Re: VB.NET (2.0) impersonate not working
- From: David Wang <w3.4you@xxxxxxxxx>
- Date: 18 May 2007 03:49:24 -0700
On May 17, 1:33 pm, NathanC <Nath...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have a web project that is running this code: (generalized for security)
refWMIService = GetObject("winmgmts:\\computer_name")
colcomputers = refWMIService.ExecQuery("Select * From
Win32_OperatingSystem")
For Each refComputer In colcomputers
If refComputer.reboot() = 0 Then
Response.Write("reboot")
Else
Response.Write("nope")
End If
This is WMI functionality and on the remote computer - the ASPNET account
obviously does not have permission to do this - and I can see Failed Audit
events in the computer security log. So, I have added this bit of code to the
web.config file for the project:
<identity impersonate="true" userName="subdomain.domain.com\username"
password="password" />
When I rebuild the project and even restart IIS - the call is still hitting
the remote computer as ASPNET account - although my understanding is that
because of the impersonate web.config tag - it should send using the higher
access credentials.
Any thoughts? Thanks,
I do not believe WMI security model works that way.
Just because you tell ASP.Net to impersonate a user identity to
execute WMI code, it does not mean that WMI flows the thread-
impersonated user identity across to the other machine. I believe with
WMI you have to give the username/password in code to the WMI
connection itself.
See how to do this with with the IIS6 Administration scripts like
iisback.vbs which shows how to make remote WMI calls using a specified
user credential.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
.
- Prev by Date: Re: Many Connections from each Web Client
- Next by Date: Re: IIS 6.0 Windows Authentication 401 Every Request
- Previous by thread: Re: IIS 6.0 Windows Authentication 401 Every Request
- Next by thread: HELP NEEDED - Multiple SSL sites each on its own IP not working in IIS 6.0
- Index(es):
Relevant Pages
|
