Re: IIS Virtual Directory Create Failure in Web Service :(

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/08/04

• Next message: Jeff Dillon: "Re: Encrypt String or different approach"
• Previous message: Eskimo: "Re: IIS Virtual Directory Create Failure in Web Service :("
• In reply to: Eskimo: "Re: IIS Virtual Directory Create Failure in Web Service :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 8 Nov 2004 11:49:02 -0600

In your case, you already have Full Trust. You can't even call
System.DirectoryServices.dll without it because it doesn't allow partially
trusted callers at all. So that isn't really important for the original
issue you were asking about. That is strictly an issue with Windows
security.

However, to modify CAS policy for a web application, you modify the
<securityPolicy> element in web.config.

Joe K.

"Eskimo" <Eskimo@discussions.microsoft.com> wrote in message
news:FE26B6EE-BC1E-4FCB-BF86-BE87BF38FF59@microsoft.com...
> So where do you assign a web service full trust? and the underlying dll's
> ?
>
>
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> Actually, it would have been a SecurityException if it was related to
>> CAS.
>> This was the Windows security error that we were previously discussing.
>> Also, it is more typical for web applications to run with Full Trust.
>> Downloaded controls tend to run in partial trust, but that wasn't being
>> discussed here.
>>
>> Joe K.
>>
>> "Eskimo" <Eskimo@discussions.microsoft.com> wrote in message
>> news:2E7CA37B-3AE3-4E9B-BBDB-D719115EE0F8@microsoft.com...
>> > ?????
>> >
>> > It's installed on a win 2003 server with a web installation project.
>> > It
>> > works fine on the dev box, not on the server <grrr - code fix? />
>> >
>> > as such - it's in the gac! the dll project is just that - a dll
>> > referenced
>> > via the web service. the windows app hits the same dll project.
>> >
>> > code example please of the "hello world" web service for what you're
>> > suggesting :)
>> >
>> > "Daniel Fisher(lennybacon)" wrote:
>> >
>> >> You get the error because a WindowsApplication runs under the
>> >> CodeGroup
>> >> My_Computer_Zone, WebServices and WebApplications run under
>> >> LocalIntranet_Zone. It's a CodeAccessSecurity issue.
>> >>
>> >> Try to add an assembly with the code to the GAC, write a wrapper for
>> >> the
>> >> GAC
>> >> assembly and deploy it to the bin directory of the WebService and call
>> >> the
>> >> methods of the wrapper from the assembly of your solution
>> >> (WebService).
>> >>
>> >> --
>> >> Daniel Fisher(lennybacon)
>> >> MCP ASP.NET C#
>> >> Blog: http://www.lennybacon.com/
>> >>
>> >>
>> >> "Eskimo" <Eskimo@discussions.microsoft.com> wrote in message
>> >> news:A6D68D60-6B23-414D-B4C2-6798FFD0C76B@microsoft.com...
>> >> >
>> >> > System.UnauthorizedAccessException: Access is denied.
>> >> > at System.DirectoryServices.Interop.IAds.SetInfo()
>> >> > at System.DirectoryServices.DirectoryEntry.CommitChanges()
>> >> > at CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create
>> >> >
>> >> > ...
>> >> >
>> >> > tried on the local development box and it had issues like this
>> >> >
>> >> > until I gave permissions like described in Article ID 329986, scroll
>> >> > down,
>> >> > Method A.
>> >> >
>> >> > It is a double hop as I did the test at the bottom in the Quick Test
>> >> > section.
>> >> >
>> >> >
>> >> >
>> >> > Code snippets:
>> >> >
>> >> > Web.config for web service having the error shown above...
>> >> >
>> >> > <identity impersonate="true" />
>> >> > ...
>> >> >
>> >> > SCHEMA= "IIsWebVirtualDir";
>> >> > mRootSubPath = "/W3SVC/1/Root";
>> >> >
>> >> > ...
>> >> >
>> >> > DirectoryEntry deRoot= new DirectoryEntry("IIS://" +
>> >> > "localhost"
>> >> > + mRootSubPath,winAcctId,winAcctPwd,AuthenticationTypes.Secure);
>> >> >
>> >> > ...
>> >> >
>> >> > if (Directory.Exists("c:\temp\Eskimo\") == false)
>> >> > {
>> >> >
>> >> > Directory.CreateDirectory("c:\temp\Eskimo\");
>> >> >
>> >> > }
>> >> >
>> >> > deRoot.RefreshCache();
>> >> >
>> >> > DirectoryEntry deNewVDir =
>> >> > deRoot.Children.Add("Eskimo",mSchema);
>> >> >
>> >> >
>> >> > deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");
>> >> >
>> >> > ...
>> >> > deNewVDir.Properties["AccessRead"][0] =true;
>> >> > deNewVDir.Properties["AccessWrite"][0] = true;
>> >> > deNewVDir.Properties["AccessExecute"][0] = true;
>> >> > deNewVDir.Properties["AuthAnonymous"][0] = false;
>> >> > deNewVDir.Properties["AuthBasic"][0] = false;
>> >> > deNewVDir.Properties["AuthNTLM"][0] = true;
>> >> > deNewVDir.Properties["ContentIndexed"][0] = false;
>> >> > deNewVDir.Properties["EnableDirBrowsing"][0] = true;
>> >> > ...
>> >> > deNewVDir.Invoke("AppCreate",true);
>> >> >
>> >> > deNewVDir.CommitChanges();
>> >> > deRoot.CommitChanges();
>> >> >
>> >> > deNewVDir.Close();
>> >> >
>> >> > deRoot.Close();
>> >> > ...
>> >> >
>> >> > Now: in a windows application it works great! I have a DLL project
>> >> > and
>> >> > a
>> >> > windows app test project and the web service accessing the DLL
>> >> > project.
>> >> > In a web service I get the error listed above... :(
>> >> >
>> >> > --
>> >> > tym, Eskimo
>> >>
>> >>
>> >>
>>
>>
>>

---

• Next message: Jeff Dillon: "Re: Encrypt String or different approach"
• Previous message: Eskimo: "Re: IIS Virtual Directory Create Failure in Web Service :("
• In reply to: Eskimo: "Re: IIS Virtual Directory Create Failure in Web Service :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Least User Priviledges for Network Administrators ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ... (microsoft.public.windowsxp.security_admin) Re: That Old Anthrax Case ... trust anything that comes from the federal government anymore. ... to do with the anthrax mailings and sued the FBI, ... Apparantly security is rather lax and there are ... contractors who don't use such documentation. ... (soc.retirement) (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question ... If the code is running with full trust it can call RevertToSelfand change ... last year at OWASP (Open Web Application Security Project), ... > Ethical Hacking at the InfoSec Institute. ... > learn to write exploits and attack security infrastructure. ... (Pen-Test) Re: (Asp.Net Full Trust Vulnerabilities) RE: Apache VS IIS Security model question ... However I am still unsure how an ASP.NET application, running in Full Trust, ... Each client of the server (say, each department of a company, or each ... Each website is placed into its own custom application pool ... Subject: RE: Apache VS IIS Security ... (Pen-Test) Re: [Full-disclosure] I give up, no more posts to Full-Disclosure and DailyDave about Full T ... when you happen to subscribe to more than one of the target lists. ... Microsoft and Sun. ... We were discussing the security ... advantages of Sandboxing (Partial Trust in .Net and Security Manager in ... (Full-Disclosure)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)