Elevated Privileges Problem-Please Help

S

Shalini

Hi
I am posting this again.Sorry for the trouble.
I just have a third party dll which does some custom functionality.
The Dll have some apis which run only when the user is an administrator.
I made a simple windows GUI application which makes use of the dll. Good it
works fine when i am logged in as the Administrator.

I made a Webservice which uses PInvoke thereby making use of the DLL.
The DLL reported Error as the WebService is not running in the Administrator
Authorization mode.
SOo i went into Machine.config and changed the process model attributes to
username :administrator password:MyPassword
and it works VERY FINE.. No problems at all.

But i dont want to have the machine.config approach as it makes each and
every webservice running on the system as an administrator mode.
How can i have customized thing which works as an administrator mode only
for that webservice and not for others.

I also tried
doing in web.config to make it personalised only for one webservice but it
did not work. I get an access denied message in the custom dll which says
admin did not login. It only works if i modify the machine.config. Can this
be done in some way?

I modified web.config as follows by adding one line
<identity impersonate="true" userName="Administrator" password="mypassword"
/>

Is there any way????
Expecting ur replies.
Regards
Shal
 
H

Hernan de Lahitte

If this DLL is strongnamed, try registering on to the GAC in order to
receive Fulltrust and work without CAS errors (in some cases you might need
the APTA attribute). This is the classic "sandbox" scenario.
However, if this DLL need to access protected resources by a strong ACL
(that is with Admin privileges), then you should run this DLL under a high
privilege account (admin alike). On approach to this might be to run this
DLL in another process that might be a Web Service running under an account
with the required privileges and with a "strong" authentication scheme
(i.e., NTLM/Kerberos) and allowing access to only your client web site
worker process account and public access to this site disabled. Whatever
strategy you choose, watch out for running with high privileges accounts on
your public web site.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
Shadowfax Dev Team

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem in Web Service Authorization Mode 1
Please help me to solve this JS problem 6
Help Needed with VBA please help 0
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
Need help with this script 4
Windows7 run python script / sub process with elevated privileges 2
Urgent please help 0
Help with my responsive home page 2

Members online

Total: 40 (members: 1, guests: 39)
Robots: 209

Forum statistics

Threads
473,764
Messages
2,569,564
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top