Running an assembly in different User

Discussion in 'ASP .Net Security' started by NMN, Jan 21, 2004.

  1. NMN

    NMN Guest

    Hi All

    I have an asp.net Application. It calls an assembly which copies a file from one location say c:\temp to another directory say c:\temp1. I created an assembly to do this where i did not have any problems after giving the ASPNet User write access to that destination forlder c:\temp1. We feel that providing the aspnet user with write access to a folder is a possible security threat, so we want to run this assembly under a different user (other than aspnet user). can any one suggest me how to do this.

    Thanks in advanc
     
    NMN, Jan 21, 2004
    #1
    1. Advertising

  2. NMN

    Kunal Guest

    Use identity Impersonation..Create an account with the minimum priveleges
    you need to do the copying and update your web.config file with this:

    <identity impersonate="true"
    userName="domain\user"
    password="password" />

    that way, the requests will be executed under the context of that user
    instead of ASPNET....



    "NMN" <> wrote in message
    news:D...
    > Hi All,
    >
    > I have an asp.net Application. It calls an assembly which copies a file

    from one location say c:\temp to another directory say c:\temp1. I created
    an assembly to do this where i did not have any problems after giving the
    ASPNet User write access to that destination forlder c:\temp1. We feel that
    providing the aspnet user with write access to a folder is a possible
    security threat, so we want to run this assembly under a different user
    (other than aspnet user). can any one suggest me how to do this.
    >
    > Thanks in advance
    >
     
    Kunal, Jan 21, 2004
    #2
    1. Advertising

  3. Probably the best way to do this is to set up your "copy" component to run
    under COM+ and have COM+ run it under a different identity with the correct
    privileges.

    The other ways to do it would be to do some sort of out of process call via
    a Web Service or Remoting, but those are probably more complex. You could
    also try to do some sort of impersonation scenario in ASP.NET so that you
    would be running under the context of a user that has the right permissions.
    Finally, you could change the ASP.NET process model to use a different
    account than ASPNET that already has the correct permissions.

    Joe K.

    "NMN" <> wrote in message
    news:D...
    > Hi All,
    >
    > I have an asp.net Application. It calls an assembly which copies a file

    from one location say c:\temp to another directory say c:\temp1. I created
    an assembly to do this where i did not have any problems after giving the
    ASPNet User write access to that destination forlder c:\temp1. We feel that
    providing the aspnet user with write access to a folder is a possible
    security threat, so we want to run this assembly under a different user
    (other than aspnet user). can any one suggest me how to do this.
    >
    > Thanks in advance
    >
     
    Joe Kaplan \(MVP - ADSI\), Jan 22, 2004
    #3
  4. NMN

    NMN Guest

    Thanks. Where do i need to put this web.config file. As i want only the dll to run in this user account, but the asp.net page needs to still run in a different user which does not have access to write into a particular directory

    Thanks once again
    ----- Kunal wrote: ----

    Use identity Impersonation..Create an account with the minimum privelege
    you need to do the copying and update your web.config file with this

    <identity impersonate="true
    userName="domain\user
    password="password" /

    that way, the requests will be executed under the context of that use
    instead of ASPNET...
     
    NMN, Jan 23, 2004
    #4
  5. NMN

    NMN Guest

    Hi joe

    Thanks for you valuable suggestions. If you can suggest me on some article which will guide me in doing this i will be very grateful. I would prefer the first scenario of using COM+. I also would like some more details on this statement, actually i am not sure how with this i can run an assembly alone in a different user
    "You coul
    also try to do some sort of impersonation scenario in ASP.NET so that yo
    would be running under the context of a user that has the right permissions.

    Thank

    ----- Joe Kaplan (MVP - ADSI) wrote: ----

    Probably the best way to do this is to set up your "copy" component to ru
    under COM+ and have COM+ run it under a different identity with the correc
    privileges

    The other ways to do it would be to do some sort of out of process call vi
    a Web Service or Remoting, but those are probably more complex. You coul
    also try to do some sort of impersonation scenario in ASP.NET so that yo
    would be running under the context of a user that has the right permissions
    Finally, you could change the ASP.NET process model to use a differen
    account than ASPNET that already has the correct permissions

    Joe K
     
    NMN, Jan 23, 2004
    #5
  6. COM+ is not my specialty at all, so you might get better help if you ask
    more people. I'd start a new thread saying that you want to write a .NET
    component that runs under COM+ so that you can run it under a different
    identity. There is some good help on writing seviced components here:

    http://msdn.microsoft.com/library/d...cpconwritingservicedcomponents.asp?frame=true

    Regarding your second question, that doesn't sound like to the way to go
    based on your reply to one of the other messages. From what I could gather,
    you want the main part of the request running as the current user so that
    you can take advantage of their security context, but want this one thing to
    run as a different context. In that situation, you should really be doing
    COM+. Trying to do it by changing impersonation contexts and then changing
    back would be a bit of a hack job.

    HTH,

    Joe K.

    "NMN" <> wrote in message
    news:D...
    > Hi joe,
    >
    > Thanks for you valuable suggestions. If you can suggest me on some

    article which will guide me in doing this i will be very grateful. I would
    prefer the first scenario of using COM+. I also would like some more details
    on this statement, actually i am not sure how with this i can run an
    assembly alone in a different user.
    > "You could
    > also try to do some sort of impersonation scenario in ASP.NET so that

    you
    > would be running under the context of a user that has the right

    permissions. "
    >
    > Thanks
    >
    >
    > ----- Joe Kaplan (MVP - ADSI) wrote: -----
    >
    > Probably the best way to do this is to set up your "copy" component

    to run
    > under COM+ and have COM+ run it under a different identity with the

    correct
    > privileges.
    >
    > The other ways to do it would be to do some sort of out of process

    call via
    > a Web Service or Remoting, but those are probably more complex. You

    could
    > also try to do some sort of impersonation scenario in ASP.NET so that

    you
    > would be running under the context of a user that has the right

    permissions.
    > Finally, you could change the ASP.NET process model to use a

    different
    > account than ASPNET that already has the correct permissions.
    >
    > Joe K.
    >
     
    Joe Kaplan \(MVP - ADSI\), Jan 23, 2004
    #6
  7. NMN

    NMN Guest

    Thanks Joe and Kunal. I was able to implement this by using Managed COM+ Component. The material i used for referring is as follows

    http://www.informit.com/isapi/product_id~{A1CE8908-9877-4B24-9B2C-BD7B836490D6}/element_id~{A53BFEC1-3FB7-4E6B-B8A7-653F61DAA526}/st~{EA7C8D03-4995-402D-B085-06E000F897B8}/session_id~{275EC953-2A7F-44FB-B08C-BBA54C9C3106}/content/articlex.as

    Thanks once again for your help

    regard
    Madhavan
     
    NMN, Jan 26, 2004
    #7
  8. Glad you got it working.

    Joe K.

    "NMN" <> wrote in message
    news:...
    > Thanks Joe and Kunal. I was able to implement this by using Managed COM+

    Component. The material i used for referring is as follows:
    >
    >

    http://www.informit.com/isapi/product_id~{A1CE8908-9877-4B24-9B2C-BD7B836490D6}/element_id~{A53BFEC1-3FB7-4E6B-B8A7-653F61DAA526}/st~{EA7C8D03-4995-402D-B085-06E000F897B8}/session_id~{275EC953-2A7F-44FB-B08C-BBA54C9C3106}/content/articlex.asp
    >
    > Thanks once again for your help.
    >
    > regards
    > Madhavan
     
    Joe Kaplan \(MVP - ADSI\), Jan 26, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Prasanna Padmanabhan
    Replies:
    1
    Views:
    828
    Mattias Sjögren
    Nov 19, 2003
  2. Brent
    Replies:
    1
    Views:
    1,380
    Brent
    Jan 23, 2004
  3. SA
    Replies:
    0
    Views:
    486
  4. Horatiu Margavan via .NET 247

    Assembly's manifest definition does not match the assembly reference.

    Horatiu Margavan via .NET 247, Aug 30, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    3,639
    Horatiu Margavan via .NET 247
    Aug 30, 2004
  5. Grant Merwitz
    Replies:
    3
    Views:
    9,092
    Grant Merwitz
    Sep 15, 2005
Loading...

Share This Page