Web Service Security problem

Discussion in 'ASP .Net Web Services' started by Russ, May 15, 2004.

  1. Russ

    Russ Guest

    Hello. I'm still struggling with a million new concepts in this .NET
    world, so forgive me if the answers are obvious.

    I wrote a test web service using managed C++. It works ok on
    localhost but I need it to open files on another machine on the lan.
    When I try to do that, it fails with error 2 (file not found). But
    the file is there and accessible through windows explorer and normal
    application programs.

    Security auditing on the target machine (Win2K server) indicates a
    failed logon attempt by user ASPNET every time I try to open the file.
    It says "unknown user or bad password".

    I think the problem is the use of the user ASPNET for trying to access
    another computer on the lan. How can I cause the web service to use a
    different username that is known to the domain server?

    I read somewhere that asp.net security does not apply to non .NET
    resources. Since I am trying to open a simple text file (using
    CFile::Open or even fopen), I don't think the solution is to be found
    in machine.config or web.config. I have tried changing the username
    in the process model in machine.config on the server to "SYSTEM", and
    same on the workstation on which the web service is running, but to no
    avail.

    Another possible issue is the ASPNET account on the server. That
    account was initially disabled when I looked at it. Each security
    audit indicated that the user domain was the workstation. After
    enabling the ASPNET account on the server, subsequent security audit
    failures showed the domain of the ASPNET user to be the server. But
    it still fails.

    Help?

    Russ
    Russ, May 15, 2004
    #1
    1. Advertising

  2. Russ

    CodeMeister Guest

    The web service project should hav a web.config.

    In the web.config file, set the identity element as follows:

    <identity impersonate="true" userName="domain\someuser"
    password="somepassword" />

    make sure the domain\someuser has access permission to the files on te lan.

    The ASPNET account is the default account used by the .Net process for
    ASP.Net. It is used by default for every ASP.Net application on a machine.
    Allowin that account access to lan resources would be a large security risk.

    Since the web.config is a text file, the username and password elements
    should be encrypted if you are using .Net 1.1. The information on encryption
    can be found at
    http://support.microsoft.com/default.aspx?scid=kb;en-us;329290



    "Russ" <> wrote in message
    news:...
    > Hello. I'm still struggling with a million new concepts in this .NET
    > world, so forgive me if the answers are obvious.
    >
    > I wrote a test web service using managed C++. It works ok on
    > localhost but I need it to open files on another machine on the lan.
    > When I try to do that, it fails with error 2 (file not found). But
    > the file is there and accessible through windows explorer and normal
    > application programs.
    >
    > Security auditing on the target machine (Win2K server) indicates a
    > failed logon attempt by user ASPNET every time I try to open the file.
    > It says "unknown user or bad password".
    >
    > I think the problem is the use of the user ASPNET for trying to access
    > another computer on the lan. How can I cause the web service to use a
    > different username that is known to the domain server?
    >
    > I read somewhere that asp.net security does not apply to non .NET
    > resources. Since I am trying to open a simple text file (using
    > CFile::Open or even fopen), I don't think the solution is to be found
    > in machine.config or web.config. I have tried changing the username
    > in the process model in machine.config on the server to "SYSTEM", and
    > same on the workstation on which the web service is running, but to no
    > avail.
    >
    > Another possible issue is the ASPNET account on the server. That
    > account was initially disabled when I looked at it. Each security
    > audit indicated that the user domain was the workstation. After
    > enabling the ASPNET account on the server, subsequent security audit
    > failures showed the domain of the ASPNET user to be the server. But
    > it still fails.
    >
    > Help?
    >
    > Russ
    CodeMeister, May 15, 2004
    #2
    1. Advertising

  3. Russ

    Russ Guest

    Thank you for that. This solves the problem of accessing a text file.
    But I still have another permission problem that you MAY be able to
    help me with.

    I have Pervasive Software's Btrieve engine (version 2000i) running on
    the server. Although I can now access a text file, trying to open one
    of the Btrieve files via a call to it's requester (from the web
    service) fails with an error 94 - permission error.

    Before I added impersonation to the web.config, the user name shown in
    the failed logon attempt was ASPNET. Now the user name and domain are
    changed to the ones specified, but the logon still fails (only when
    the request is through the Btrieve engine). Access to the same file
    is successful when the request is done from a normal windows client
    program (unmanaged code and not a web service).

    I know this is probably a Btrieve problem, and I have posted a query
    to the appropriate news group, but I thought I would ask here too in
    case you, or anyone, has any idea how to cure this.

    Thanks, Russ

    On Sat, 15 May 2004 05:47:06 -0400, "CodeMeister"
    <> wrote:

    >The web service project should hav a web.config.
    >
    >In the web.config file, set the identity element as follows:
    >
    ><identity impersonate="true" userName="domain\someuser"
    >password="somepassword" />
    >
    >make sure the domain\someuser has access permission to the files on te lan.
    >
    >The ASPNET account is the default account used by the .Net process for
    >ASP.Net. It is used by default for every ASP.Net application on a machine.
    >Allowin that account access to lan resources would be a large security risk.
    >
    >Since the web.config is a text file, the username and password elements
    >should be encrypted if you are using .Net 1.1. The information on encryption
    >can be found at
    >http://support.microsoft.com/default.aspx?scid=kb;en-us;329290
    >
    >
    >
    >"Russ" <> wrote in message
    >news:...
    >> Hello. I'm still struggling with a million new concepts in this .NET
    >> world, so forgive me if the answers are obvious.
    >>
    >> I wrote a test web service using managed C++. It works ok on
    >> localhost but I need it to open files on another machine on the lan.
    >> When I try to do that, it fails with error 2 (file not found). But
    >> the file is there and accessible through windows explorer and normal
    >> application programs.
    >>
    >> Security auditing on the target machine (Win2K server) indicates a
    >> failed logon attempt by user ASPNET every time I try to open the file.
    >> It says "unknown user or bad password".
    >>
    >> I think the problem is the use of the user ASPNET for trying to access
    >> another computer on the lan. How can I cause the web service to use a
    >> different username that is known to the domain server?
    >>
    >> I read somewhere that asp.net security does not apply to non .NET
    >> resources. Since I am trying to open a simple text file (using
    >> CFile::Open or even fopen), I don't think the solution is to be found
    >> in machine.config or web.config. I have tried changing the username
    >> in the process model in machine.config on the server to "SYSTEM", and
    >> same on the workstation on which the web service is running, but to no
    >> avail.
    >>
    >> Another possible issue is the ASPNET account on the server. That
    >> account was initially disabled when I looked at it. Each security
    >> audit indicated that the user domain was the workstation. After
    >> enabling the ASPNET account on the server, subsequent security audit
    >> failures showed the domain of the ASPNET user to be the server. But
    >> it still fails.
    >>
    >> Help?
    >>
    >> Russ

    >
    Russ, May 15, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    1
    Views:
    328
    bruce barker
    Jan 4, 2007
  2. dgleeson422111

    Consuming local web service - ok, remote web service -problem?

    dgleeson422111, Jan 26, 2010, in forum: ASP .Net Web Controls
    Replies:
    0
    Views:
    902
    dgleeson422111
    Jan 26, 2010
  3. Scott Baierl
    Replies:
    1
    Views:
    279
    Scott Baierl
    Jul 29, 2006
  4. Leo Violette
    Replies:
    0
    Views:
    1,024
    Leo Violette
    Apr 17, 2009
  5. Redhot
    Replies:
    0
    Views:
    767
    Redhot
    Jul 18, 2009
Loading...

Share This Page