B
Ben Dewey
Project:
----------------------------
I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"
Problem:
----------------------------
When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.
Which means - 1307 This security ID may not be assigned as the owner
of this object. (http://www.hiteksoftware.com/mize/Knowledge/articles/049.htm).
Can anyone tell me why this is happening? Willy?
Environment:
----------------------------
I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.
I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control
Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.
public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{
byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path='c:\\test'") );
ManagementBaseObject outParams;
outParams = LogicalFileSecuritySetting.InvokeMethod("GetSecurityDescriptor",
null, null);
ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );
ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;
ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams = LogicalFileSecuritySetting.GetMethodParameters("SetSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
outParams = LogicalFileSecuritySetting.InvokeMethod("SetSecurityDescriptor",
inParams, null);
// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);
LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}
Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
----------------------------
I am creating a HTTPS File Transfer App using ASP.NET and C#. I am
utilizing ActiveDirectory and windows security to manage the
permissions. Why reinvent the wheel, right? Everything so far is
working well with the Active Directory. The problem I am having is
with adding File Permissions to a directory. I am currently using
some code courtesy of "Willy Denoyette [MVP]"
Problem:
----------------------------
When I try to add user permissions to a specific folder using the same
code in a sample console app it works correctly. When I execute the
code from ASP.NET I get a return code of 1307, everytime.
Which means - 1307 This security ID may not be assigned as the owner
of this object. (http://www.hiteksoftware.com/mize/Knowledge/articles/049.htm).
Can anyone tell me why this is happening? Willy?
Environment:
----------------------------
I am developing with Framework 1.1 and Windows XP. The users are
coming from AD on a Windows 2003 Server.
I have given ASPNET object full access to the folder C:\test. I have
also give ASPNET object full access to Root/CIMV2 in
CompMgmt.msc/Services and Apps/WMI Control
Code:
----------------------------
The DsSettings Object is just a simple class tht contains the Login
and Path information for LDAP.
public bool GrantPermission(string username, string domain, DsSettings
settings)
{
try
{
byte[] bSid = (byte[])DsWrapper.GetUser(username,
settings).DsEntry.Properties["objectSID"].Value;
ManagementObject LogicalFileSecuritySetting = new
ManagementObject( new ManagementPath(
@"ROOT\CIMV2:Win32_LogicalFileSecuritySetting.Path='c:\\test'") );
ManagementBaseObject outParams;
outParams = LogicalFileSecuritySetting.InvokeMethod("GetSecurityDescriptor",
null, null);
ManagementBaseObject Descriptor =
((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DACLObject = ( ( ManagementBaseObject[] )(
Descriptor.Properties["DACL"].Value ) );
ManagementObject newTrusteeUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Trustee" ) ).CreateInstance();
newTrusteeUser["Domain"] = domain;
newTrusteeUser["Name"] = username;
newTrusteeUser["SID"] = bSid;
ManagementObject newACEUser = ( new ManagementClass(
@"ROOT\CIMV2:Win32_Ace" ) ).CreateInstance();
newACEUser["Trustee"] = newTrusteeUser;
newACEUser["AceFlags"] = 3;
newACEUser["AceType"] = 0;
newACEUser["AccessMask"] = 2032127;// Full Access Mask
ManagementBaseObject[] DACLObjectNew = new ManagementBaseObject[]
{newACEUser};
Descriptor.Properties["DACL"].Value = DACLObjectNew;
ManagementBaseObject inParams = null;
inParams = LogicalFileSecuritySetting.GetMethodParameters("SetSecurityDescriptor");
inParams["Descriptor"] = Descriptor;
outParams = LogicalFileSecuritySetting.InvokeMethod("SetSecurityDescriptor",
inParams, null);
// This line is where I get a result back of 1307 in ASP.NET
uint result= (uint)(outParams.Properties["ReturnValue"].Value);
LogicalFileSecuritySetting.Dispose();
return true;
}
catch(Exception exp)
{
throw exp;
}
}
Logs:
----------------------------
C:\WINDOWS\system32\WBEM\Logs\Framework.log
----------------------------
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:06.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:06.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.968 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:07.984 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:07.984 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.000 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.093 thread:1916 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.203 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.218 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.218 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]
Shell Name Explorer.exe in Registry not found in process
list. 05/06/2004 09:39:08.312 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.163]
Unable to locate Shell Process, Impersonation failed. 05/06/2004
09:39:08.312 thread:2540 [d:\xpsp1\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.179]