Re: Problems with authenticated users accessing asp's

From: Gavin (gavin_at_dont.spam.me.com)
Date: 05/25/05

• Next message: Duane Laflotte: "Re: Problems with authenticated users accessing asp's"
• Previous message: Kyle Peterson: "Re: Problems with authenticated users accessing asp's"
• In reply to: Duane Laflotte: "Re: Problems with authenticated users accessing asp's"
• Next in thread: Joe Iano: "Re: Problems with authenticated users accessing asp's"
• Reply: Joe Iano: "Re: Problems with authenticated users accessing asp's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 25 May 2005 13:02:06 -0700

As far as I can tell, I don’t have a web.config, so I would guess I don’t
have impersonation turned on.

As a test, I’ve granted write access on the file and directory to
‘telem\domain users’ and it all springs to life, so it would seem as if the
write is being executed as the authenticated user. The simplest solution
seems to be to move the log file to a directory where I don’t mind granting
write access. Is this the best solution? Any risks?

Regards
Gavin

"Duane Laflotte" wrote:

> Good question. So unless impersonation is turned on in the web.config
> then if you are doing any external IO from .Net (read/write files etc) as
> the ASPNET user (or more accurately as the user that is running the ASPNET
> worker process). So even if the site is NT auth and the user logs in, the
> actual file access for read and write is as the aspnet account.
> (Its always a neat demo to deny a user access to a file that is being read
> with the System.IO classes and then see that user log into the web
> application and still get access to that file proving this point.)
>
> However, there is a difference in the account that runs the processes
> between Windows 2003 and the rest of the .Net running OS's. 2003 actually
> uses a lower privilege no net access account where as windows 2000 would use
> the normal ASPNET account. So this may be where you are seeing the
> difference.
>
> Hope this Helps,
>
> --
> Duane Laflotte
> MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
> dlaflotte@criticalsites.com
> http://www.criticalsites.com/dlaflotte
>
> "Gavin" <gavin@dont.spam.me.com> wrote in message
> news:79605EC8-5B01-42BC-83FC-ECEB63CBCF48@microsoft.com...
> >
> > I have IIS serving static content and asp's from IIS6 on Win2003 Server.
> The
> > site uses Integrated Security with the server on a 2003 server domain.
> > Clients are on a different domain and enter login information in the
> browser
> > pop-up.
> > The behaviour I get is as follows ..
> >
> > - All domain users can access html files.
> > - A user I've added to the Administrators group on the web server can use
> > the site without trouble - all other users are given a 500 response to
> > attempts to access asp's and in the log file I get a permission denied
> error.
> >
> > 2005-05-25 09:56:56 W3SVC25858248 xxx.xxx.19.25 GET /Default.asp
> > |34|800a0046|Permission_denied 2002 telem\holland xxx.xxx.244.109 HTTP/1.1
> > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) xxx.xxx.19.25:2002
> > 500 0 0 409
> >
> > - If I drop the site back to anonymous login all works fine.
> >
> > There is obviously a simple setting I'm missing, and am hopping someone
> will
> > be able to point me at it.
> > I've tried adding 'telem\Domain Users' (where telem is the webserver's
> > domain)to a number of the local security settings (including 'Access this
> > computer from the network'). Is there a definitive list of which are
> required
> > - I've added 'telem\Domain Users' to all entries that have
> 'IUSR_servername'
> > and even 'IIS_WPG' out of desperation. Any other thoughts?
> >
> > Regards
> > Gavin
> >
>
>
>

---

• Next message: Duane Laflotte: "Re: Problems with authenticated users accessing asp's"
• Previous message: Kyle Peterson: "Re: Problems with authenticated users accessing asp's"
• In reply to: Duane Laflotte: "Re: Problems with authenticated users accessing asp's"
• Next in thread: Joe Iano: "Re: Problems with authenticated users accessing asp's"
• Reply: Joe Iano: "Re: Problems with authenticated users accessing asp's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Problems with authenticated users accessing asps ... Duane Laflotte ... "Gavin" wrote in message ... >> actual file access for read and write is as the aspnet account. ... >>> attempts to access asp's and in the log file I get a permission denied ... (microsoft.public.inetserver.iis.security) RE: Event ID:1041 - any ideas? ... Davidt ... > Please send me an event log file on the client computer with the issue. ... > Thanks & Regards, ... > Microsoft Online Partner Support ... (microsoft.public.windows.terminal_services) Re: 401 Access Denied while accessing WSE 3.0 WebService ... I granted Full Control to ASPNET account to both the folder and to ... Regards, ... "Pablo Cibraro" wrote: ... EventArgs e) ... (microsoft.public.dotnet.framework.webservices.enhancements) RE: Event ID:1041 - any ideas? ... Thanks & Regards, ... Microsoft Online Partner Support ... |> the original session. ... Right-click Application, select Save Log File As, name the txt file ... (microsoft.public.windows.terminal_services) Re: aspnet_wp.exe could not be started ... that the worker process restarts. ... >> virtual directory that the ASPNET account is listed. ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)