permissions to call a webservice

[Trapulo]

Hello,
I need to run a net 2.0 program that permforms a call to a webservice and
writes a log. I also need to schedule this program using windows 2003 task
scheduler.

I noticed that I can run the program only if the user account that run the
batch is member of administrators group. If it's not an admin, I have a bad
error on event log and the call is not executed:

EventType clr20r3, P1 udvjfgaxswi4huv4rqoizfxgl4hi5bja, P2 1.0.2466.14440,
P3 4520bd3c, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 7fd, P8
37, P9 system.componentmodel.win32, P10 NIL.

What kind of permission I need to run the program without admin rights? On
the folder where there is the program and the log, the user has a full
rights, and it have also the "run as batch" rights on the system.

thanks

 

[Steven Cheng[MSFT]]

Hello Trapulo,

Nice to see you again. How are you doing?

From your description here, your .net 2.0 program will access a remote
webservice and write some logs. However, you found that it will always fail
when running under a non-administrator account, correct?

As for the .net application, it is hard to directly determine what exact
permission is necessary or on which resource the secruity issue occured.
Would you provide some detailed information on how does it access the
webservice and how does it write the log, is the log windows system log or
your custom log file? Currently, I suggest you try isolate the problem to
see whether the error is caused by the webservice call or the log writing.
Also, is the problem occuring if you do not use schedule task to run your
program(under the same non-admin user)? If you can also get this error
without running through schedule task, you can consider using live debugger
(like visual studio) to attache to the prgram process and get the line at
which the exception get thrown.

Please feel free to let me know if you have any other finding or questions.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Trapulo]

Hello Trapulo,

Nice to see you again. How are you doing?

Hello Steven
All right, thanks. I have always some trouble for you, but at least my works
go on every day a little

From your description here, your .net 2.0 program will access a remote
webservice and write some logs. However, you found that it will always
fail
when running under a non-administrator account, correct?
Yes.

As for the .net application, it is hard to directly determine what exact
permission is necessary or on which resource the secruity issue occured.
Would you provide some detailed information on how does it access the
webservice and how does it write the log, is the log windows system log or
your custom log file?

I can provide you the entire program, because it is really very simple:

Sub Main()
Try

Dim startupTimeStamp As DateTime = Now

My.Application.Log.WriteEntry(startupTimeStamp.ToString & "-Starting",
TraceEventType.Information)

Console.WriteLine("Starting...")

Dim service As New massSenderService.ScheduledCalls

Dim isProcessing As Boolean

Do

isProcessing = service.CheckDeliveryRequired()

My.Application.Log.WriteEntry(Now.ToString & "-IsProcessing=" &
isProcessing, TraceEventType.Information)

If isProcessing Then

Threading.Thread.Sleep(TimeSpan.FromSeconds(30))

Console.WriteLine("Server is processing... going to wait")

End If

Loop Until isProcessing = False OrElse
Now.Subtract(startupTimeStamp).TotalMinutes > 90

Console.WriteLine("Exiting")

My.Application.Log.WriteEntry(Now.ToString & "-Exiting with isprocessing=" &
isProcessing, TraceEventType.Information)

Catch ex As Exception

My.Application.Log.WriteEntry(Now.ToString & "-Unexpected error: " &
ex.Message, TraceEventType.Critical)

End Try

End Sub

Basically, it calls a webservice (massSenderService.ScheduledCall) and waits
for a signal from the service itself. It makes a call every 30 seconds until
remote service has finished, and writes some trace to my.application.log.
The listener is configured to write to a file.

<sharedListeners>

<add name="FileLog"

type="Microsoft.VisualBasic.Logging.FileLogTraceListener,
Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"

initializeData="FileLogWriter" location="ExecutableDirectory"
BaseFileName="TraceLog" LogFileCreationSchedule="Weekly"
MaxFileSize="1048576"/>

Currently, I suggest you try isolate the problem to
see whether the error is caused by the webservice call or the log writing.

I think it's not a NTFS permission, because the entire folder has write
permissions. Maybe the "my.application.log" implementation requires some
strange permission set?

Also, is the problem occuring if you do not use schedule task to run your
program(under the same non-admin user)?

mmm.. I may try this on some development envirnoment, because I've installed
the program on a remote (production) server, and I cannot access it only via
termina services, so I need to be an adminstrator.. I'll try.



thank you

 

[Steven Cheng[MSFT]]

Hello Trapulo,

Thanks for your reply.

From the code snippet you provided, the code logic of your console
application does be very straighforward. Just simply call a webservie and
wrtie some log into file. And for VB.NET application, the FileLogWriter is
automatically registered when you create app.config file. I've also
created a simple console application(I didn't call webservice) that use the
VB FileLogWriter to write log into file(use the setting you pasted). It
works well when using admin account. When I launch it under a normal user
account, it did report an error, and based on my exception trace, it is an
unauthorization exception indicating insufficient NTFS file access
permission, after I granted the normal user account write/modify permission
to the appliation's executable directory, all works well.

In addition, I've inspect the
"Microsoft.VisualBasic.Logging.FileLogTraceListener" class through
reflector, there is no particular permission requirement in it. Basically
it will demand two layer of security checking:

** the .NET CAS fileIOPermission demanding for the file we will create and
log data into

** the win32 NTFS permission to manipulate the file required for the
application's executing account.

For CAS permission, since your application is running from local disk, it
is in Local computer zone by default and will have FullTrust permission
set. As for NTFS permission, as you mentioned that the user has been
granted sufficient (have you tried FullControl ?).

Currently, I think it'll be helpful if we can get the full exception
message and callstack so as to know at what function call does the program
failed. One way is use debugger to attache the program process and step
through the code. Another way is adding a big Try...Catch.... block around
your Main function code e.g.

==================
Sub Main()

Try

''wrapper all the code in a sub/function
Run()

Catch ex As Exception

''''write it into a temp file and check the exception info

Console.WriteLine(ex.ToString())


End Try

End Sub
==============


Please feel free to let me know if you have any new finding or need any
assistance.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



This posting is provided "AS IS" with no warranties, and confers no rights.