Serviced Component runs under ASPNET, not specified account

Discussion in 'ASP .Net Security' started by Gianluca Torta, Jan 24, 2005.

  1. Cross posting since I had no reply yet from
    microsoft.public.dotnet.framework.component_services

    Hi all,

    I have an ASP.NET app and a Serviced Component that runs within a COM+
    app

    the Serviced Component is intended to access a remote database with an
    identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
    that actually can access the remote database

    the COM+ app has been configured to RUN AS SERVER and I have specified
    in the identity tab that the app should run as MYDOMAIN\MYUSER

    however, when I open my ASP.NET app and click on the button which
    makes the call to the Serviced Component, I can see from SQL Server
    Profiler that the user which tried to access the remote DB is
    <MACHINE>\ASPNET

    for some reason, the COM+ app is not running as the account that I
    specify in the Identity tab but as the caller (which in this case is
    <MACHINE>\ASPNET)

    I guess I have some configuration problem, but I really couldn't
    figure out what it is:
    - I correctly wrote my Serviced Component
    - I strongly named the assembly .DLL produced by compiling the
    component
    - I registered the component with regsvcs.exe
    - my ASP.NET application references the DLL that has been strongly
    named

    Any suggestions would be welcome!

    Thanks in advance,
    -Gianluca Torta
     
    Gianluca Torta, Jan 24, 2005
    #1
    1. Advertising

  2. If you are using Windows Server 2003, you can configure an application pool
    to be run as a user account of your choice. You can then assign your web
    application to the application pool. Then check to see what account is being
    used on your database.

    In ASP.NET you might also try to configure impersonation in web.config:
    <identity impersonate="true" userName="DOMAIN\databaseuser"
    password="123456" />

    This article describes a method for accessing resources on a server using a
    copied ASPNET account:
    http://weblogs.asp.net/mschwarz/archive/2003/03/31/4515.aspx
    Perhaps you can use it for accessing your database?

    HTH,
    Svein Terje Gaup

    "Gianluca Torta" <> wrote in message
    news:...
    > Cross posting since I had no reply yet from
    > microsoft.public.dotnet.framework.component_services
    >
    > Hi all,
    >
    > I have an ASP.NET app and a Serviced Component that runs within a COM+
    > app
    >
    > the Serviced Component is intended to access a remote database with an
    > identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
    > that actually can access the remote database
    >
    > the COM+ app has been configured to RUN AS SERVER and I have specified
    > in the identity tab that the app should run as MYDOMAIN\MYUSER
    >
    > however, when I open my ASP.NET app and click on the button which
    > makes the call to the Serviced Component, I can see from SQL Server
    > Profiler that the user which tried to access the remote DB is
    > <MACHINE>\ASPNET
    >
    > for some reason, the COM+ app is not running as the account that I
    > specify in the Identity tab but as the caller (which in this case is
    > <MACHINE>\ASPNET)
    >
    > I guess I have some configuration problem, but I really couldn't
    > figure out what it is:
    > - I correctly wrote my Serviced Component
    > - I strongly named the assembly .DLL produced by compiling the
    > component
    > - I registered the component with regsvcs.exe
    > - my ASP.NET application references the DLL that has been strongly
    > named
    >
    > Any suggestions would be welcome!
    >
    > Thanks in advance,
    > -Gianluca Torta
     
    Svein Terje Gaup, Jan 24, 2005
    #2
    1. Advertising

  3. Dear Svein, thank you for your reply.

    Unfortunately the requirements I have make the Serviced Component the best
    way to obtain my goals (see thread "accessing remote resources from ASP.NET
    app").

    So my problem is now how to make my Serviced Component to run with identity
    "MYDOMAIN\MYUSER"

    -Gianluca

    "Svein Terje Gaup" wrote:

    > If you are using Windows Server 2003, you can configure an application pool
    > to be run as a user account of your choice. You can then assign your web
    > application to the application pool. Then check to see what account is being
    > used on your database.
    >
    > In ASP.NET you might also try to configure impersonation in web.config:
    > <identity impersonate="true" userName="DOMAIN\databaseuser"
    > password="123456" />
    >
    > This article describes a method for accessing resources on a server using a
    > copied ASPNET account:
    > http://weblogs.asp.net/mschwarz/archive/2003/03/31/4515.aspx
    > Perhaps you can use it for accessing your database?
    >
    > HTH,
    > Svein Terje Gaup
    >
    > "Gianluca Torta" <> wrote in message
    > news:...
    > > Cross posting since I had no reply yet from
    > > microsoft.public.dotnet.framework.component_services
    > >
    > > Hi all,
    > >
    > > I have an ASP.NET app and a Serviced Component that runs within a COM+
    > > app
    > >
    > > the Serviced Component is intended to access a remote database with an
    > > identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
    > > that actually can access the remote database
    > >
    > > the COM+ app has been configured to RUN AS SERVER and I have specified
    > > in the identity tab that the app should run as MYDOMAIN\MYUSER
    > >
    > > however, when I open my ASP.NET app and click on the button which
    > > makes the call to the Serviced Component, I can see from SQL Server
    > > Profiler that the user which tried to access the remote DB is
    > > <MACHINE>\ASPNET
    > >
    > > for some reason, the COM+ app is not running as the account that I
    > > specify in the Identity tab but as the caller (which in this case is
    > > <MACHINE>\ASPNET)
    > >
    > > I guess I have some configuration problem, but I really couldn't
    > > figure out what it is:
    > > - I correctly wrote my Serviced Component
    > > - I strongly named the assembly .DLL produced by compiling the
    > > component
    > > - I registered the component with regsvcs.exe
    > > - my ASP.NET application references the DLL that has been strongly
    > > named
    > >
    > > Any suggestions would be welcome!
    > >
    > > Thanks in advance,
    > > -Gianluca Torta

    >
    >
    >
     
    Gianluca Torta, Jan 25, 2005
    #3
  4. You said in your post that the user being used against the database was the
    ASPNET user, so I figured that changing the user account being used by
    ASP.NET would also change the user being used for accessing the database.
    Have you considered this?

    "Gianluca Torta" <> wrote in message
    news:...
    > Dear Svein, thank you for your reply.
    >
    > Unfortunately the requirements I have make the Serviced Component the best
    > way to obtain my goals (see thread "accessing remote resources from
    > ASP.NET
    > app").
    >
    > So my problem is now how to make my Serviced Component to run with
    > identity
    > "MYDOMAIN\MYUSER"
    >
    > -Gianluca
    >
    > "Svein Terje Gaup" wrote:
    >
    >> If you are using Windows Server 2003, you can configure an application
    >> pool
    >> to be run as a user account of your choice. You can then assign your web
    >> application to the application pool. Then check to see what account is
    >> being
    >> used on your database.
    >>
    >> In ASP.NET you might also try to configure impersonation in web.config:
    >> <identity impersonate="true" userName="DOMAIN\databaseuser"
    >> password="123456" />
    >>
    >> This article describes a method for accessing resources on a server using
    >> a
    >> copied ASPNET account:
    >> http://weblogs.asp.net/mschwarz/archive/2003/03/31/4515.aspx
    >> Perhaps you can use it for accessing your database?
    >>
    >> HTH,
    >> Svein Terje Gaup
    >>
    >> "Gianluca Torta" <> wrote in message
    >> news:...
    >> > Cross posting since I had no reply yet from
    >> > microsoft.public.dotnet.framework.component_services
    >> >
    >> > Hi all,
    >> >
    >> > I have an ASP.NET app and a Serviced Component that runs within a COM+
    >> > app
    >> >
    >> > the Serviced Component is intended to access a remote database with an
    >> > identity that is NOT <MACHINE>\ASPNET but an account MYDOMAIN\MYUSER
    >> > that actually can access the remote database
    >> >
    >> > the COM+ app has been configured to RUN AS SERVER and I have specified
    >> > in the identity tab that the app should run as MYDOMAIN\MYUSER
    >> >
    >> > however, when I open my ASP.NET app and click on the button which
    >> > makes the call to the Serviced Component, I can see from SQL Server
    >> > Profiler that the user which tried to access the remote DB is
    >> > <MACHINE>\ASPNET
    >> >
    >> > for some reason, the COM+ app is not running as the account that I
    >> > specify in the Identity tab but as the caller (which in this case is
    >> > <MACHINE>\ASPNET)
    >> >
    >> > I guess I have some configuration problem, but I really couldn't
    >> > figure out what it is:
    >> > - I correctly wrote my Serviced Component
    >> > - I strongly named the assembly .DLL produced by compiling the
    >> > component
    >> > - I registered the component with regsvcs.exe
    >> > - my ASP.NET application references the DLL that has been strongly
    >> > named
    >> >
    >> > Any suggestions would be welcome!
    >> >
    >> > Thanks in advance,
    >> > -Gianluca Torta

    >>
    >>
    >>
     
    msnews.microsoft.com, Jan 25, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oren
    Replies:
    0
    Views:
    592
  2. Stan
    Replies:
    9
    Views:
    3,092
    Steven Cheng[MSFT]
    Oct 1, 2004
  3. nilapenn
    Replies:
    3
    Views:
    661
    Joe Kaplan \(MVP - ADSI\)
    Feb 14, 2005
  4. Replies:
    4
    Views:
    660
    Paul Clement
    Sep 15, 2005
  5. Eva Janakieff

    Serviced Component Calling a Web Service Problem

    Eva Janakieff, Apr 19, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    307
    Dino Chiesa [Microsoft]
    Apr 22, 2004
Loading...

Share This Page