|
 |
aspx thread: Security problem using imported type library
Message #1 by Keith Stacy <keithstacy@y...> on Fri, 15 Nov 2002 09:43:12 -0800 (PST)
|
|
I am attempting to do Word automation in an ASP.NET
project. I imported the Word type library to a .NET
assembly using tlbimp.exe, and am referencing it in my
project. I keep getting the following error:
"System.UnauthorizedAccessException: Access is denied.
The ASP.NET process is not authorized to access the
requested resource. For security reasons the default
ASP.NET process identity is '{machinename}\ASPNET',
which has limited privileges. Consider granting access
rights to the resource to the ASP.NET process
identity."
I have reconfigured the relevant assembly with rights
to the ASPNET user. I tweaked the virtual folder in
IIS. I even reimported the TLB with the /unsafe
switch to (supposedly) disable security on the
interface. I have read the docs front to back, and my
books as well.
The imported assembly works fine in a Windows Forms
environment. Security (it seems) is preventing it
from working in ASP.NET. Any ideas on what to do?
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
Message #2 by "Jay Warmack" <jwarmack@w...> on Fri, 15 Nov 2002 10:01:43 -0800
|
|
Keith,
In the web.config file try setting:
<authentication mode="Windows" />
and then set:
<identity impersonate="true" userName="someuser" password="somepassword" />
then experiment with different userNames and passwords (i.e. userName="domain\Administrator") to see if you can find a userName that
does have permissions on the resource. You can also use the WindowsIdentity.GetCurrent() method in your web form to display the
value of who the current user really is.
Good Luck,
Jay
----- Original Message -----
From: "Keith Stacy" <keithstacy@y...>
To: "ASP.NET" <aspx@p...>
Sent: Friday, November 15, 2002 9:43 AM
Subject: [aspx] Security problem using imported type library
> I am attempting to do Word automation in an ASP.NET
> project. I imported the Word type library to a .NET
> assembly using tlbimp.exe, and am referencing it in my
> project. I keep getting the following error:
>
> "System.UnauthorizedAccessException: Access is denied.
>
> The ASP.NET process is not authorized to access the
> requested resource. For security reasons the default
> ASP.NET process identity is '{machinename}\ASPNET',
> which has limited privileges. Consider granting access
> rights to the resource to the ASP.NET process
> identity."
>
> I have reconfigured the relevant assembly with rights
> to the ASPNET user. I tweaked the virtual folder in
> IIS. I even reimported the TLB with the /unsafe
> switch to (supposedly) disable security on the
> interface. I have read the docs front to back, and my
> books as well.
>
> The imported assembly works fine in a Windows Forms
> environment. Security (it seems) is preventing it
> from working in ASP.NET. Any ideas on what to do?
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - Let the expert host your site
> http://webhosting.yahoo.com
>
>
Message #3 by keithstacy@y... on Fri, 15 Nov 2002 18:41:12
|
|
Well, I'm back because I have found a (VERY SCARY) workaround. If I
change the aspnet_wp user to SYSTEM, the assembly may be accessed.
However, this creates a vulnerability to malicious code. It appears to
be similar to a bug report (323293) published by Microsoft. Again, any
better ideas?
> I am attempting to do Word automation in an ASP.NET
project. I imported the Word type library to a .NET
assembly using tlbimp.exe, and am referencing it in my
project. I keep getting the following error:
"System.UnauthorizedAccessException: Access is denied.
The ASP.NET process is not authorized to access the
requested resource. For security reasons the default
ASP.NET process identity is '{machinename}\ASPNET',
which has limited privileges. Consider granting access
rights to the resource to the ASP.NET process
identity."
I have reconfigured the relevant assembly with rights
to the ASPNET user. I tweaked the virtual folder in
IIS. I even reimported the TLB with the /unsafe
switch to (supposedly) disable security on the
interface. I have read the docs front to back, and my
books as well.
The imported assembly works fine in a Windows Forms
environment. Security (it seems) is preventing it
from working in ASP.NET. Any ideas on what to do?
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
Message #4 by Helen Warn <hwarn@s...> on Fri, 15 Nov 2002 10:36:38 -0800
|
|
FWIW, I am trying to get around a similar problem in my web app by using a
web service for the functions that require an account with high privileges.
I'm just starting the process so I'm not positive that it will solve the
problem, but from what I have read, it should. Is this a viable approach for
you?
Cheers,
Helen
> -----Original Message-----
> From: keithstacy@y... [mailto:keithstacy@y...]
> Sent: Friday, November 15, 2002 10:41 AM
> To: ASP.NET
> Subject: [aspx] Re: Security problem using imported type library
>
>
> Well, I'm back because I have found a (VERY SCARY) workaround. If I
> change the aspnet_wp user to SYSTEM, the assembly may be accessed.
> However, this creates a vulnerability to malicious code. It
> appears to
> be similar to a bug report (323293) published by Microsoft.
> Again, any
> better ideas?
>
>
> > I am attempting to do Word automation in an ASP.NET
> project. I imported the Word type library to a .NET
> assembly using tlbimp.exe, and am referencing it in my
> project. I keep getting the following error:
>
> "System.UnauthorizedAccessException: Access is denied.
>
> The ASP.NET process is not authorized to access the
> requested resource. For security reasons the default
> ASP.NET process identity is '{machinename}\ASPNET',
> which has limited privileges. Consider granting access
> rights to the resource to the ASP.NET process
> identity."
>
> I have reconfigured the relevant assembly with rights
> to the ASPNET user. I tweaked the virtual folder in
> IIS. I even reimported the TLB with the /unsafe
> switch to (supposedly) disable security on the
> interface. I have read the docs front to back, and my
> books as well.
>
> The imported assembly works fine in a Windows Forms
> environment. Security (it seems) is preventing it
> from working in ASP.NET. Any ideas on what to do?
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - Let the expert host your site
> http://webhosting.yahoo.com
Message #5 by Will Swim <wswim@p...> on Fri, 15 Nov 2002 12:45:46 -0800
|
|
I'm extremely new to .NET programming so my advice is worth exactly
what you're paying for it :) If I'm starting to understand the
process correctly, tlbimp makes a wrapper for a COM object. That
looks like two things to look at, the original COM object and the
wrapper. You said that you tweaked the folder and that made me think
of a possibility. On NT systems the files usually inherit the parent
permissions but it might not have changed when you tweaked the
folder. I've had problems especially with NT4 servers. Anyway, try
right clicking on the individual files (COM and wrapper), select
properties and go to the security tab. You may need to "adjust" the
permissions and/or users for the individual files. With all the
right individual file permissions set right you may be able to set a
higher level of security on the folder and still get it to work
right.
Will Swim
>-----Original Message-----
>From: keithstacy@y... [mailto:keithstacy@y...]
>Sent: Friday, November 15, 2002 6:41 PM
>To: ASP.NET
>Subject: [aspx] Re: Security problem using imported type library
>
>
>Well, I'm back because I have found a (VERY SCARY) workaround. If
I
>change the aspnet_wp user to SYSTEM, the assembly may be accessed.
>However, this creates a vulnerability to malicious code. It
>appears to
>be similar to a bug report (323293) published by Microsoft.
>Again, any
>better ideas?
>
>
>> I am attempting to do Word automation in an ASP.NET
>project. I imported the Word type library to a .NET
>assembly using tlbimp.exe, and am referencing it in my
>project. I keep getting the following error:
>
>"System.UnauthorizedAccessException: Access is denied.
>
>The ASP.NET process is not authorized to access the
>requested resource. For security reasons the default
>ASP.NET process identity is '{machinename}\ASPNET',
>which has limited privileges. Consider granting access
>rights to the resource to the ASP.NET process
>identity."
>
>I have reconfigured the relevant assembly with rights
>to the ASPNET user. I tweaked the virtual folder in
>IIS. I even reimported the TLB with the /unsafe
>switch to (supposedly) disable security on the
>interface. I have read the docs front to back, and my
>books as well.
>
>The imported assembly works fine in a Windows Forms
>environment. Security (it seems) is preventing it
>from working in ASP.NET. Any ideas on what to do?
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Web Hosting - Let the expert host your site
>http://webhosting.yahoo.com
|
|
|
View Cart
