ASP.NET security and RSA SecurID

Discussion in 'ASP .Net Security' started by Alan Chen, Sep 16, 2004.

  1. Alan Chen

    Alan Chen Guest

    Hi,
    I have a dll that wraps RSA SecurID package. It works great if I call
    the api from a Console app. But SD_Check() always failed (Access
    denied even if I passed in correct user id and passcode) every time
    when I call the api from a web service or a web app. I suspect that
    web.config or IIS need to be modified but don't know how.
    Any suggestions? Thanks.
    Alan Chen, Sep 16, 2004
    #1
    1. Advertising

  2. What if you change the processModel or App Pool ID to a more privileged
    account such as an administrator or SYSTEM? It could be that it is trying
    to access a file or registry key that requires a more privileged account
    than what ASP.NET is running under.

    Regmon or Filemon from SysInternals is often very helpful at tracking this
    kind of thing down. Running the console app under a regular user account
    might be good too.

    I'd love to see your code if you'd be interested in sharing. I've got ACE
    servers out the wazoo here!

    HTH,

    Joe K.

    "Alan Chen" <> wrote in message
    news:...
    > Hi,
    > I have a dll that wraps RSA SecurID package. It works great if I call
    > the api from a Console app. But SD_Check() always failed (Access
    > denied even if I passed in correct user id and passcode) every time
    > when I call the api from a web service or a web app. I suspect that
    > web.config or IIS need to be modified but don't know how.
    > Any suggestions? Thanks.
    Joe Kaplan \(MVP - ADSI\), Sep 16, 2004
    #2
    1. Advertising

  3. Alan Chen

    Alan Chen Guest

    Joe,
    Thanks for your reply.
    You are right and nice tool you suggested, I use Regmon and found the
    difference as follow:

    10:07:52
    AM aspnet_wp.exe:1104 OpenKey HKLM\SOFTWARE\SDTI\ACECLIENT ACCDENIED
    9:59:47
    AM ConsoleApplicat:3696 OpenKey HKLM\SOFTWARE\SDTI\ACECLIENT SUCCESS
    The first item is from Web app and second is from Console app.
    For quick experiment, I just gave ASPNET user a Admin priviledge
    temperarely and the web app passed the check!
    I will probably use impersonate to get a more elegant solution.

    For you reference, I got most of the code from here:
    http://groups.google.com/groups?q=sd_check&hl=en&lr=&ie=UTF-8&selm=#5y
    FTrV7DHA.1428%40TK2MSFTNGP12.phx.gbl&rnum=1

    I made it a dll and reference in both console and web app. The test I
    used is very simple:

    private void Button1_Click(object sender, System.EventArgs e)
    {
    string userName = TextBox1.Text;
    string passcode = TextBox2.Text;
    int status = Authentication.VerifySecurID(userName, passcode);
    TextBox3.Text = status.ToString();
    }




    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    Alan Chen, Sep 16, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Webdiyer
    Replies:
    0
    Views:
    707
    Webdiyer
    Nov 18, 2003
  2. gg
    Replies:
    0
    Views:
    2,700
  3. Replies:
    1
    Views:
    3,040
    Scott Allen
    Feb 9, 2006
  4. Chris Shenton

    RSA SecurID token authentication?

    Chris Shenton, May 29, 2007, in forum: Python
    Replies:
    1
    Views:
    723
    Nick Owen
    May 31, 2007
  5. Replies:
    3
    Views:
    590
Loading...

Share This Page