    > impersonating. If the application is impersonating via <identity
    > impersonate="true"/>, the identity will be the anonymous user (typically
    > IUSR_MACHINENAME) or the authenticated request user.
    >
    > To grant ASP.NET write access to a file, right-click the file in Explorer,
    > choose "Properties" and select the Security tab. Click "Add" to add the
    > appropriate user or group. Highlight the ASP.NET account, and check the
    boxes
    > for the desired access.
    >
    > Source Error:
    > An unhandled exception was generated during the execution of the current
    web
    > request. Information regarding the origin and location of the exception
    can
    > be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [UnauthorizedAccessException: Access is denied.]
    > BurstingPipe.Net.WebForm1.Page_Load(Object sender, EventArgs e) in
    > d:\burstingweb\burstingpipe.net\adserverpipe.aspx.cs:160
    > System.Web.UI.Control.OnLoad(EventArgs e) +67
    > System.Web.UI.Control.LoadRecursive() +35
    > System.Web.UI.Page.ProcessRequestMain() +731
    >
    > I've tried to set permissions (ASPNET and Network Service) on files and in
    > the COM+ (Launching permissions).
    >
    > Help Please!!!
    >
    > Thanks,
    >
    > Efi


  • Next message: Matthew Wieder: "Re: HELP! CreateProcessWithLogonW issue"