Run COM+ app from asp.net

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi all,

I hope this is the correct group to post this to. If not, I apologize. I
have an asp.net (c#) project that needs to talk to a COM object. the COM
object is actually an .exe that requires elevated permissions to execute.

I have tried to set the ASPNET account permissions for the .exe via
dcomcnfg, but that doesn't work. I would guess that the program itself must
be run from an account with higher permission than the ASPNET process.

So my question is, how can I run just the piece of c# code that interacts
with the COM object as a privileged user. I'd like to maintain my forms
authentication with my web app, if possible.

Thanks for any guidance with this

Jim
 
Awesome... worked like a charm. For anyone reading this, this is what fixed
it:

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;

[DllImport("advapi32.dll", SetLastError=true)]
public static extern int LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError=true)]
public static extern int ImpersonateLoggedOnUser(
IntPtr hToken
);

[DllImport("advapi32.dll", SetLastError=true)]
static extern int RevertToSelf();

[DllImport("kernel32.dll", SetLastError=true)]
static extern int CloseHandle(IntPtr hObject);

private void TestButton_Click(object sender, EventArgs e)
{
IntPtr lnToken;
int TResult = LogonUser(Username,".",Password,
LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT, out lnToken);
if ( TResult > 0 )
{
ImpersonateLoggedOnUser(lnToken);

// TODO: Make call to COM object

RevertToSelf();

CloseHandle(lnToken);
}

}
 
James,

Are you actually running this in COM+? If so, the COM+ component should
really be running with the appropriate user account, and you should modify
the roles that can access the component to include the ASPNET user, or
another low-privledge user (I don't know if local users can be added to
Roles in COM+).

It would make all of this a lot easier.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

James Geurts said:
Awesome... worked like a charm. For anyone reading this, this is what
fixed
it:

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;

[DllImport("advapi32.dll", SetLastError=true)]
public static extern int LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError=true)]
public static extern int ImpersonateLoggedOnUser(
IntPtr hToken
);

[DllImport("advapi32.dll", SetLastError=true)]
static extern int RevertToSelf();

[DllImport("kernel32.dll", SetLastError=true)]
static extern int CloseHandle(IntPtr hObject);

private void TestButton_Click(object sender, EventArgs e)
{
IntPtr lnToken;
int TResult = LogonUser(Username,".",Password,
LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT, out lnToken);
if ( TResult > 0 )
{
ImpersonateLoggedOnUser(lnToken);

// TODO: Make call to COM object

RevertToSelf();

CloseHandle(lnToken);
}

}


James Geurts said:
Thanks Mark... I'll give it a shot and let you know if I run into
problems
Click to expand...
Click to expand...
 
Hi Nicholas,

I have to admit that my knowledge of the differences between COM+ and COM is
pretty poor. As I understand it, the 3rd party exe that I'm trying to use is
a COM+ app. I tried to do as you mentioned via the dcomcnfg tool, but that
didn't work it because I'm thinking that the program requires an account with
more privledges.

In any case, using temporary impersonation worked for me.


Nicholas Paldino said:
James,

Are you actually running this in COM+? If so, the COM+ component should
really be running with the appropriate user account, and you should modify
the roles that can access the component to include the ASPNET user, or
another low-privledge user (I don't know if local users can be added to
Roles in COM+).

It would make all of this a lot easier.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

James Geurts said:
Awesome... worked like a charm. For anyone reading this, this is what
fixed
it:

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;

[DllImport("advapi32.dll", SetLastError=true)]
public static extern int LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError=true)]
public static extern int ImpersonateLoggedOnUser(
IntPtr hToken
);

[DllImport("advapi32.dll", SetLastError=true)]
static extern int RevertToSelf();

[DllImport("kernel32.dll", SetLastError=true)]
static extern int CloseHandle(IntPtr hObject);

private void TestButton_Click(object sender, EventArgs e)
{
IntPtr lnToken;
int TResult = LogonUser(Username,".",Password,
LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT, out lnToken);
if ( TResult > 0 )
{
ImpersonateLoggedOnUser(lnToken);

// TODO: Make call to COM object

RevertToSelf();

CloseHandle(lnToken);
}

}


James Geurts said:
Thanks Mark... I'll give it a shot and let you know if I run into
problems

:


So my question is, how can I run just the piece of c# code that
interacts
with the COM object as a privileged user. I'd like to maintain my
forms
authentication with my web app, if possible.

http://west-wind.com/weblog/posts/1572.aspx
Click to expand...
Click to expand...
Click to expand...
 
Awesome... worked like a charm.
Click to expand...

Yes, it's an awesome article - I've used it many times and never had a
problem with it.

I have an encryption class that I use to encrypt / decrypt the userid and
password for added security. Alternatively, you could store them in a secure
database.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Retrieving the COM class factory for remote component with CLSID {...} from machine ... failed due t 1
Using COM objects in .NET 2
How to share com component between C# and VBA 2
from asp.net to COM object 1
COM Interop issues from within VS.NET 9
Calling C# .net 1.1 com object from C++, MFC app 1
ASP to ASP.NET Error 80070005 (JScript.NET) 1
Creating COM object written in C# 5

Back
Top