|
Home > Archive > IIS Server Security > April 2005 > ASP.NET making COM calls on IIS6
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ASP.NET making COM calls on IIS6
|
|
| Dave Williams 2005-04-06, 7:53 am |
| Hi all, I've seen a few instances of issues like the following in this group
and tried numerous suggested fixes, but can't seem to get beyond the
problem, so any suggestions would be appreciated.
ISSUE:
Our ASP.NET application connects to a COM service. This works fine (either
with IIS 5 or IIS 6) if the service is installed on the same server as the
ASP.NET app.
Our issue occurs when the ASP.net app is trying to connect to a COM service
on a different machine.
Below is the configuration on IIS5 and IIS6, it works on IIS5 but does not
on IIS6 the page that is display is below.
Configuration
From the web.config file
<identity impersonate="true"
userName=" registry:HKLM\SOFTWARE\C2C_Systems\AOneP
olSearch\identity\ASPNET_S
ETREG,userName"
password=" registry:HKLM\SOFTWARE\C2C_Systems\AOneP
olSearch\identity\ASPNET_S
ETREG,password"
/>
This user is the same user running the service on the other machine.
In the 'Directory Security' tab of the properties of the web site on the
'Anonymous access and authentication control'
We have 'Basic authentication (password is sent in clear text)' and
'Integrated Windows authentication' as the only toptions selected.
We have tried connecting from a browser that is using Integrated
authentication, and from one using Basic authentication, and the result is
the same.
Error from IIS6
Server Error in '/MyApp' Application.
----------------------------------------------------------------------------
----
Access is denied.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access is denied.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the
boxes for the desired access.
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of the
exception can be identified using the exception stack trace below.
Stack Trace:
[UnauthorizedAccessException: Access is denied.]
System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
MyApp.Search.GetInterface() +69 MyApp.Search.Load_Mailboxes() +122
MyApp.Search.Page_Load(Object sender, EventArgs e) +1747
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET
Version:1.1.4322.2300
| |
| Jiri Richter [MSFT] 2005-04-12, 6:01 pm |
| It looks to me that the user account you are using for impersonation does
not have access to the file you're requesting. Can you verify the file
system ACLs allow read access to the file for the user account?
--
Jiri Richter
Microsoft Corp.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dave Williams" <dont@mail.me> wrote in message
news:OYstvRpOFHA.3988@tk2msftngp13.phx.gbl...
> Hi all, I've seen a few instances of issues like the following in this
> group
> and tried numerous suggested fixes, but can't seem to get beyond the
> problem, so any suggestions would be appreciated.
>
> ISSUE:
>
> Our ASP.NET application connects to a COM service. This works fine (either
> with IIS 5 or IIS 6) if the service is installed on the same server as the
> ASP.NET app.
>
> Our issue occurs when the ASP.net app is trying to connect to a COM
> service
> on a different machine.
>
> Below is the configuration on IIS5 and IIS6, it works on IIS5 but does not
> on IIS6 the page that is display is below.
> Configuration
>
> From the web.config file
>
> <identity impersonate="true"
>
>
> userName=" registry:HKLM\SOFTWARE\C2C_Systems\AOneP
olSearch\identity\ASPNET_S
> ETREG,userName"
>
>
> password=" registry:HKLM\SOFTWARE\C2C_Systems\AOneP
olSearch\identity\ASPNET_S
> ETREG,password"
>
> />
>
>
>
> This user is the same user running the service on the other machine.
>
>
>
> In the 'Directory Security' tab of the properties of the web site on the
> 'Anonymous access and authentication control'
>
> We have 'Basic authentication (password is sent in clear text)' and
> 'Integrated Windows authentication' as the only toptions selected.
>
>
>
> We have tried connecting from a browser that is using Integrated
> authentication, and from one using Basic authentication, and the result is
> the same.
>
>
>
>
>
> Error from IIS6
>
> Server Error in '/MyApp' Application.
>
> ----------------------------------------------------------------------------
> ----
>
> Access is denied.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information
> about the error and where it originated in the code.
>
> Exception Details: System.UnauthorizedAccessException: Access is denied.
>
> ASP.NET is not authorized to access the requested resource. Consider
> granting access rights to the resource to the ASP.NET request identity.
> ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
> or
> Network Service on IIS 6) that is used if the application is not
> impersonating. If the application is impersonating via <identity
> impersonate="true"/>, the identity will be the anonymous user (typically
> IUSR_MACHINENAME) or the authenticated request user.
>
> To grant ASP.NET write access to a file, right-click the file in Explorer,
> choose "Properties" and select the Security tab. Click "Add" to add the
> appropriate user or group. Highlight the ASP.NET account, and check the
> boxes for the desired access.
>
> Source Error:
>
> An unhandled exception was generated during the execution of the
> current web request. Information regarding the origin and location of the
> exception can be identified using the exception stack trace below.
>
>
>
> Stack Trace:
>
> [UnauthorizedAccessException: Access is denied.]
> System.RuntimeType.CreateInstanceImpl(Boolean publicOnly) +0
> System.Activator.CreateInstance(Type type, Boolean nonPublic) +66
> MyApp.Search.GetInterface() +69 MyApp.Search.Load_Mailboxes() +122
> MyApp.Search.Page_Load(Object sender, EventArgs e) +1747
> System.Web.UI.Control.OnLoad(EventArgs e) +67
> System.Web.UI.Control.LoadRecursive() +35
> System.Web.UI.Page.ProcessRequestMain() +750
>
>
>
>
> ----------------------------------------------------------------------------
> ----
>
> Version Information: Microsoft .NET Framework Version:1.1.4322.2300;
> ASP.NET
> Version:1.1.4322.2300
>
>
|
|
|
|
|