Changing NTFS permissions in ASP.NET

From: Dmitry Maslakov (dmaslakov_at_sw-soft.com)
Date: 03/03/05

  • Next message: Dmitry Maslakov: "Re: Changing NTFS permissions in ASP.NET" 
    Date: Thu, 3 Mar 2005 12:44:46 +0600

    Hi.

    Some related questions were discussed here, but my question is some
    different.

    I'm writing the project, the metter of it can be expressed as following.
    * System: IIS 6 on W2003server.
    * Site: application pool works with NETWORK SERVICE, anonymous access is
    allowed on site.
    * Goal: operate with files and change permissions on files (remote files
    using UNC as well).

    Using form authentication i recieve UPN and password from user. Than
    inpersonate using API LogonUser and saves returned token in session vars.
    All operations with files performs after call to API function
    ImpersonateLoggedOnUser.
    The account user logs in has full access to files. So it operates
    (move/copy/delete) with files successfully, and reads DACL as well.

    BUT THE PROBLEMS begin when i try to set permissions to files (try to use
    WRITE_DAC access). I use ActiveDs ActiveX. Here are two situations.

    1) if user is owner of file he tries to set permissions on, permissions
    will set successfully. But this is not the case of real situation because
    a) owner of files is Administrators group, b) user have full access to his
    files, but belongs to Users group.

    2) if user is not an owner of files, the following error occures when call
    to SetSecurityDescriptor:
            System.Runtime.InteropServices.COMException: This security ID may not be
            assigned as the owner of this object.

    Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
    try to take same privilege to the process (after impersonation) gives error
    "Access is denied".

    Have someone suggestions how could i achieve the goal.

  • Next message: Dmitry Maslakov: "Re: Changing NTFS permissions in ASP.NET"

    Relevant Pages

    • Re: TMP%#MAU@ problem
      ... I have a FE/BE solution with Access 2002. ... set permissions on all objects, a tedious process, so I thought I would do it ... until I tried to relink to a different BE. ... I dumped all documents for 'Owner' ...
      (microsoft.public.access.security)
    • Re: Organizational Froms Library Permissions error, but I have permissions?
      ... we are in teh ESM and have created a library there and have ... set permissions to owner for our admin group but still can't publish ...
      (microsoft.public.outlook.program_forms)