Calling COM Server from ASP.NET WebService - impersonation problem


G

Gangolf

Hi,

I want to call a COM+ server from a webservice. I want to use the client
credentials so I have set
<authentication mode="Windows"/>
<identity impersonate="true"/>
Calling the webservice is no problem but the COM service fails because it
still runs under the ASPNET account (I have XP SP2 and IIS 5.1). So
impersonation fails partly. When I step into the webservice with the debugger
and check the current User it is the client as it should be. But inside the
COM server I have output the current user also and that is ASPNET, which has
insufficient rights to do the job of the COM server (which is querying a
hierarchical db via a custom API).
The COM server is actually a Delphi program.

What can I do? How do I get the COM server called using the clients
credentials? I thought that would happen automatically since the webmethod is
running using the clients identity.

Here a test webservice method, which sends a mail to me showing me the
credentials used inside the webservice and inside the COM service

[WebMethod]
public bool SendAMail(string address, string header, string body)
{
try
{
// this is a COM server sending smtp mails.
SendAMailProject.SendAMailClass sendMail =
new SendAMailProject.SendAMailClass();

sendMail.SendMail(
/*array with receivers*/ new string[] { address },
/* subject */ header + " send from " + User.Identity.Name,
/* message*/ body);
return true;
}
catch
{
return false;
}
}

When I call the webmethod with the parameters
SendAMail("(e-mail address removed)", "Test", "don't care")
it returns true.

Since the COM server uses the current user as sender address I can see it in
the mail I receive. It is
ASPNET

The subject shows the client that has called the webservice and at this
point it is really the client who called the webservice. Up to this point
impersonation has worked:
Test send from mydomain\myaccount

Thanks in advance,
Gangolf
 
Ad

Advertisements

G

Gangolf

Good news. If I add the CoImpersonateClient() call into my COM server (which
is a COM+ server luckily) it works!

Gangolf said:
I found a relevant knowledge base article in the mean time:
http://support.microsoft.com/kb/325791/en-us

It is much more difficult than I thought - my COM server is of STA type and
it is really complex...

Thanks, Gangolf

Gangolf said:
Hi,

I want to call a COM+ server from a webservice. I want to use the client
credentials so I have set
<authentication mode="Windows"/>
<identity impersonate="true"/>
Calling the webservice is no problem but the COM service fails because it
still runs under the ASPNET account (I have XP SP2 and IIS 5.1). So
impersonation fails partly. When I step into the webservice with the debugger
and check the current User it is the client as it should be. But inside the
COM server I have output the current user also and that is ASPNET, which has
insufficient rights to do the job of the COM server (which is querying a
hierarchical db via a custom API).
The COM server is actually a Delphi program.

What can I do? How do I get the COM server called using the clients
credentials? I thought that would happen automatically since the webmethod is
running using the clients identity.

Here a test webservice method, which sends a mail to me showing me the
credentials used inside the webservice and inside the COM service

[WebMethod]
public bool SendAMail(string address, string header, string body)
{
try
{
// this is a COM server sending smtp mails.
SendAMailProject.SendAMailClass sendMail =
new SendAMailProject.SendAMailClass();

sendMail.SendMail(
/*array with receivers*/ new string[] { address },
/* subject */ header + " send from " + User.Identity.Name,
/* message*/ body);
return true;
}
catch
{
return false;
}
}

When I call the webmethod with the parameters
SendAMail("(e-mail address removed)", "Test", "don't care")
it returns true.

Since the COM server uses the current user as sender address I can see it in
the mail I receive. It is
ASPNET

The subject shows the client that has called the webservice and at this
point it is really the client who called the webservice. Up to this point
impersonation has worked:
Test send from mydomain\myaccount

Thanks in advance,
Gangolf
 
Ad

Advertisements

P

Pom

another way around this, is if you can't change the code, the way we did it
at our end was to change the identity of the COM+. we made it the same
username+password as the application pool that was running our application
and it works

Gangolf said:
Good news. If I add the CoImpersonateClient() call into my COM server (which
is a COM+ server luckily) it works!

Gangolf said:
I found a relevant knowledge base article in the mean time:
http://support.microsoft.com/kb/325791/en-us

It is much more difficult than I thought - my COM server is of STA type and
it is really complex...

Thanks, Gangolf

Gangolf said:
Hi,

I want to call a COM+ server from a webservice. I want to use the client
credentials so I have set
<authentication mode="Windows"/>
<identity impersonate="true"/>
Calling the webservice is no problem but the COM service fails because it
still runs under the ASPNET account (I have XP SP2 and IIS 5.1). So
impersonation fails partly. When I step into the webservice with the debugger
and check the current User it is the client as it should be. But inside the
COM server I have output the current user also and that is ASPNET, which has
insufficient rights to do the job of the COM server (which is querying a
hierarchical db via a custom API).
The COM server is actually a Delphi program.

What can I do? How do I get the COM server called using the clients
credentials? I thought that would happen automatically since the webmethod is
running using the clients identity.

Here a test webservice method, which sends a mail to me showing me the
credentials used inside the webservice and inside the COM service

[WebMethod]
public bool SendAMail(string address, string header, string body)
{
try
{
// this is a COM server sending smtp mails.
SendAMailProject.SendAMailClass sendMail =
new SendAMailProject.SendAMailClass();

sendMail.SendMail(
/*array with receivers*/ new string[] { address },
/* subject */ header + " send from " + User.Identity.Name,
/* message*/ body);
return true;
}
catch
{
return false;
}
}

When I call the webmethod with the parameters
SendAMail("(e-mail address removed)", "Test", "don't care")
it returns true.

Since the COM server uses the current user as sender address I can see it in
the mail I receive. It is
ASPNET

The subject shows the client that has called the webservice and at this
point it is really the client who called the webservice. Up to this point
impersonation has worked:
Test send from mydomain\myaccount

Thanks in advance,
Gangolf
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top