System.UnauthorizedAccessException: Access is denied

Discussion in 'ASP .Net Security' started by Efi, Sep 2, 2004.

  1. Efi

    Efi Guest

    Hi,
    We have a simple 3 tier application which its core application is VC++ 6.0
    ATL COM running as a server application in the COM+. An asp pipe is in charge
    of handling the requests and passes it to the COM for processing.

    We are now trying to migrate the asp pipe to Asp.Net (C#).

    When running the above configuration with Asp.Net on IIS 5.0 (W2K) we have
    no problems but when trying the do it on IIS 6.0 (W2K3) we are getting the
    following error which is basically access denied error on the line that tries
    to create the COM instancing.
    Access is denied.
    Description: An unhandled exception occurred during the execution of the
    current web request. Please review the stack trace for more information about
    the error and where it originated in the code.

    Exception Details: System.UnauthorizedAccessException: Access is denied.

    ASP.NET is not authorized to access the requested resource. Consider
    granting access rights to the resource to the ASP.NET request identity.
    ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
    Network Service on IIS 6) that is used if the application is not
    impersonating. If the application is impersonating via <identity
    impersonate="true"/>, the identity will be the anonymous user (typically
    IUSR_MACHINENAME) or the authenticated request user.

    To grant ASP.NET write access to a file, right-click the file in Explorer,
    choose "Properties" and select the Security tab. Click "Add" to add the
    appropriate user or group. Highlight the ASP.NET account, and check the boxes
    for the desired access.

    Source Error:
    An unhandled exception was generated during the execution of the current web
    request. Information regarding the origin and location of the exception can
    be identified using the exception stack trace below.

    Stack Trace:

    [UnauthorizedAccessException: Access is denied.]
    BurstingPipe.Net.WebForm1.Page_Load(Object sender, EventArgs e) in
    d:\burstingweb\burstingpipe.net\adserverpipe.aspx.cs:160
    System.Web.UI.Control.OnLoad(EventArgs e) +67
    System.Web.UI.Control.LoadRecursive() +35
    System.Web.UI.Page.ProcessRequestMain() +731

    I've tried to set permissions (ASPNET and Network Service) on files and in
    the COM+ (Launching permissions).

    Help Please!!!

    Thanks,

    Efi
    Efi, Sep 2, 2004
    #1
    1. Advertising

  2. Efi

    Prodip Saha Guest

    ASPNET account is local to the web server machine and normally it is not a
    domain account. Granting permission to the ASPNET account may not bring any
    good because it has no permission outside the box.

    Are you implementing Windows Integrated Authentication? If so, you can turn
    the impersonation to true (i.e. use the original callers domain account) in
    code before calling the COM+ component and turn it back to false by using
    Undo method. You can also trun the impersonation to true at all time but it
    really depends on the architecture of the application.

    If you are not using the Windows Integrated Authentication, you can
    impersonate a specific user with their username and password. Look at this
    article on how to do it--
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp

    A lot more can be said but it's hard to comment w/o knowing the architecture
    of the asp.net application.

    Prodip



    "Efi" <> wrote in message
    news:...
    > Hi,
    > We have a simple 3 tier application which its core application is VC++ 6.0
    > ATL COM running as a server application in the COM+. An asp pipe is in

    charge
    > of handling the requests and passes it to the COM for processing.
    >
    > We are now trying to migrate the asp pipe to Asp.Net (C#).
    >
    > When running the above configuration with Asp.Net on IIS 5.0 (W2K) we have
    > no problems but when trying the do it on IIS 6.0 (W2K3) we are getting the
    > following error which is basically access denied error on the line that

    tries
    > to create the COM instancing.
    > Access is denied.
    > Description: An unhandled exception occurred during the execution of the
    > current web request. Please review the stack trace for more information

    about
    > the error and where it originated in the code.
    >
    > Exception Details: System.UnauthorizedAccessException: Access is denied.
    >
    > ASP.NET is not authorized to access the requested resource. Consider
    > granting access rights to the resource to the ASP.NET request identity.
    > ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5

    or
    > Network Service on IIS 6) that is used if the application is not
    > impersonating. If the application is impersonating via <identity
    > impersonate="true"/>, the identity will be the anonymous user (typically
    > IUSR_MACHINENAME) or the authenticated request user.
    >
    > To grant ASP.NET write access to a file, right-click the file in Explorer,
    > choose "Properties" and select the Security tab. Click "Add" to add the
    > appropriate user or group. Highlight the ASP.NET account, and check the

    boxes
    > for the desired access.
    >
    > Source Error:
    > An unhandled exception was generated during the execution of the current

    web
    > request. Information regarding the origin and location of the exception

    can
    > be identified using the exception stack trace below.
    >
    > Stack Trace:
    >
    > [UnauthorizedAccessException: Access is denied.]
    > BurstingPipe.Net.WebForm1.Page_Load(Object sender, EventArgs e) in
    > d:\burstingweb\burstingpipe.net\adserverpipe.aspx.cs:160
    > System.Web.UI.Control.OnLoad(EventArgs e) +67
    > System.Web.UI.Control.LoadRecursive() +35
    > System.Web.UI.Page.ProcessRequestMain() +731
    >
    > I've tried to set permissions (ASPNET and Network Service) on files and in
    > the COM+ (Launching permissions).
    >
    > Help Please!!!
    >
    > Thanks,
    >
    > Efi
    Prodip Saha, Sep 2, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. S. Justin Gengo
    Replies:
    0
    Views:
    844
    S. Justin Gengo
    Jul 14, 2003
  2. Salim Afþar
    Replies:
    0
    Views:
    423
    Salim Afþar
    Aug 11, 2003
  3. Aleks A.
    Replies:
    0
    Views:
    399
    Aleks A.
    Aug 28, 2004
  4. bruce barker
    Replies:
    0
    Views:
    705
    bruce barker
    Aug 31, 2004
  5. =?Utf-8?B?RWZp?=
    Replies:
    0
    Views:
    3,190
    =?Utf-8?B?RWZp?=
    Sep 2, 2004
Loading...

Share This Page