Using trusted assemblies from classic ASP

Discussion in 'ASP .Net Security' started by Ken Kolda, Oct 8, 2004.

  1. Ken Kolda

    Ken Kolda Guest

    I have a .NET assembly which utilizes the System.Management classes to
    retrieve information about the computer. When run under ASP.NET, I can use
    this assembly with no problems. But now I'm trying to use with from within
    classic ASP. The assembly is strongly-named and I've registered it using
    "regasm /codebase" (I've also tried it in the GAC without the /codebase).
    But when I use the component in ASP thru COM interop on either Win 2K or Win
    2K3, I get the following exception when I try to execute my WMI query:

    System.Exception: Error reading MAC Address information: Access denied
    ---> System.Management.ManagementException: Access denied

    at
    System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode)
    at System.Management.ManagementObjectSearcher.Get()

    I even tried going into the .NET security configuration console and granting
    FullTrust premissions based on the public key with which I signed my
    assembly. It seemed to have no effect (although I can't say definiteively I
    put the code group in the right place -- I stuck it directly under the
    All_Code node in the Machine policy group).

    I don't think this is identity-related because I have this ASP app running
    in the same App Pool as an ASP.NET app which has no problems running the WMI
    query. (I did try playing with the identity it ran with, even using a local
    admin, but to no avail). Somehow, when running through COM Interop, the
    component doesn't run with full trust -- does anyone know how I can
    configure the system to grant FullTrust to my assembly in this scenario?

    Thanks for your help -
    Ken
     
    Ken Kolda, Oct 8, 2004
    #1
    1. Advertising

  2. This isn't a CAS issue, otherwise you would have got a SecurityException. You've got an indentity isssue somewhere, does the ASP.NET app use impersonation?

    Regards

    Richard Blewett - DevelopMentor
    http://staff.develop.com/richardb/weblog

    nntp://news.microsoft.com/microsoft.public.dotnet.framework/<#>

    I have a .NET assembly which utilizes the System.Management classes to
    retrieve information about the computer. When run under ASP.NET, I can use
    this assembly with no problems. But now I'm trying to use with from within
    classic ASP. The assembly is strongly-named and I've registered it using
    "regasm /codebase" (I've also tried it in the GAC without the /codebase).
    But when I use the component in ASP thru COM interop on either Win 2K or Win
    2K3, I get the following exception when I try to execute my WMI query:

    System.Exception: Error reading MAC Address information: Access denied
    ---> System.Management.ManagementException: Access denied

    at
    System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode)
    at System.Management.ManagementObjectSearcher.Get()

    I even tried going into the .NET security configuration console and granting
    FullTrust premissions based on the public key with which I signed my
    assembly. It seemed to have no effect (although I can't say definiteively I
    put the code group in the right place -- I stuck it directly under the
    All_Code node in the Machine policy group).

    I don't think this is identity-related because I have this ASP app running
    in the same App Pool as an ASP.NET app which has no problems running the WMI
    query. (I did try playing with the identity it ran with, even using a local
    admin, but to no avail). Somehow, when running through COM Interop, the
    component doesn't run with full trust -- does anyone know how I can
    configure the system to grant FullTrust to my assembly in this scenario?

    Thanks for your help -
    Ken



    ---
    Incoming mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004



    [microsoft.public.dotnet.framework]
     
    Richard Blewett [DevelopMentor], Oct 8, 2004
    #2
    1. Advertising

  3. Ken Kolda

    Ken Kolda Guest

    Thanks for the quick response. I suspect you're right with identity being
    the issue although I didn't originally think this was the case.

    My web.config is the standard one generated by VS.NET, so there's no
    <identity> element in it. My machine.config is also the default, so it has
    <identity impersonate="false" userName="" password=""/>. I tried creating a
    new local user and placed him in pretty much every group (including
    Administrators, IIS_WPG, etc.) and setting the AppPool to run as this user.
    That seemed to have no effect (ASP.NET app worked, ASP didn't). None of
    built-in accounts for the AppPool identity work either.

    I also tried disabling Windows authentication in IIS on both the apps'
    virtual roots (so only anonymous access was being used). Again, no effect.

    Thanks again for the help -- if there's anything you can think of for me to
    try, let me know.

    Ken


    "Richard Blewett [DevelopMentor]" <> wrote in message
    news:uplTl%...
    > This isn't a CAS issue, otherwise you would have got a SecurityException.

    You've got an indentity isssue somewhere, does the ASP.NET app use
    impersonation?
    >
    > Regards
    >
    > Richard Blewett - DevelopMentor
    > http://staff.develop.com/richardb/weblog
    >
    >

    nntp://news.microsoft.com/microsoft.public.dotnet.framework/<#>
    >
    > I have a .NET assembly which utilizes the System.Management classes to
    > retrieve information about the computer. When run under ASP.NET, I can

    use
    > this assembly with no problems. But now I'm trying to use with from

    within
    > classic ASP. The assembly is strongly-named and I've registered it using
    > "regasm /codebase" (I've also tried it in the GAC without the /codebase).
    > But when I use the component in ASP thru COM interop on either Win 2K or

    Win
    > 2K3, I get the following exception when I try to execute my WMI query:
    >
    > System.Exception: Error reading MAC Address information: Access denied
    > ---> System.Management.ManagementException: Access denied
    >
    > at
    >

    System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    > errorCode)
    > at System.Management.ManagementObjectSearcher.Get()
    >
    > I even tried going into the .NET security configuration console and

    granting
    > FullTrust premissions based on the public key with which I signed my
    > assembly. It seemed to have no effect (although I can't say definiteively

    I
    > put the code group in the right place -- I stuck it directly under the
    > All_Code node in the Machine policy group).
    >
    > I don't think this is identity-related because I have this ASP app

    running
    > in the same App Pool as an ASP.NET app which has no problems running the

    WMI
    > query. (I did try playing with the identity it ran with, even using a

    local
    > admin, but to no avail). Somehow, when running through COM Interop, the
    > component doesn't run with full trust -- does anyone know how I can
    > configure the system to grant FullTrust to my assembly in this scenario?
    >
    > Thanks for your help -
    > Ken
    >
    >
    >
    > ---
    > Incoming mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004
    >
    >
    >
    > [microsoft.public.dotnet.framework]
     
    Ken Kolda, Oct 8, 2004
    #3
  4. Ken Kolda

    Ken Kolda Guest

    OK -- I figured it out. Should have tried this before... I changed the
    identity of the anonymous user for the virtual root to one with sufficient
    rights. The identity used for the AppPool didn't make a difference -- that's
    where I was thrown off. I guess ASP pages always impersonate the identity
    use by the IIS virtual root, whereas this is configurable in .NET.

    Thanks for the help -
    Ken


    "Ken Kolda" <> wrote in message
    news:%...
    > Thanks for the quick response. I suspect you're right with identity being
    > the issue although I didn't originally think this was the case.
    >
    > My web.config is the standard one generated by VS.NET, so there's no
    > <identity> element in it. My machine.config is also the default, so it has
    > <identity impersonate="false" userName="" password=""/>. I tried creating

    a
    > new local user and placed him in pretty much every group (including
    > Administrators, IIS_WPG, etc.) and setting the AppPool to run as this

    user.
    > That seemed to have no effect (ASP.NET app worked, ASP didn't). None of
    > built-in accounts for the AppPool identity work either.
    >
    > I also tried disabling Windows authentication in IIS on both the apps'
    > virtual roots (so only anonymous access was being used). Again, no effect.
    >
    > Thanks again for the help -- if there's anything you can think of for me

    to
    > try, let me know.
    >
    > Ken
    >
    >
    > "Richard Blewett [DevelopMentor]" <> wrote in message
    > news:uplTl%...
    > > This isn't a CAS issue, otherwise you would have got a

    SecurityException.
    > You've got an indentity isssue somewhere, does the ASP.NET app use
    > impersonation?
    > >
    > > Regards
    > >
    > > Richard Blewett - DevelopMentor
    > > http://staff.develop.com/richardb/weblog
    > >
    > >

    >

    nntp://news.microsoft.com/microsoft.public.dotnet.framework/<#>
    > >
    > > I have a .NET assembly which utilizes the System.Management classes to
    > > retrieve information about the computer. When run under ASP.NET, I can

    > use
    > > this assembly with no problems. But now I'm trying to use with from

    > within
    > > classic ASP. The assembly is strongly-named and I've registered it

    using
    > > "regasm /codebase" (I've also tried it in the GAC without the

    /codebase).
    > > But when I use the component in ASP thru COM interop on either Win 2K

    or
    > Win
    > > 2K3, I get the following exception when I try to execute my WMI query:
    > >
    > > System.Exception: Error reading MAC Address information: Access denied
    > > ---> System.Management.ManagementException: Access denied
    > >
    > > at
    > >

    >

    System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    > > errorCode)
    > > at System.Management.ManagementObjectSearcher.Get()
    > >
    > > I even tried going into the .NET security configuration console and

    > granting
    > > FullTrust premissions based on the public key with which I signed my
    > > assembly. It seemed to have no effect (although I can't say

    definiteively
    > I
    > > put the code group in the right place -- I stuck it directly under the
    > > All_Code node in the Machine policy group).
    > >
    > > I don't think this is identity-related because I have this ASP app

    > running
    > > in the same App Pool as an ASP.NET app which has no problems running

    the
    > WMI
    > > query. (I did try playing with the identity it ran with, even using a

    > local
    > > admin, but to no avail). Somehow, when running through COM Interop, the
    > > component doesn't run with full trust -- does anyone know how I can
    > > configure the system to grant FullTrust to my assembly in this

    scenario?
    > >
    > > Thanks for your help -
    > > Ken
    > >
    > >
    > >
    > > ---
    > > Incoming mail is certified Virus Free.
    > > Checked by AVG anti-virus system (http://www.grisoft.com).
    > > Version: 6.0.771 / Virus Database: 518 - Release Date: 28/09/2004
    > >
    > >
    > >
    > > [microsoft.public.dotnet.framework]

    >
    >
     
    Ken Kolda, Oct 8, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marina
    Replies:
    2
    Views:
    575
    Marina
    Jan 7, 2004
  2. Mike Moore [MSFT]
    Replies:
    0
    Views:
    736
    Mike Moore [MSFT]
    Jan 9, 2004
  3. =?Utf-8?B?QWRhbSBHZXRjaGVsbA==?=

    Using SQL trusted connections with ASP.NET

    =?Utf-8?B?QWRhbSBHZXRjaGVsbA==?=, Mar 2, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    4,524
    =?Utf-8?B?QWRhbSBHZXRjaGVsbA==?=
    Mar 4, 2005
  4. =?Utf-8?B?RFQ=?=
    Replies:
    1
    Views:
    1,816
    Brock Allen
    Apr 4, 2005
  5. Replies:
    1
    Views:
    2,967
    =?Utf-8?B?S2F1c3Rhdg==?=
    Apr 11, 2006
Loading...

Share This Page