Re: What would prevent an ISAPI extension from opening a socket on IIS 6?
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/06/04
- Next message: David Wang [Msft]: "Re: IIS 6.0 NT Authorization problem, slow response"
- Previous message: David Wang [Msft]: "Re: IIS 5.0 not accepting multipart/form-data"
- In reply to: David Cordes: "What would prevent an ISAPI extension from opening a socket on IIS 6?"
- Next in thread: David Cordes: "Re: What would prevent an ISAPI extension from opening a socket on IIS 6?"
- Reply: David Cordes: "Re: What would prevent an ISAPI extension from opening a socket on IIS 6?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Nov 2004 22:46:44 -0800
Are you talking about an ISAPI Extension or an ISAPI Filter?
ISAPI Filter on IIS6 would be running as process identity, which is either
LocalSystem in IIS5 Compatibility Mode or the AppPool Identity in IIS6
Worker Process Isolation Mode.
ISAPI Extension would be the impersonated identity, which is either the
configured anonymous user if anonymous authentication, or likely to be the
logged in browser user for any other authentication type.
I'm not certain if Windows Server 2003 has decided to deny certain user
identities access to Networking. Are you saying that the Winsock call works
on your Windows Server 2003 but not your customer's?
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "David Cordes" <David_Cordes@hotmail.com> wrote in message news:c462028e.0411051531.5f7064a@posting.google.com... Problem =-=-=-=- I am working with a customer who has installed IIS 6. They have installed two different products that communicate with other servers through ISAPI Filters. In both products the ISAPI filters work correctly until they try to obtain a socket. Both of these programs are trying to communicate to different server process on the same machine with 127.0.0.1 as the address. Both server processes show every indication of working. I suspect there is an IIS or Windows Server 2003 setting I am missing. Technical Details =-=--==-=--=-==-=- One of the products is Open Source so I was able to determine the exact line that gets called: socket(AF_INET, SOCK_STREAM, 0); The WinSock2 API using WSAGetLastError() indicates that permission is denied. The customer can use other programs (such as telnet) to obtain a socket, open a connection to the local server process. The problem appears only to occur when running within IIS 6 with the IUSR account. Already Checked: =-=-=-=-=-=-=-=- - TCP/IP Filterting on the adaptor turned off. - Local security policy has not applied any of the ip policies and all network access user settings are identical to those on my Windows Server 2003 machine. - Customer indicates that no firewalls are running on this machine and since I am connecting via 127.0.0.1 an external firewall should not have any bearing here I would expect. I also do not suspect a firewall, firewalls usually block communications but do not prevent a socket from even being obtained from the OS. Any suggestions are appreciated. Thank you.
- Next message: David Wang [Msft]: "Re: IIS 6.0 NT Authorization problem, slow response"
- Previous message: David Wang [Msft]: "Re: IIS 5.0 not accepting multipart/form-data"
- In reply to: David Cordes: "What would prevent an ISAPI extension from opening a socket on IIS 6?"
- Next in thread: David Cordes: "Re: What would prevent an ISAPI extension from opening a socket on IIS 6?"
- Reply: David Cordes: "Re: What would prevent an ISAPI extension from opening a socket on IIS 6?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
