impersonate problem

Discussion in 'ASP .Net Security' started by zino, Oct 29, 2004.

  1. zino

    zino Guest

    Win2000, ASP.Net 1.1
    the web application on server (A) read/write to a folder on another server
    (B) on same network .
    I create 2 similar accounts : on web server (A) and server (B)
    with the same username, password ....
    NTFS Permissions is assigned .

    in the web config file :
    impersonation is enabled, and the application accesses the resources using
    the new created account credentials

    when I run the application (even locally) , I get "you are not authorized to
    view this page ...."

    do I need to change machine.config file username and password to match the
    newly created account, and does that affect other web application running on
    the web server (too many) ????

    thanks for help
    zino, Oct 29, 2004
    1. Advertisements

  2. Hi Zino,

    We have reviewed this issue and are currently researching on it. We will
    update you ASAP. Thanks for your patience!

    Kevin Yu
    "This posting is provided "AS IS" with no warranties, and confers no
    Kevin Yu [MSFT], Oct 30, 2004
    1. Advertisements

  3. [MSFT]

    [MSFT] Guest


    How did you access the files on another server? If you remove related code
    temporarily, will the web application work? Can you post your web.config
    for further research?

    BTW, this kind of problem may be related to that the Local Service and
    Network Service accounts do not have Full Control to the "Temporary ASP.NET
    Files" folder or the network shared folder, you may first try to grant such
    permission to see if it will help.

    [MSFT], Nov 1, 2004
  4. zino

    zino Guest

    I beleive the problem started when I added a reference to Microsoft.Office to
    the application, and not from impersonation, because the first version I
    published on the web server, didn't have a reference to Office and though we
    didn't have any problem with permissions.
    but but I still don't know how to fix it.
    following is some of what's in the web config file, and the code behind.

    the web config file contains:
    <authentication mode="None" />
    <identity impersonate="true" userName="domainName\NTusername"
    password="NTuserpassword" />

    <allow users="*" />

    NTusername is an nt user known on all machine in this domain

    I added the following references:
    - Excel
    - Microsoft.Office.Core
    - .... ... .... ....

    in the code behind, in the imports section:
    - Imports System.IO
    - Imports Microsoft.Office.Interop
    - .... .... ... ..

    the "Not authorized" page appear when I try to call the default page that
    does not contains any code, (just a welcome message), that's why I beleive
    it's a reference problem.

    thanks for your help
    zino, Nov 1, 2004
  5. [MSFT]

    [MSFT] Guest

    Office interop needs more permission than a normal ASP .NET app. Is the
    account "domainName\NTusername" a local administrator? If not, you may try
    to add it and see if this will help.

    [MSFT], Nov 2, 2004
  6. [MSFT]

    [MSFT] Guest

    Any progress on this issue?

    [MSFT], Nov 4, 2004
  7. zino

    zino Guest

    I gave the account under which the application is running (impersonating) an
    adminsitrator privilege.
    that's solve part of the problem:
    1- if I request the page as : http://serverName/applicationName
    I get error: "HTTP Error 403 - Forbidden"

    2- if I request the page as: http://serverName/applicationName/anyPage.aspx
    it run correctly

    even when I'm logged to the server and I try to browse a page from IIS
    (right click/browse) , the page run correctly , but if I try to browse the
    site (from the left pane) I still getting the error

    I assigned the account all NT permissions on the physical folder.

    thanks for help
    zino, Nov 4, 2004
  8. [MSFT]

    [MSFT] Guest

    How did you set the default page for the site? For example, if you set the
    default page to anyPage.aspx in IIS, and then browse to the site, will it
    be success?

    [MSFT], Nov 5, 2004
  9. zino

    zino Guest

    anyPage.aspx is set as default page, and still when I browse to the site
    (either ffrom a remote machine, or from IIS directly(locally) ), if I right
    click the site (left pane in IIS) and browse, the error occured, but if I
    click on the page and browse, it work correctly.

    I don't know if the following, is the reason but :
    Microsof office that is running on the server where the application is, is
    running under different account than the one that the application is
    What I mean: is it possible that the application, in order to work
    correctly, needs to impersonate the SAME ACCOUNT, that Microsoft Office is
    currently runnning under ????


    "[MSFT]" wrote:

    > How did you set the default page for the site? For example, if you set the
    > default page to anyPage.aspx in IIS, and then browse to the site, will it
    > be success?
    > Luke
    zino, Nov 5, 2004
  10. [MSFT]

    [MSFT] Guest


    If the ASP.NET app's account is a local administrator, it is enough to
    invoke the Office component. We don't need impersonate as the one Microsoft
    Office is currently runnning under. To confirm this, you can close all
    Office process on the server and test again.

    Regarding the problem, is there any more information with the error "HTTP
    Error 403 - Forbidden"? For example, "Execute Access Denied"? or "SSL
    require"? Is the virtual folder has been enabled as a IIS app? If you
    create a virtual directory, create a new application in it, will it

    [MSFT], Nov 8, 2004
  11. zino

    zino Guest

    I uninstall the Office XP PIAs and re-install it back.
    I don't have the denied error anymore, but there is another new error:

    "QueryInterface for interface Microsoft.Office.Interop.Excel._Application

    Stack Trace:
    [InvalidCastException: QueryInterface for interface
    Microsoft.Office.Interop.Excel._Application failed.]
    Microsoft.Office.Interop.Excel.ApplicationClass.get_Workbooks() +0
    WeekendScript.RefreshDatabase.readButton_Click1(Object sender, EventArgs
    e) +138
    System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108

    System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57
    sourceControl, String eventArgument) +18
    System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
    System.Web.UI.Page.ProcessRequestMain() +1277

    (RefreshDatabase is the page name, and weekendScript is the app. name)

    and here what inside readButton_click event:
    Protected Sub readButton_Click1(ByVal sender As Object, ByVal e As
    System.EventArgs) Handles readButton.Click

    Dim link As String
    Dim i, max_row, max_col As Int16
    Dim xl As New Excel.Application
    Dim wb As Excel.Workbook = xl.Workbooks.Open("c:\excelFilePath.xls")

    xl.DisplayAlerts = False
    Dim ws As Excel.Worksheet = xl.ActiveSheet

    Dim ds As New DataSet
    Dim dt As New DataTable

    ds = GetTableShema() ' function to get a table shema ..... ... ...

    For Each ws In xl.Worksheets
    max_row = ws.UsedRange.Rows.Count
    max_col = ws.UsedRange.Columns.Count

    For i = 7 To max_row
    link = "F" & i
    If ws.Range(link).Hyperlinks.Count > 0 Then
    Dim dr As DataRow
    dr = ds.Tables(0).NewRow
    dr(0) = ws.Range(link).Hyperlinks(1).Address()
    End If

    End Sub

    thanks for help
    zino, Nov 8, 2004
  12. [MSFT]

    [MSFT] Guest

    From the error information, the interface of Excel cannot be found. It
    seems there are some problem in system registry during Office Installation.
    Can you create an Excel object in another application, for example, in a
    VBscript file?

    [MSFT], Nov 9, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter O'Reilly
    Peter O'Reilly
    Nov 3, 2003
  2. Aras Kucinskas

    ASP.NET Webservice Impersonate problem

    Aras Kucinskas, Aug 31, 2004, in forum: ASP .Net
    Aras Kucinskas
    Aug 31, 2004
  3. Yoshitha

    Problem with impersonate

    Yoshitha, Jul 1, 2005, in forum: ASP .Net
    Jul 1, 2005
  4. =?Utf-8?B?QmFsYQ==?=

    Impersonate problem

    =?Utf-8?B?QmFsYQ==?=, Nov 2, 2005, in forum: ASP .Net
    Nov 3, 2005
  5. Bill Belliveau

    DirectoryEntry Impersonate or WindowsIdentity Impersonate?

    Bill Belliveau, Jan 28, 2004, in forum: ASP .Net Security
    Joe Kaplan \(MVP - ADSI\)
    Jan 31, 2004