Authorization/Profile App Block, AzMan and fixed identity account

From: Phil Knight (PhilKnight_at_discussions.microsoft.com)
Date: 10/18/04


Date: Mon, 18 Oct 2004 03:25:30 -0700

I have a problem using the Authorization and Profile Application Block in
conjunction with the AzMan provider and an xml based store. While everything
works fine when the application is running as ASPNET, I need to run the
application under a fixed identity using
<identity impersonate="true" userName= ... />
If the fixed identity account is given administrator rights (which we
obviously don't want!), again everything works fine. However, as soon as I
revert to an account with (I hope) the same permissions and privileges as
ASPNET, the following code in the authorization block:

AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
...
store.Initialize(0, azManStore, null);

throws a
System.ArgumentException: The parameter is incorrect.

A trace using Filemon seems to suggest the account is missing some required
privilege
10:23:43 aspnet_wp.exe:2068 OPEN D:\AuthManagers\ProjectManagement.xml *
0xC0000061 Options: Open Access: 01000000

But I have no idea what that privilege is or how I can go about pinning it
down. The account definitely has access to the xml file and, as far as I can
see, the same permissions and privileges as the ASPNET account .

Can anyone shed any light?

Phil



Relevant Pages

  • Re: XML in Relational Database
    ... is the standard practice to just store the XML along with the DB record as a BLOB? ... I am concerned about having to constantly modify the database schema in the backend due to unforseen stuff that I have to account for in the front end. ...
    (comp.text.xml)
  • Re: Stop running a script ?
    ... What's so hard about editing the shortcut you created from the file? ... Something else to consider is under what account you login when you go ... user account which reduces privileges available to all programs ... This means your web browser is less ...
    (alt.os.windows-xp)
  • Re: How good is Comodo Internet Security?
    ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... limited and you get more protection. ... They don't want to use a limited Windows account. ...
    (comp.security.firewalls)
  • RE: ESM will not purge orphan account from old server
    ... I was unable to delete the store. ... Group, highlight the mailbox Store, and open its Properties. ... I removed the account, forced a replication and was then able to remove the ... I can reconnect it to a test user account. ...
    (microsoft.public.exchange.admin)
  • Re: Restoring Database Using Recovery Storage Group
    ... Adding the server account resolved my issue. ... I believe its the account from an old store that was removed ... when I attempt to mount new logs are created. ... I'm having a hell of a time getting a restored database to mount. ...
    (microsoft.public.exchange.admin)