Impersonation woes

  • Thread starter Thread starter Alvin Bruney [MVP]
  • Start date Start date
A

Alvin Bruney [MVP]

From a webpage, I am calling a com object which needs to read a file. It
keeps throwing access denied errors. I am stumped. I think I have tried
everything I know what to do. The webpage can read the file. Just fine. The
com object can't.

Create user group.
Impersonate user.
User has full rights to directory
added everyone - full rights. no joy
added admin - full rights no joy
message box tells me that the page is executing under that user. no joy
full rights to every user group i can find on the system. no joy
ditch impersonation, admin rights to everybody. no joy
message box tells me that the page is executing under network services
give network services full rights. no joy
share folder no joy
create web sharing apply permissions no joy
the com object can read the system and event logs without problem
the com object can read the log file if fired from a dos prompt on the
server

why me lowd. why me?????
 
Alvin,

have you tried upping your asp rights in machine config.

Try setting the process model username to system
userName="SYSTEM"

Sounds to me like your com object is expecting to find a window of some type
to enable it to run, and cant find a window. Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net rather
than trying to invoke com from within asp.net

Regards

John Timney
Microsoft Regional Director
Microsoft MVP
 
have you tried upping your asp rights in machine config.
Yes. No joy.

Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net
Click to expand...
This also fails with an access denied.

Microsoft also doesn't support the com object (logparser) so i won't even be
able to open a support ticket.

This is the call that blows:

MSUtil.LogQueryClassClass log = new LogQueryClassClass();
MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from
C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by
cs-uri-stem", null);

The com object is logparser available with win2k and up or at logparser.com.
This call will work without a problem on my machine. But not on the server.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
John Timney (Microsoft MVP) said:
Alvin,

have you tried upping your asp rights in machine config.

Try setting the process model username to system
userName="SYSTEM"

Sounds to me like your com object is expecting to find a window of some
type
to enable it to run, and cant find a window. Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

Alvin Bruney said:
From a webpage, I am calling a com object which needs to read a file. It
keeps throwing access denied errors. I am stumped. I think I have tried
everything I know what to do. The webpage can read the file. Just fine. The
com object can't.

Create user group.
Impersonate user.
User has full rights to directory
added everyone - full rights. no joy
added admin - full rights no joy
message box tells me that the page is executing under that user. no joy
full rights to every user group i can find on the system. no joy
ditch impersonation, admin rights to everybody. no joy
message box tells me that the page is executing under network services
give network services full rights. no joy
share folder no joy
create web sharing apply permissions no joy
the com object can read the system and event logs without problem
the com object can read the log file if fired from a dos prompt on the
server

why me lowd. why me?????

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
Click to expand...
Click to expand...
 
Sounds like your stuck.

I've worked round this type of impossible thing to do in web srever world
before by having a socket listener running on the desktop and actually
invoking windowed type things via that - implies you have a logged in user
on your server which is kind of hacky but it requires no permissions or
impersonation and bypasses the web restrictions.

You might be able to find out who write it at MS if you drop a line into the
pivate groups.

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

Alvin Bruney said:
have you tried upping your asp rights in machine config.
Click to expand...
Yes. No joy.

Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net
Click to expand...
This also fails with an access denied.

Microsoft also doesn't support the com object (logparser) so i won't even be
able to open a support ticket.

This is the call that blows:

MSUtil.LogQueryClassClass log = new LogQueryClassClass();
MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from
C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by
cs-uri-stem", null);

The com object is logparser available with win2k and up or at logparser.com.
This call will work without a problem on my machine. But not on the server.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
John Timney (Microsoft MVP) said:
Alvin,

have you tried upping your asp rights in machine config.

Try setting the process model username to system
userName="SYSTEM"

Sounds to me like your com object is expecting to find a window of some
type
to enable it to run, and cant find a window. Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

Alvin Bruney said:
From a webpage, I am calling a com object which needs to read a file. It
keeps throwing access denied errors. I am stumped. I think I have tried
everything I know what to do. The webpage can read the file. Just fine. The
com object can't.

Create user group.
Impersonate user.
User has full rights to directory
added everyone - full rights. no joy
added admin - full rights no joy
message box tells me that the page is executing under that user. no joy
full rights to every user group i can find on the system. no joy
ditch impersonation, admin rights to everybody. no joy
message box tells me that the page is executing under network services
give network services full rights. no joy
share folder no joy
create web sharing apply permissions no joy
the com object can read the system and event logs without problem
the com object can read the log file if fired from a dos prompt on the
server

why me lowd. why me?????

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
Click to expand...
Click to expand...
Click to expand...
 
John,
look at my eyes. can you tell i have been up all night?

your socket idea gave me a clue so i impersonated to an authenticated user
on the machine and boom. candy....

Apparently, asp.net only allows authenticated users to do that kind of
thing - makes sense too.

thanks for everything

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
John Timney (Microsoft MVP) said:
Sounds like your stuck.

I've worked round this type of impossible thing to do in web srever world
before by having a socket listener running on the desktop and actually
invoking windowed type things via that - implies you have a logged in user
on your server which is kind of hacky but it requires no permissions or
impersonation and bypasses the web restrictions.

You might be able to find out who write it at MS if you drop a line into
the
pivate groups.

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

Alvin Bruney said:
have you tried upping your asp rights in machine config.
Click to expand...
Yes. No joy.

Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net
Click to expand...
This also fails with an access denied.

Microsoft also doesn't support the com object (logparser) so i won't even be
able to open a support ticket.

This is the call that blows:

MSUtil.LogQueryClassClass log = new LogQueryClassClass();
MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from
C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by
cs-uri-stem", null);

The com object is logparser available with win2k and up or at logparser.com.
This call will work without a problem on my machine. But not on the server.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
John Timney (Microsoft MVP) said:
Alvin,

have you tried upping your asp rights in machine config.

Try setting the process model username to system
userName="SYSTEM"

Sounds to me like your com object is expecting to find a window of some
type
to enable it to run, and cant find a window. Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

"Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message
From a webpage, I am calling a com object which needs to read a file. It
keeps throwing access denied errors. I am stumped. I think I have
tried
everything I know what to do. The webpage can read the file. Just
fine.
The
com object can't.

Create user group.
Impersonate user.
User has full rights to directory
added everyone - full rights. no joy
added admin - full rights no joy
message box tells me that the page is executing under that user. no
joy
full rights to every user group i can find on the system. no joy
ditch impersonation, admin rights to everybody. no joy
message box tells me that the page is executing under network services
give network services full rights. no joy
share folder no joy
create web sharing apply permissions no joy
the com object can read the system and event logs without problem
the com object can read the log file if fired from a dos prompt on the
server

why me lowd. why me?????

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
Click to expand...
Click to expand...
Click to expand...
 
A result ............... hooray!!!

--
Regards

John Timney
Microsoft Regional Director
Microsoft MVP


Alvin Bruney said:
John,
look at my eyes. can you tell i have been up all night?

your socket idea gave me a clue so i impersonated to an authenticated user
on the machine and boom. candy....

Apparently, asp.net only allows authenticated users to do that kind of
thing - makes sense too.

thanks for everything

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
John Timney (Microsoft MVP) said:
Sounds like your stuck.

I've worked round this type of impossible thing to do in web srever world
before by having a socket listener running on the desktop and actually
invoking windowed type things via that - implies you have a logged in user
on your server which is kind of hacky but it requires no permissions or
impersonation and bypasses the web restrictions.

You might be able to find out who write it at MS if you drop a line into
the
pivate groups.

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

Alvin Bruney said:
have you tried upping your asp rights in machine config.
Yes. No joy.

Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net
This also fails with an access denied.

Microsoft also doesn't support the com object (logparser) so i won't
Click to expand...
even
be
able to open a support ticket.

This is the call that blows:

MSUtil.LogQueryClassClass log = new LogQueryClassClass();
MSUtil.ILogRecordset records = log.Execute(@"select cs-uri-stem from
C:\WINDOWS\system32\LogFiles\W3SVC230775414\ex030515.log group by
cs-uri-stem", null);

The com object is logparser available with win2k and up or at logparser.com.
This call will work without a problem on my machine. But not on the server.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
Alvin,

have you tried upping your asp rights in machine config.

Try setting the process model username to system
userName="SYSTEM"

Sounds to me like your com object is expecting to find a window of some
type
to enable it to run, and cant find a window. Out of curiosity - I wonder
what would happen if you use process.start cmd/com thing from asp.net
rather
than trying to invoke com from within asp.net

Regards

John Timney
Microsoft Regional Director
Microsoft MVP

"Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message
From a webpage, I am calling a com object which needs to read a
Click to expand...
file.
It
keeps throwing access denied errors. I am stumped. I think I have
tried
everything I know what to do. The webpage can read the file. Just
fine.
The
com object can't.

Create user group.
Impersonate user.
User has full rights to directory
added everyone - full rights. no joy
added admin - full rights no joy
message box tells me that the page is executing under that user. no
joy
full rights to every user group i can find on the system. no joy
ditch impersonation, admin rights to everybody. no joy
message box tells me that the page is executing under network services
give network services full rights. no joy
share folder no joy
create web sharing apply permissions no joy
the com object can read the system and event logs without problem
the com object can read the log file if fired from a dos prompt on the
server

why me lowd. why me?????

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
Click to expand...
Click to expand...
Click to expand...
 
Back
Top