Re: security - web service - vb.net - Help....
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 06 Dec 2005 09:13:14 -0800
Hello arth,
Are you saying that if the dll is instantiated by a web service then any new process it creates will always be run by the ASPNET account?
NETWORK SERVICE in your case - yes.
you can start a process using different credentials - but then you need to have the password...
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com
Hi Dominick,
Development box is XP sp1 + IIS 5.1 Production box is 2k3 standard server + IIS 6.0 (Domain Controller) To explain more fully:
There are 2 projects - a web service and a vb.net dll.
The dll might also be used by a stand-alone vb .exe or asp.net pages.
It's main purpose in life is to automatically update Active Directory and move user's home drive/files when our HR system (PHP, MySQL) is updated. I am binding to AD using my account and the AD updates are working perfectly. I can also bind to Win32_Share on remote servers and successfully create/delete shares.
On the dev box I have experimented by calling the dll function from a win form button_click event and the folder was copied successfully by the dll.
Thanks again, Arth. "Dominick Baier [DevelopMentor]" wrote:
Hello arth,
when you start a new process the impersonation token is not used but the token the process runs under. So impersonation buys you nothing here. What IIS version are you using 5 or 6 ?? domain or stand alone?
There is also a API called CreateProcessWithLogonW that can start new process using some supplied credentials - but then you have store that password somehow.
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.comHi,
I have set up a web service which instantiates a class in a vb.net dll.
One of the things the class is required to do is copy a network folder. The destination might be the same or a different server.
I have tried using Shell(<command string> etc) and System.Diagnostics.Process.Start(<command string>) to run the command to accomplish this. Both ways do not error but no folder/files get copied.
If I type the command in a command window it executes successfully - folder created and files copied. An example of the command I am using is:
"xcopy \\servername1\share$\foldername1\foldername2\thisfolder \\server2\share2$\foldername3\foldername4\thisfolder /E /K /R /O /H /I /Y"
The .asmx page is set for anonymous access and to use the same account that I am logged on as when the command works from a command window. Web.config is also set up with <Identity impersonate=true />. The identity used is a Domain Admin.
If I change the "xcopy" to, for example, "xxcopy" I get the expected "File not found" error so I guess Shell() and process.start() are at least having a go.
Anyone able to point me in a direction to solve this?
Thanks for your time if you think about it and apologies if posted in wrong group(s).
Arth.
.
- References:
- Prev by Date: Re: security - web service - vb.net - Help....
- Next by Date: Re: recording MSN conversations
- Previous by thread: Re: security - web service - vb.net - Help....
- Next by thread: Re: security - web service - vb.net - Help....
- Index(es):
Relevant Pages
|
