Re: Impersonation with EventLog access Help!
From: Paul Glavich [MVP - ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 03/25/04
- Next message: Lee Gillie: "Spawning console EXE from Windows Service"
- Previous message: Dimitris Papadimitriou: "Re: signing small pieces of data"
- In reply to: Craig: "Impersonation with EventLog access Help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Mar 2004 22:04:16 +1100
I beleive this is the double hop scenario and is normal behaviour. You have
an ASP.NET app that is impersonating a user (in this case you). You then
want ASP.NET/this machine to flow those impersonated credentials to another
machine to use for authentication, to access another service. This is called
delegation and is only possible using Kerberos (ie. Win2000 or greater) and
enabling delegation for that account (in this case yours). Win2003 has a
feature called constrained delegation which is basically the same, but
offers finer grained access for delegation purposes.
- Paul Glavich
"Craig" <anonymous@discussions.microsoft.com> wrote in message
news:164C8645-6924-41B2-96AB-D0B250AAE579@microsoft.com...
> I've seen this same question in several forms but it never really seems to
get answered based on my research. Maybe I'm just missing it.
>
> I am trying to do a simple webpage that will read the EventLog from a
remote server. I have impersonation on, Windows Authentication on, IIS is
set to Integrated Windows Authentication only, etc. From my machine, I can
access the remote eventlog through Event Viewer fine and I can also get the
eventlog data through my new web page on the local server fine. From my 2nd
machine, which is logged in with the exact same credentials, if I hit the
same web page on my other machine then I get an error: "Access to the
registry key is denied."
>
> StackTrace " at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode,
String str)
> at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey,
String machineName)
> at System.Diagnostics.EventLog.Exists(String logName, String
machineName)
> at System.Diagnostics.EventLog.OpenForRead()
> at System.Diagnostics.EventLog.get_EntryCount()
> at System.Diagnostics.EventLogEntryCollection.get_Count()
> at ReadEvents.WebForm1.GetEventData(String strServer, DateTime
startdate) in D:\MyProjects\TDWeb\ReadEvents\ReadEvents.aspx.vb:line 94"
String
>
> I have rights to read the Event Log obviously, but I'm not an
administrator. I don't know what registry key it's trying to access, but I
don't understand what is going on here. It's the exact same credentials just
from a different machine. When I check the CurrentUser, it shows my domain
and user name correctly.
>
> Any help would be great. Thanks in advance.
>
- Next message: Lee Gillie: "Spawning console EXE from Windows Service"
- Previous message: Dimitris Papadimitriou: "Re: signing small pieces of data"
- In reply to: Craig: "Impersonation with EventLog access Help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
