VB.NET (2.0) Web.Config Impersonate not functioning?

Discussion in 'ASP .Net' started by =?Utf-8?B?TmF0aGFuQw==?=, May 17, 2007.

  1. I have a web project that is running this code: (generalized for security)

    refWMIService = GetObject("winmgmts:\\computer_name")
    colcomputers = refWMIService.ExecQuery("Select * From
    Win32_OperatingSystem")
    For Each refComputer In colcomputers
    If refComputer.reboot() = 0 Then
    Response.Write("reboot")
    Else
    Response.Write("nope")
    End If

    This is WMI functionality and on the remote computer - the ASPNET account
    obviously does not have permission to do this - and I can see Failed Audit
    events in the computer security log. So, I have added this bit of code to the
    web.config file for the project:

    <identity impersonate="true" userName="subdomain.domain.com\username"
    password="password" />

    When I rebuild the project and even restart IIS - the call is still hitting
    the remote computer as ASPNET account - although my understanding is that
    because of the impersonate web.config tag - it should send using the higher
    access credentials.

    Any thoughts? Thanks,
     
    =?Utf-8?B?TmF0aGFuQw==?=, May 17, 2007
    #1
    1. Advertising

  2. For remote WMI access, you have to set the impersonation in the WMI script itself.

    See :

    http://msdn2.microsoft.com/en-us/library/aa389292.aspx

    and

    http://www.leastprivilege.com/PermaLink.aspx?guid=56c18c35-7aee-4878-b6c3-1c691312798e

    for example code.




    Juan T. Llibre, asp.net MVP
    asp.net faq : http://asp.net.do/faq/
    foros de asp.net, en espaƱol : http://asp.net.do/foros/
    ======================================
    "NathanC" <> wrote in message
    news:...
    >I have a web project that is running this code: (generalized for security)
    >
    > refWMIService = GetObject("winmgmts:\\computer_name")
    > colcomputers = refWMIService.ExecQuery("Select * From
    > Win32_OperatingSystem")
    > For Each refComputer In colcomputers
    > If refComputer.reboot() = 0 Then
    > Response.Write("reboot")
    > Else
    > Response.Write("nope")
    > End If
    >
    > This is WMI functionality and on the remote computer - the ASPNET account
    > obviously does not have permission to do this - and I can see Failed Audit
    > events in the computer security log. So, I have added this bit of code to the
    > web.config file for the project:
    >
    > <identity impersonate="true" userName="subdomain.domain.com\username"
    > password="password" />
    >
    > When I rebuild the project and even restart IIS - the call is still hitting
    > the remote computer as ASPNET account - although my understanding is that
    > because of the impersonate web.config tag - it should send using the higher
    > access credentials.
    >
    > Any thoughts? Thanks,
     
    Juan T. Llibre, May 18, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neo Geshel
    Replies:
    5
    Views:
    862
    =?Utf-8?B?UHJha2FzaC5ORVQ=?=
    Jun 14, 2005
  2. Thomas  Kunnumpurath

    ASP.NET Development Server not functioning properly.

    Thomas Kunnumpurath, May 4, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    468
    Thomas Kunnumpurath
    May 4, 2006
  3. Jeremy Kercheval

    IIS, SQL, impersonate not functioning...

    Jeremy Kercheval, Aug 5, 2003, in forum: ASP .Net Security
    Replies:
    3
    Views:
    202
    Jeremy Kercheval
    Aug 12, 2003
  4. Bill Belliveau

    DirectoryEntry Impersonate or WindowsIdentity Impersonate?

    Bill Belliveau, Jan 28, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    409
    Joe Kaplan \(MVP - ADSI\)
    Jan 31, 2004
  5. mpaine
    Replies:
    0
    Views:
    1,212
    mpaine
    Mar 25, 2010
Loading...

Share This Page