Changing NTFS permissions in ASP.NET

Discussion in 'ASP .Net Security' started by Dmitry Maslakov, Mar 3, 2005.

  1. Hi.

    Some related questions were discussed here, but my question is some
    different.

    I'm writing the project, the metter of it can be expressed as following.
    * System: IIS 6 on W2003server.
    * Site: application pool works with NETWORK SERVICE, anonymous access is
    allowed on site.
    * Goal: operate with files and change permissions on files (remote files
    using UNC as well).

    Using form authentication i recieve UPN and password from user. Than
    inpersonate using API LogonUser and saves returned token in session vars.
    All operations with files performs after call to API function
    ImpersonateLoggedOnUser.
    The account user logs in has full access to files. So it operates
    (move/copy/delete) with files successfully, and reads DACL as well.

    BUT THE PROBLEMS begin when i try to set permissions to files (try to use
    WRITE_DAC access). I use ActiveDs ActiveX. Here are two situations.

    1) if user is owner of file he tries to set permissions on, permissions
    will set successfully. But this is not the case of real situation because
    a) owner of files is Administrators group, b) user have full access to his
    files, but belongs to Users group.

    2) if user is not an owner of files, the following error occures when call
    to SetSecurityDescriptor:
    System.Runtime.InteropServices.COMException: This security ID may not be
    assigned as the owner of this object.

    Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
    try to take same privilege to the process (after impersonation) gives error
    "Access is denied".

    Have someone suggestions how could i achieve the goal.
    Dmitry Maslakov, Mar 3, 2005
    #1
    1. Advertising

  2. > Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
    > try to take same privilege to the process (after impersonation) gives error
    > "Access is denied".


    Here is a piece of my code i use to take privilege. I hope it's
    understandable code. The Access denied error occures in call of
    OpenProcessToken.

    IntPtr token;
    IntPtr proc=Kernel32.GetCurrentProcess(); // returns pseudo handle (-1)

    if(AdvApi32.OpenProcessToken(proc,
    AdvApi32.TOKEN_ADJUST_PRIVILEGES | AdvApi32.TOKEN_QUERY,
    out token)!=0)
    {
    // take privilege to variable token
    }
    Dmitry Maslakov, Mar 3, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shawn H. Mesiatowsky

    Change NTFS Permissions or run shell script

    Shawn H. Mesiatowsky, Feb 3, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    473
    Shawn H. Mesiatowsky
    Feb 3, 2005
  2. Gaetan
    Replies:
    0
    Views:
    609
    Gaetan
    Jan 20, 2006
  3. Morten V. Pedersen

    NTFS permissions for ASP.NET user

    Morten V. Pedersen, Oct 22, 2003, in forum: ASP .Net Security
    Replies:
    4
    Views:
    117
    Jacob Yang [MSFT]
    Oct 29, 2003
  4. travelling_nerd
    Replies:
    4
    Views:
    153
    Patrice
    Jul 13, 2004
  5. Ron Gibson
    Replies:
    6
    Views:
    127
    Evertjan.
    Dec 22, 2004
Loading...

Share This Page