Security issue with DirectoryServices

Discussion in 'ASP .Net Security' started by Carl, Apr 6, 2005.

  1. Carl

    Carl Guest

    In an attempt to programmatically create a website using
    Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create", "IIsWebServer",
    intSiteID), DirectoryEntry))

    ....

    site.Invoke("SetInfo")

    works fine until the SetInfo is called.

    It produces an "Access denied" from source "mscorlib". I am sure this as
    been address here previously but can someone who has resolved this kindly
    repost the fix/workaround.

    Thanks
    Carl, Apr 6, 2005
    #1
    1. Advertising

  2. Are you modifying IIS on the local machine or a remote machine? Is the
    current thread executing with an account with administrator rights?

    Joe K.

    "Carl" <> wrote in message
    news:...
    > In an attempt to programmatically create a website using
    > Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create",
    > "IIsWebServer",
    > intSiteID), DirectoryEntry))
    >
    > ...
    >
    > site.Invoke("SetInfo")
    >
    > works fine until the SetInfo is called.
    >
    > It produces an "Access denied" from source "mscorlib". I am sure this as
    > been address here previously but can someone who has resolved this kindly
    > repost the fix/workaround.
    >
    > Thanks
    >
    >
    Joe Kaplan \(MVP - ADSI\), Apr 6, 2005
    #2
    1. Advertising

  3. Carl

    Carl Guest

    The ASP.NET pages are running on the local machine. I am using the machine's
    administartor/password for site.username/site.password as:

    Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create", "IIsWebServer",
    intSiteID), DirectoryEntry))
    site.Username = "Administrator"
    site.Password = "xxyyzz1234"


    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > Are you modifying IIS on the local machine or a remote machine? Is the
    > current thread executing with an account with administrator rights?
    >
    > Joe K.
    >
    > "Carl" <> wrote in message
    > news:...
    > > In an attempt to programmatically create a website using
    > > Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create",
    > > "IIsWebServer",
    > > intSiteID), DirectoryEntry))
    > >
    > > ...
    > >
    > > site.Invoke("SetInfo")
    > >
    > > works fine until the SetInfo is called.
    > >
    > > It produces an "Access denied" from source "mscorlib". I am sure this as
    > > been address here previously but can someone who has resolved this

    kindly
    > > repost the fix/workaround.
    > >
    > > Thanks
    > >
    > >

    >
    >
    Carl, Apr 8, 2005
    #3
  4. Ah, the IIS provider ignores passed in credentials. I really wish MS would
    document this more clearly as it trips up a lot of people!

    It only works with the security context of the current thread
    (System.Security.Principal.WindowsIdentity.GetCurrent().Name). So, you need
    to make sure that is set to the administrator account you need.

    Typically you do that with either impersonation to change the thread
    identity or by changing the worker process identity.

    Joe K.

    "Carl" <> wrote in message
    news:%...
    > The ASP.NET pages are running on the local machine. I am using the
    > machine's
    > administartor/password for site.username/site.password as:
    >
    > Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create",
    > "IIsWebServer",
    > intSiteID), DirectoryEntry))
    > site.Username = "Administrator"
    > site.Password = "xxyyzz1234"
    >
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:...
    >> Are you modifying IIS on the local machine or a remote machine? Is the
    >> current thread executing with an account with administrator rights?
    >>
    >> Joe K.
    >>
    >> "Carl" <> wrote in message
    >> news:...
    >> > In an attempt to programmatically create a website using
    >> > Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create",
    >> > "IIsWebServer",
    >> > intSiteID), DirectoryEntry))
    >> >
    >> > ...
    >> >
    >> > site.Invoke("SetInfo")
    >> >
    >> > works fine until the SetInfo is called.
    >> >
    >> > It produces an "Access denied" from source "mscorlib". I am sure this
    >> > as
    >> > been address here previously but can someone who has resolved this

    > kindly
    >> > repost the fix/workaround.
    >> >
    >> > Thanks
    >> >
    >> >

    >>
    >>

    >
    >
    Joe Kaplan \(MVP - ADSI\), Apr 8, 2005
    #4
  5. Carl

    Carl Guest

    Many thanks Joe!

    For those that need further information, I found this.
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp



    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:#...
    > Ah, the IIS provider ignores passed in credentials. I really wish MS

    would
    > document this more clearly as it trips up a lot of people!
    >
    > It only works with the security context of the current thread
    > (System.Security.Principal.WindowsIdentity.GetCurrent().Name). So, you

    need
    > to make sure that is set to the administrator account you need.
    >
    > Typically you do that with either impersonation to change the thread
    > identity or by changing the worker process identity.
    >
    > Joe K.
    >
    > "Carl" <> wrote in message
    > news:%...
    > > The ASP.NET pages are running on the local machine. I am using the
    > > machine's
    > > administartor/password for site.username/site.password as:
    > >
    > > Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create",
    > > "IIsWebServer",
    > > intSiteID), DirectoryEntry))
    > > site.Username = "Administrator"
    > > site.Password = "xxyyzz1234"
    > >
    > >
    > > "Joe Kaplan (MVP - ADSI)" <>

    wrote
    > > in message news:...
    > >> Are you modifying IIS on the local machine or a remote machine? Is the
    > >> current thread executing with an account with administrator rights?
    > >>
    > >> Joe K.
    > >>
    > >> "Carl" <> wrote in message
    > >> news:...
    > >> > In an attempt to programmatically create a website using
    > >> > Dim site As New DirectoryEntry(CType(objIIs.Invoke("Create",
    > >> > "IIsWebServer",
    > >> > intSiteID), DirectoryEntry))
    > >> >
    > >> > ...
    > >> >
    > >> > site.Invoke("SetInfo")
    > >> >
    > >> > works fine until the SetInfo is called.
    > >> >
    > >> > It produces an "Access denied" from source "mscorlib". I am sure this
    > >> > as
    > >> > been address here previously but can someone who has resolved this

    > > kindly
    > >> > repost the fix/workaround.
    > >> >
    > >> > Thanks
    > >> >
    > >> >
    > >>
    > >>

    > >
    > >

    >
    >
    Carl, Apr 9, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Edward
    Replies:
    1
    Views:
    2,408
    Edward
    Jul 8, 2003
  2. Enosh Chang

    ASP.NET + DirectoryServices

    Enosh Chang, Jul 28, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    455
    Ken Cox [Microsoft MVP]
    Jul 28, 2003
  3. Enosh Chang

    DirectoryServices error!

    Enosh Chang, Aug 4, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    632
    Natty Gur
    Aug 4, 2003
  4. David M. Weprin

    System.DirectoryServices

    David M. Weprin, Oct 17, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    375
    Yovi Oktofianus
    Oct 18, 2003
  5. =?Utf-8?B?Sm9oaG55IDA=?=

    Permissions issue with System.DirectoryServices

    =?Utf-8?B?Sm9oaG55IDA=?=, Aug 9, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    402
    =?Utf-8?B?Sm9oaG55IDA=?=
    Aug 9, 2005
Loading...

Share This Page