P
Patrick
Following earlier discussions about invoking a .NET class library via
..NET-COM Interop (using regasm /tlb) at
http://groups.google.com/groups?hl=...elm=%23Van7eSrEHA.4004%40TK2MSFTNGP10.phx.gbl
I have concluded that my .NET class library (following the suggestions.
namely setting the marshall type, etc.) , I can
1) Invoke public methods in the class library from VBScript
2) Invoke public methods in the class library from ASP in IIS5.1 on Windows
XP Profesional SP2 provided that
2.1) The process level is set to LOW (to get the IIS process running as the
high priviledge Local System Account).
2.1 is probably not what I wanted. So I started investigating what
permission I need by running FileMon from
http://www.sysinternals.com/ntw2k/source/filemon.shtml .
1) Initial attempts showed access denied on
%SYSTEMROOT%\temp\Microsoft.NET\Framework\v1.1.4322\csc.exe
2) When I relaxed ACL to allow IWAM_MachineName read access to csc.exe:
3) FileMon start reporting Access is defined when trying to read on my
%SYSTEMROOT%\temp
4) when I relaxed ACL to allow IWAM_MachineName read access to this temp
directory
5) Access is denied is logged when the process tries to *Create*!! a
C:\Documents and Settings\Default User\Application Data\Microsoft\CLR
Security Config\v1.1.4322\security.config.cch.new !
I thought hang on a minute...., where is this going to end? ASP.NET
application runs also as IWAM_MachineName and I don't have to keep on
relaxing security? What is the least I could do (i.e. least permision I
need to give to IWAM_MachineName) to enable ASP to run a .NET Class library
via interop?
Note
1) If I
1.1) turn OFF anonymous access on the ASP directory (from IIS Manager)
1.2) Turn on only integrated windows authentication
1.3) Try to load the ASP, logging in as someone with Admin rights on the IIS
Server
1.4) The page loads up displaying error '80070002' , when it tries to
instantiate using CreateObject a .NET Object
2) If I
2.1) turn ON anonymous access on ASP Directory (from IIS Manager)
2.2) Turn off integrated windows authentication
2.3) Try to load the ASP
2.4) The page loads up displaying error '80070002' , when it tries to
instantiate using CreateObject a .NET Object
3) If I
3.1) Add IUSR_MachineName and IWAM_MachineName to the Local admin group,
reset IIS
3.2) Turn on ONLY Anonymous access on IIS Manager
3.3) Try to load the ASP
3.4) The page loads up displaying error '80070002' , when it tries to
instantiate using CreateObject a .NET Object
..NET-COM Interop (using regasm /tlb) at
http://groups.google.com/groups?hl=...elm=%23Van7eSrEHA.4004%40TK2MSFTNGP10.phx.gbl
I have concluded that my .NET class library (following the suggestions.
namely setting the marshall type, etc.) , I can
1) Invoke public methods in the class library from VBScript
2) Invoke public methods in the class library from ASP in IIS5.1 on Windows
XP Profesional SP2 provided that
2.1) The process level is set to LOW (to get the IIS process running as the
high priviledge Local System Account).
2.1 is probably not what I wanted. So I started investigating what
permission I need by running FileMon from
http://www.sysinternals.com/ntw2k/source/filemon.shtml .
1) Initial attempts showed access denied on
%SYSTEMROOT%\temp\Microsoft.NET\Framework\v1.1.4322\csc.exe
2) When I relaxed ACL to allow IWAM_MachineName read access to csc.exe:
3) FileMon start reporting Access is defined when trying to read on my
%SYSTEMROOT%\temp
4) when I relaxed ACL to allow IWAM_MachineName read access to this temp
directory
5) Access is denied is logged when the process tries to *Create*!! a
C:\Documents and Settings\Default User\Application Data\Microsoft\CLR
Security Config\v1.1.4322\security.config.cch.new !
I thought hang on a minute...., where is this going to end? ASP.NET
application runs also as IWAM_MachineName and I don't have to keep on
relaxing security? What is the least I could do (i.e. least permision I
need to give to IWAM_MachineName) to enable ASP to run a .NET Class library
via interop?
Note
1) If I
1.1) turn OFF anonymous access on the ASP directory (from IIS Manager)
1.2) Turn on only integrated windows authentication
1.3) Try to load the ASP, logging in as someone with Admin rights on the IIS
Server
1.4) The page loads up displaying error '80070002' , when it tries to
instantiate using CreateObject a .NET Object
2) If I
2.1) turn ON anonymous access on ASP Directory (from IIS Manager)
2.2) Turn off integrated windows authentication
2.3) Try to load the ASP
2.4) The page loads up displaying error '80070002' , when it tries to
instantiate using CreateObject a .NET Object
3) If I
3.1) Add IUSR_MachineName and IWAM_MachineName to the Local admin group,
reset IIS
3.2) Turn on ONLY Anonymous access on IIS Manager
3.3) Try to load the ASP
3.4) The page loads up displaying error '80070002' , when it tries to
instantiate using CreateObject a .NET Object