Hi,
I'm having a strange security problem with an asp.net 2.0 web service
I've written to automate our build and deployment process. I get an
access denied from a wmi call that attempts to stop a service on a
remote machine, but I only get it running in a particular configuration.
Otherwise, it works.
The web service is accessed from a win forms client and the webapp that
hosts the service is configured to use integrated security through IIS
manager. The web.config for the service is also set to use user
impersonation. I've verified that this works by pulling the current user
from the web service code and checking it against the user I'm logged in
as. I also spawn several cvs & nant processes via CreateProcessAsUser
that require admin access on the web service host machine and these all
work in all the configurations.
Here's the configuration where the stop service works...
The forms client & web service are both running on my laptop.
The web service runs under a real IIS webapp, not the ASP.NET
development server.
I'm logged into a domain user that'a a local admin on the laptop and the
remote machine with the service I'm trying to stop.
Here's the configuration where it fails with the access denied.
The forms client is on the laptop, the web service is on a different
test server.
The web service runs under a real IIS webapp, not the ASP.NET
development server.
I'm logged into a domain user that'a a local admin on the laptop, the
test server with the web service, and the remote machine with the
service I'm trying to stop.
The really strange thing about this is if I remote desktop into the test
server where it fails in the web service code, login with the same user,
and run the wmi code, it works fine. It even works this way if I do it
with nant using the servicecontroller task. The web service code
originally did the stop/start service using nant but when I ran into
this error I rewrote it to use wmi directly from c#. Unfortunately, it
didn't help.
I've put quite a bit of time into this project and really need a
solution. This won't be worth much unless it can stop/start remote
services so please let me know if you have any ideas.
Thanks,
Scott