Re: security - web service - vb.net - Help....

Hi Dominick,

Development box is XP sp1 + IIS 5.1
Production box is 2k3 standard server + IIS 6.0 (Domain Controller)

To explain more fully:

There are 2 projects - a web service and a vb.net dll.

The dll might also be used by a stand-alone vb .exe or asp.net pages.

It's main purpose in life is to automatically update Active Directory and
move user's home drive/files when our HR system (PHP, MySQL) is updated. I
am binding to AD using my account and the AD updates are working perfectly.
I can also bind to Win32_Share on remote servers and successfully
create/delete shares.

On the dev box I have experimented by calling the dll function from a win
form button_click event and the folder was copied successfully by the dll.

Are you saying that if the dll is instantiated by a web service then any new
process it creates will always be run by the ASPNET account?

Thanks again,
Arth.

"Dominick Baier [DevelopMentor]" wrote:

> Hello arth,
>
> when you start a new process the impersonation token is not used but the
> token the process runs under. So impersonation buys you nothing here. What
> IIS version are you using 5 or 6 ?? domain or stand alone?
>
> There is also a API called CreateProcessWithLogonW that can start new process
> using some supplied credentials - but then you have store that password somehow.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Hi,
> >
> > I have set up a web service which instantiates a class in a vb.net
> > dll.
> >
> > One of the things the class is required to do is copy a network
> > folder. The destination might be the same or a different server.
> >
> > I have tried using Shell(<command string> etc) and
> > System.Diagnostics.Process.Start(<command string>) to run the command
> > to accomplish this. Both ways do not error but no folder/files get
> > copied.
> >
> > If I type the command in a command window it executes successfully -
> > folder created and files copied. An example of the command I am using
> > is:
> >
> > "xcopy \\servername1\share$\foldername1\foldername2\thisfolder
> > \\server2\share2$\foldername3\foldername4\thisfolder /E /K /R /O /H /I
> > /Y"
> >
> > The .asmx page is set for anonymous access and to use the same account
> > that I am logged on as when the command works from a command window.
> > Web.config is also set up with <Identity impersonate=true />. The
> > identity used is a Domain Admin.
> >
> > If I change the "xcopy" to, for example, "xxcopy" I get the expected
> > "File not found" error so I guess Shell() and process.start() are at
> > least having a go.
> >
> > Anyone able to point me in a direction to solve this?
> >
> > Thanks for your time if you think about it and apologies if posted in
> > wrong group(s).
> >
> > Arth.
> >
>
>
>
.