05-18-07 12:20 PM
On May 17, 1:33 pm, NathanC <Nath...@discussions.microsoft.com> wrote:
> I have a web project that is running this code: (generalized for security)
>
> refWMIService = GetObject("winmgmts:\\computer_name")
> colcomputers = refWMIService.ExecQuery("Select * From
> Win32_OperatingSystem")
> For Each refComputer In colcomputers
> If refComputer.reboot() = 0 Then
> Response.Write("reboot")
> Else
> Response.Write("nope")
> End If
>
> This is WMI functionality and on the remote computer - the ASPNET account
> obviously does not have permission to do this - and I can see Failed Audit
> events in the computer security log. So, I have added this bit of code to
the
> web.config file for the project:
>
> <identity impersonate="true" userName="subdomain.domain.com\username"
> password="password" />
>
> When I rebuild the project and even restart IIS - the call is still hittin
g
> the remote computer as ASPNET account - although my understanding is that
> because of the impersonate web.config tag - it should send using the highe
r
> access credentials.
>
> Any thoughts? Thanks,
I do not believe WMI security model works that way.
Just because you tell ASP.Net to impersonate a user identity to
execute WMI code, it does not mean that WMI flows the thread-
impersonated user identity across to the other machine. I believe with
WMI you have to give the username/password in code to the WMI
connection itself.
See how to do this with with the IIS6 Administration scripts like
iisback.vbs which shows how to make remote WMI calls using a specified
user credential.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
[ Post a follow-up to this message ]
| 
