Hi all, I have a web app that I am developing that retrieves a list of the computers on the network and then displays their date of last reboot. It works fine while on my computer in the dev environment, however if I try to use it from another computer I only get my computer's info. After some work I have found that when I call< xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
If (PerformanceCounterCategory.Exists("System", Machine))
I get an unauthorized access issue. I’ve added
[assembly: PermissionSetAttribute(SecurityAction.RequestOptional, Name = "LocalIntranet")]
But I only get a login box now which is just horrible. I currently have the web app set to
Impersonate="true"
What I need is for accounts that are accessing the web app to be transferred to the code and access the network using that authority. I don’t want the users to have to login or provide a password. Any help would be appreciated
Network access for a web app
BrianRD
Hi!
Thanks for asking! I'm a member of the ASP.NET team, and was just popping over here to see what was going on. The best place to ask ASP.NET questions is over on the ASP.NET forums at
http://www.asp.net/welcome.aspx tabindex=1&tabid=39The short answer to your question is to check to make sure that anonymous auth is turned off in IIS, otherwise IIS uses the lowest auth mechanism available to it (anonymous), thus the impersonation isn't getting passed through.
HTH,
PEte
natashanatasha
Nicole and PeteL Thx for your interest. I’ll post further questions in the correct area. The Error is:
"System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.\r\n at Microsoft.Win32.RegistryKey.Win32ErrorStatic(Int32 errorCode, String str)\r\n at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey, String machineName)\r\n at System.Diagnostics.PerformanceCounterLib.FindCustomCategory(String category, PerformanceCounterCategoryType& categoryType)\r\n at System.Diagnostics.PerformanceCounterLib.IsCustomCategory(String category)\r\n at System.Diagnostics.PerformanceCounterLib.IsCustomCategory(String machine, String category)\r\n at System.Diagnostics.PerformanceCounterCategory.Exists(String categoryName, String machineName)\r\n at _Default.GetTimeUp(String Machine) in c:\\Inetpub\\wwwroot\\Uptime\\Default.aspx.cs:line 59"
As for the third part it is set to send logon and authorization in local internet. My IIS has anonymous access is disabled. Please forgive me for any lack of knowledge I have I was a VC+6 developer until this project
Pierre Berkaloff
Could you please provide the full exception details, as returned by its ToString method
If the problem is due to user permissions (which I can't tell without seeing the exception details), applying CAS permission attributes won't help you. The LocalIntranet permission set wouldn't be of any help here anyway since it doesn't include the CAS permissions required for the method you're trying to call, and you should probably just remove the attribute entirely. If the problem is due to a lack of CAS permissions, the cause probably lies with your ASP.NET trust level. However, there's not much point in messing with it until you're sure whether the problem lies with the user permissions or the CAS permissions.
What are the authentication settings for your application in IIS Also, is your client browser set to automatically send credentials in the zone in which the web site is located
bls
Nicole thx for your continued interest. Having examined everything that you posted I was able to determine that I have everything configured correctly. Impersonation is going off without a hitch. The issues that are detailed in the posted article are what are preventing me from performing the tasks I’m trying to perform. With a little work I’ll be able to solve those. Once more Thx for you help.
kryali
This is definitely a user issue, and it would appear to have nothing to do with CAS permissions (since the code could not have progressed to calling Win32ErrorStatic from OpenRemoteBaseKey if the CAS permissions were insufficient).
There are two possible user context issues here:
1. The code isn't actually running under the account you expect, or
2. You're encountering an impersonation double-hop problem.
#1 is fairly simple to rule out by examining the value of WindowsIdentity.GetCurrent().Name from within your page. It should match the account name for the user you expect to be impersonating. If it doesn't, chances are excellent that your IIS and/or web.config settings for authentication and/or impersonation need to be tweaked. (If you need help with this, please post the full details of your IIS authentication settings and your web.config impersonation settings.)
If the client user is being successfully impersonated, the problem lies with the target machines not trusting your web server for delegation. For an introduction to why this occurs and what you can do about it, see http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx.