ASP / IIS Permissions Nightmare

C

Chris Malone

I have a small ASP program that runs srvinfo.exe remotely on
whatever server you put into the form field. I'm utilizing the
aspexec.dll.

Here is the code:

<html>
<head><title>ASPExec Server Information (srvinfo) Realtime
Query</title><head>
<body>
<H3>ASPExec SrvInfo Realtime Query</H3>

<% if Request.QueryString("host") = "" then %>

<form action="/servers/aspping.asp" method=get>
Enter System Parameters in the form of "-ns \\servername" : <input
type=text size=45 name=host value="-ns \\wammonitor01">
<input type="Submit" VALUE="Submit form">
<input type="Reset" VALUE="Clear fields">
</form>

<%
else
Session.Timeout = 5
Set Executor = Server.CreateObject("ASPExec.Execute")
Executor.Application = "srvinfo.exe"
Executor.Parameters = Request.QueryString("host")
strResult = Executor.ExecuteDosApp
Response.Write "<pre>" & strResult & "</pre>"

end if
%>


</body>
</html>


The code runs fine - the problem is that srvinfo run against any
server besides the server that's running IIS (wammonitor01) will fail
with error 5 (access denied). I suspect that my code is running under
the context of the IWAM_computername account, although I have
Anonymous authentication unchecked for the properties of the site and
am using integrated Windows authentication. This tells me that IIS
should impersonate the credentials of the logged on user (me) which
has Domain Admin privileges. Unfortunately, in some form or another,
this doesnt appear to be happening.

I also tried playing with the IIS Out-of-process Pooled Applications
component and editing the "This application will run under the
following
context" field from "IWAM_computername" to the interactive user, but
then running the script bombs out with server errors.

There must be some way in which IIS can run an .exe that requires
certain privileges against remote servers.

Any help is greatly appreciated.

Thanks,

Chris Malone
Sr. Network Administrator
Westdale Asset Management
Email: (e-mail address removed)
 
T

Tom Kaminski [MVP]

Chris Malone said:
I have a small ASP program that runs srvinfo.exe remotely on
whatever server you put into the form field. I'm utilizing the
aspexec.dll.

Here is the code:

<html>
<head><title>ASPExec Server Information (srvinfo) Realtime
Query</title><head>
<body>
<H3>ASPExec SrvInfo Realtime Query</H3>

<% if Request.QueryString("host") = "" then %>

<form action="/servers/aspping.asp" method=get>
Enter System Parameters in the form of "-ns \\servername" : <input
type=text size=45 name=host value="-ns \\wammonitor01">
<input type="Submit" VALUE="Submit form">
<input type="Reset" VALUE="Clear fields">
</form>

<%
else
Session.Timeout = 5
Set Executor = Server.CreateObject("ASPExec.Execute")
Executor.Application = "srvinfo.exe"
Executor.Parameters = Request.QueryString("host")
strResult = Executor.ExecuteDosApp
Response.Write "<pre>" & strResult & "</pre>"

end if
%>


</body>
</html>


The code runs fine - the problem is that srvinfo run against any
server besides the server that's running IIS (wammonitor01) will fail
with error 5 (access denied). I suspect that my code is running under
the context of the IWAM_computername account, although I have
Anonymous authentication unchecked for the properties of the site and
am using integrated Windows authentication. This tells me that IIS
should impersonate the credentials of the logged on user (me) which
has Domain Admin privileges. Unfortunately, in some form or another,
this doesnt appear to be happening.

That's likely the problem right there, it's known as a delegation issue.
IIS doesn't actually get the password in Windows Integrated authentication
so there for it can't pass it to the remote server. Switch to Basic
authentication and see if it works.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,906
Latest member
SkinfixSkintag

Latest Threads

Top