Authorization/Profile App Block, AzMan and fixed identity account

From: Phil Knight (PhilKnight_at_discussions.microsoft.com)
Date: 10/18/04

• Next message: Lorenzini Fabien: "crypto security setting problem"
• Previous message: Morten Lyhr: "Re: Href/Exe and Async SWE 2.0SP1 CAS Security error"
• Next in thread: Phil Knight: "RE: Authorization/Profile App Block, AzMan and fixed identity account"
• Reply: Phil Knight: "RE: Authorization/Profile App Block, AzMan and fixed identity account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 18 Oct 2004 03:25:30 -0700

I have a problem using the Authorization and Profile Application Block in
conjunction with the AzMan provider and an xml based store. While everything
works fine when the application is running as ASPNET, I need to run the
application under a fixed identity using
<identity impersonate="true" userName= ... />
If the fixed identity account is given administrator rights (which we
obviously don't want!), again everything works fine. However, as soon as I
revert to an account with (I hope) the same permissions and privileges as
ASPNET, the following code in the authorization block:

AzAuthorizationStoreClass store = new AzAuthorizationStoreClass();
...
store.Initialize(0, azManStore, null);

throws a
System.ArgumentException: The parameter is incorrect.

A trace using Filemon seems to suggest the account is missing some required
privilege
10:23:43 aspnet_wp.exe:2068 OPEN D:\AuthManagers\ProjectManagement.xml *
0xC0000061 Options: Open Access: 01000000

But I have no idea what that privilege is or how I can go about pinning it
down. The account definitely has access to the xml file and, as far as I can
see, the same permissions and privileges as the ASPNET account .

Can anyone shed any light?

Phil

---

• Next message: Lorenzini Fabien: "crypto security setting problem"
• Previous message: Morten Lyhr: "Re: Href/Exe and Async SWE 2.0SP1 CAS Security error"
• Next in thread: Phil Knight: "RE: Authorization/Profile App Block, AzMan and fixed identity account"
• Reply: Phil Knight: "RE: Authorization/Profile App Block, AzMan and fixed identity account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: XML in Relational Database ... is the standard practice to just store the XML along with the DB record as a BLOB? ... I am concerned about having to constantly modify the database schema in the backend due to unforseen stuff that I have to account for in the front end. ... (comp.text.xml) Re: How good is Comodo Internet Security? ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... limited and you get more protection. ... They don't want to use a limited Windows account. ... (comp.security.firewalls) RE: ESM will not purge orphan account from old server ... I was unable to delete the store. ... Group, highlight the mailbox Store, and open its Properties. ... I removed the account, forced a replication and was then able to remove the ... I can reconnect it to a test user account. ... (microsoft.public.exchange.admin) Re: Restoring Database Using Recovery Storage Group ... Adding the server account resolved my issue. ... I believe its the account from an old store that was removed ... when I attempt to mount new logs are created. ... I'm having a hell of a time getting a restored database to mount. ... (microsoft.public.exchange.admin) Re: How good is Comodo Internet Security? ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... use them to start the web browser, that instance of the web browser is ... limited and you get more protection. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-10