Elevated Privileges Problem-Please Help

Discussion in 'ASP .Net Web Services' started by Shalini, Mar 4, 2004.

  1. Shalini

    Shalini Guest

    Hi
    I am posting this again.Sorry for the trouble.
    I just have a third party dll which does some custom functionality.
    The Dll have some apis which run only when the user is an administrator.
    I made a simple windows GUI application which makes use of the dll. Good it
    works fine when i am logged in as the Administrator.

    I made a Webservice which uses PInvoke thereby making use of the DLL.
    The DLL reported Error as the WebService is not running in the Administrator
    Authorization mode.
    SOo i went into Machine.config and changed the process model attributes to
    username :administrator password:MyPassword
    and it works VERY FINE.. No problems at all.

    But i dont want to have the machine.config approach as it makes each and
    every webservice running on the system as an administrator mode.
    How can i have customized thing which works as an administrator mode only
    for that webservice and not for others.

    I also tried
    doing in web.config to make it personalised only for one webservice but it
    did not work. I get an access denied message in the custom dll which says
    admin did not login. It only works if i modify the machine.config. Can this
    be done in some way?

    I modified web.config as follows by adding one line
    <identity impersonate="true" userName="Administrator" password="mypassword"
    />

    Is there any way????
    Expecting ur replies.
    Regards
    Shal
     
    Shalini, Mar 4, 2004
    #1
    1. Advertising

  2. If this DLL is strongnamed, try registering on to the GAC in order to
    receive Fulltrust and work without CAS errors (in some cases you might need
    the APTA attribute). This is the classic "sandbox" scenario.
    However, if this DLL need to access protected resources by a strong ACL
    (that is with Admin privileges), then you should run this DLL under a high
    privilege account (admin alike). On approach to this might be to run this
    DLL in another process that might be a Web Service running under an account
    with the required privileges and with a "strong" authentication scheme
    (i.e., NTLM/Kerberos) and allowing access to only your client web site
    worker process account and public access to this site disabled. Whatever
    strategy you choose, watch out for running with high privileges accounts on
    your public web site.

    --
    Hernan de Lahitte
    Lagash Systems S.A.
    http://weblogs.asp.net/hernandl
    Shadowfax Dev Team

    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Shalini" <> wrote in message
    news:...
    > Hi
    > I am posting this again.Sorry for the trouble.
    > I just have a third party dll which does some custom functionality.
    > The Dll have some apis which run only when the user is an administrator.
    > I made a simple windows GUI application which makes use of the dll. Good

    it
    > works fine when i am logged in as the Administrator.
    >
    > I made a Webservice which uses PInvoke thereby making use of the DLL.
    > The DLL reported Error as the WebService is not running in the

    Administrator
    > Authorization mode.
    > SOo i went into Machine.config and changed the process model attributes

    to
    > username :administrator password:MyPassword
    > and it works VERY FINE.. No problems at all.
    >
    > But i dont want to have the machine.config approach as it makes each and
    > every webservice running on the system as an administrator mode.
    > How can i have customized thing which works as an administrator mode only
    > for that webservice and not for others.
    >
    > I also tried
    > doing in web.config to make it personalised only for one webservice but it
    > did not work. I get an access denied message in the custom dll which says
    > admin did not login. It only works if i modify the machine.config. Can

    this
    > be done in some way?
    >
    > I modified web.config as follows by adding one line
    > <identity impersonate="true" userName="Administrator"

    password="mypassword"
    > />
    >
    > Is there any way????
    > Expecting ur replies.
    > Regards
    > Shal
    >
    >
    >
    >
    >
    >
     
    Hernan de Lahitte, Mar 5, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shalini
    Replies:
    1
    Views:
    338
    Hernan de Lahitte
    Mar 5, 2004
  2. Lee Gillie
    Replies:
    1
    Views:
    853
    Ken Cox [Microsoft MVP]
    May 13, 2005
  3. News123
    Replies:
    2
    Views:
    2,741
    Tim Golden
    May 6, 2010
  4. Shalini

    Elevated Privileges Problem-Please Help

    Shalini, Mar 4, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    168
    Hernan de Lahitte
    Mar 5, 2004
  5. Lee Gillie
    Replies:
    1
    Views:
    143
    Ken Cox [Microsoft MVP]
    May 13, 2005
Loading...

Share This Page