Re: ASP.NET security and RSA SecurID

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 09/16/04

• Next message: idstam: "Re: Impersonation, DirectoryServices"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: How to determine if a user (integrated authentication) is part of a domain security group."
• In reply to: Alan Chen: "ASP.NET security and RSA SecurID"
• Next in thread: Alan Chen: "Re: ASP.NET security and RSA SecurID"
• Reply: Alan Chen: "Re: ASP.NET security and RSA SecurID"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Sep 2004 23:16:30 -0500

What if you change the processModel or App Pool ID to a more privileged
account such as an administrator or SYSTEM? It could be that it is trying
to access a file or registry key that requires a more privileged account
than what ASP.NET is running under.

Regmon or Filemon from SysInternals is often very helpful at tracking this
kind of thing down. Running the console app under a regular user account
might be good too.

I'd love to see your code if you'd be interested in sharing. I've got ACE
servers out the wazoo here!

HTH,

Joe K.

"Alan Chen" <liqiang_chen@hotmail.com> wrote in message
news:4cdf263f.0409151519.560a0af7@posting.google.com...
> Hi,
> I have a dll that wraps RSA SecurID package. It works great if I call
> the api from a Console app. But SD_Check() always failed (Access
> denied even if I passed in correct user id and passcode) every time
> when I call the api from a web service or a web app. I suspect that
> web.config or IIS need to be modified but don't know how.
> Any suggestions? Thanks.

• Next message: idstam: "Re: Impersonation, DirectoryServices"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: How to determine if a user (integrated authentication) is part of a domain security group."
• In reply to: Alan Chen: "ASP.NET security and RSA SecurID"
• Next in thread: Alan Chen: "Re: ASP.NET security and RSA SecurID"
• Reply: Alan Chen: "Re: ASP.NET security and RSA SecurID"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSL and web services ... different options regarding manipulating ASP.NET permissions, other account ... Along with this fix you will need to install the client certificate under ... we elected to keep it all as a COM+ app so I don't ... the ASPNET account, and not my local account, to execute the web service. ... (microsoft.public.dotnet.framework.aspnet.webservices) Re: Application Flow / security issues ... You won't need a special service account. ... If the use case of the app is basically to have a user log in and then loop ... I just checked with corp. and if I want to do delegation I have to ask ... - You are using integrated windows auth in your web app ... (microsoft.public.dotnet.framework.aspnet.security) RE: POP3 Connector ... SBS server that you created during setup. ... Directory Users/Computer app, it will list the domain as one of the ... listed under the "email address" tab in the user container. ... > administrator account. ... (microsoft.public.windows.server.sbs) Re: User Account Running at Application_end ... My app is running under 1.1. ... They will not give either account full permissions for 'security' reasons. ... Am I the only one who desires to compact a database periodically?? ... This routine works fine on another shared host. ... (microsoft.public.dotnet.framework.aspnet) Re: Service Principal Name in Kerberos ... specific account with enabled 'Account is trusted for delegation', ... opens IE and accesses the Client App on IIS that then accesses the Server ... Windows Server 2003 or Windows Vista ... Microsoft Online Community Support ... (microsoft.public.platformsdk.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint