How do I find what windows user account Railo is running under on windows 2008 r2?
I believe you can use the System properties, same as in ACF:
<cfscript>
prop = createObject("java", "java.lang.System").getProperties();
WriteDump( var=prop["user.name"], label="User.Name");
WriteDump( var=prop, label="All Properties" );
</cfscript>
Related
Before I go into the issue let me first explain the architecture I'm working with.
DB-Server - SQL Server 2019, Windows 2019
SSRS-Server - SSRS 2019, Windows 2019
Web-Server - IIS v10, Windows 2019
All servers are on the same domain.
The application rendering the report is written in ASP.NET using the rsweb:ReportViewer control.
Requirement: I need the ability to access reports from the ASP.NET application using a machine level account.
Current Error: The request failed with HTTP status 401: Unauthorized.
What I've done so far...
Added machine account to SSRS. I've given it permissions at all levels: site settings, folders, reports. Once I get it working I'll dumb down the rights but for now I need it working. This machine level account is the Web-Server. My assumption is any access from the Web-Server to the SSRS-Server will be granted.
Changed the application pool's identity to LocalSystem. Yes this may violate least privilege but again I'm viewing this as a POC at this point. I've also tried NetworkService.
Web.config. There may be something I need to do here to make this work. I've tried using identity impersonate but I had no success but it's possible I didn't use it in combination with another setting. When I have the authentication mode set to Windows the Windows Identity used by ASP.NET is NT AUTHORITY\IUSR. Removing this line gives me NT AUTHORITY\NETWORK SERVICE as the Windows Identity. I would think the NETWORK SERVICE account would be granted; however, this still results in a 401 error.
Modified the "rsreportserver.config" file (C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\rsreportserver.config)
ASP.NET ReportViewer setup:
ReportViewer1.ServerReport.ReportPath = rc.report_ssrs_path;
ReportViewer1.ServerReport.ReportServerUrl = new System.Uri(rc.report_ssrs_url);
SqlConnectionStringBuilder conString = new Database().conBuilder;
List<ReportParameter> parameters = new List<ReportParameter>();
parameters.Add(new ReportParameter("ConString", conString.ConnectionString));
ReportViewer1.ServerReport.SetParameters(parameters);
DataSourceCredentials dsc = new DataSourceCredentials();
dsc.Name = ReportViewer1.ServerReport.GetDataSources()[0].Name;
dsc.UserId = conString.UserID;
dsc.Password = conString.Password;
ReportViewer1.ServerReport.SetDataSourceCredentials(new DataSourceCredentials[] {
dsc });
ReportViewer1.ShowCredentialPrompts = false;
ReportViewer1.ServerReport.Refresh();
If anyone could help it would be greatly appreciated. I've scoured the internet for a solution to this with no luck. It seems like it should be possible and a lot of the things I've read make it sound like it is. I'm sure I'm just missing something minor.
Short question: How to check the current user used by integrated security SqlClient connection when the user is an Active Directory domain user forced through the "runas" command in a debug environment. All .NET methods found in similar questions reports uncorrect results.
Long question
I have an ASP.NET application using System.Data.SqlClient library to connect against a SqlServer database.
The connection is performed through "Integrated Security = SSPI" with Active Directory domain users.
I run debug from VisualStudio Community 2017 on my PC which is not joined to the Active Directory domain, but I'm able to connect with my Active Directory domain user to the database by running VisualStudio through the "RunAs" command like this:
C:\Windows\System32\runas.exe /user:<domain>\<user> /netonly "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe"
In this way the VisualStudio process runs with the domain user on my PC (altough the task manager shows the running user as local "mariano.paniga" user). This allows the IIS Express debug session to run with the same domain user and the connection to the database works fine.
I need to check in my code the current user performing the action, but I'm not able to see what I consider the correct user connecting to the database (i.e. "/").
This is the connection command
SqlConnection sqlConn = new SqlConnection("Initial Catalog = WL; Integrated Security = SSPI; Data Source = <DB_Machine>");
These are the ways I tried to check the current user and their actual results in my debug environment:
sb.Append(string.Format("{0} - Started handling insert from user {1}\n", DateTime.Now
, System.Security.Principal.WindowsIdentity.GetCurrent().Name));
sb.Append(string.Format("{0} - Debug HttpContext.Current.User.Identity.Name = {1}\n", DateTime.Now
, HttpContext.Current.User.Identity.Name));
sb.Append(string.Format("{0} - Debug System.Environment.UserName = {1}\n", DateTime.Now
, System.Environment.UserName));
sb.Append(string.Format("{0} - Debug Thread.CurrentPrincipal.Identity.Name = {1}\n", DateTime.Now
, Thread.CurrentPrincipal.Identity.Name));
Results:
02/10/2019 10:08:51 - Started handling insert from user <MYPC-NAME>\mariano.paniga
02/10/2019 10:08:51 - Debug HttpContext.Current.User.Identity.Name =
02/10/2019 10:08:51 - Debug System.Environment.UserName = mariano.paniga
02/10/2019 10:08:51 - Debug Thread.CurrentPrincipal.Identity.Name =
Have you thought of sending the database
select ORIGINAL_LOGIN()
To purposely check the login used to start the connection.
(I'm presuming that you'd just do that to help your debugging along it's way in your current environment)
I have a legacy ASP application that I moved from a old server to Windows 2012 server with IIS 8.5.
I see the email sending is failing with the below error in IIS logs.
80040220|The__SendUsing__configuration_value_is_invalid
Current code is
Dim MyCDONTSMail2
Dim HTML
Set MyCDONTSMail2 = CreateObject("CDO.Message")
HTML = "all html format of mail content"
MyCDONTSMail2.From= "some from address"
MyCDONTSMail2.To="some to address"
MyCDONTSMail2.Subject="My Subject"
MyCDONTSMail2.HTMLBody=HTML
MyCDONTSMail2.Send
set MyCDONTSMail2=nothing
I have read a few other articles over Internet and this as well. I add a little bit of configuration in the code as shown in all other articles
MyCDONTSMail2.HTMLBody=HTML
MyCDONTSMail2.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing")=2
MyCDONTSMail2.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver")="SMTP Server Name"
MyCDONTSMail2.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport")=25
MyCDONTSMail2.Configuration.Fields.Update
MyCDONTSMail2.Send
set MyCDONTSMail2=nothing
But I still get the same error. My SMTP Server Name is absolutely correct as I used the same server in my other .Net applications hosted on the same server to this ASP application. The .Net app works well with the same configuration.
I'm not sure if ASP pages need any other configuration / installation required.
I have also tried to configure my SMTP server inside the IIS Website --> SMTL E-mail and changing the smtp server in the ASP code to localhost. But, it also resulted in the same error.
EDIT: Application Pool is set to Classic Pipeline Mode and Identity as NetworkService
Your provided sample code is not SMTP Authenticated...please try to use SMTP Authenticated script..
.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic
.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "mail#yourdomain.com"
.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "email account password"
After that, have a check with email delivery.
everyone,
I am developing a web application that uses X509Certificate2 to get a private key from a certification file. Code snippet looks like following:
public static RSACryptoServiceProvider GetSignProviderFromPfx()
{
var strFileName = "c:\cer\mycerfile.pfx";
var strPassword = "000000";
X509Certificate2 pc = new X509Certificate2(strFileName, strPassword, X509KeyStorageFlags.MachineKeySet);
var ThePivateKey = pc.PrivateKey;
return (RSACryptoServiceProvider)ThePivateKey;
}
But the statement pc.Privatekey causes a System.Security.Cryptography.CryptographicException "Invalid provider type specified" . I'm sure the certification file has no problem, it really has a private key. And the property pc.HasPrivateKey is also return true.
The test environment is VS2013, window 7.
I also tried following:
a. I debugged it in VS2013 with iis express, the problem occured.
b. I debugged it in another computer with same enviroment with mine, the problem occured too.
c. I published the application to a server with iis running on Windows Web Server 2008 R2, it worked fine.
d. I published the application to widows azure website, it also worked fine.
Therefore, I guess the code snippet has no problem. The key reason raising the exception is that there may be some problem about running environment. I checked and compared the reading/writing right on the certification file in different environment, all of them are same.
Anybody can help?
Thanks.
I have been having the same problem and this is what I did to solve it. Hopefully this will help you too.
We had to set Load User Profile to True in the app pools advanced settings
You can also set it in the web.config I believe.
https://blogs.msdn.microsoft.com/vijaysk/2009/03/08/iis-7-tip-3-you-can-now-load-the-user-profile-of-the-application-pool-identity/
may be it useful to you;
On local try:
X509Certificate2 pc = new X509Certificate2(strFileName, strPassword);
We have ASP.NET code that runs fine on Windows 2008, but on Windows 2012 (on an Azure VM) it's deleting the session variables on a redirect:
Login loggedInUser = StoreV2Entities.Current().Logins.Include(a => a.Account).SingleOrDefault(l => l.UserName == UsernameTextbox.Text);
Session["login"] = loggedInUser;
Response.Redirect("~/apps/UserCart.aspx?register=1", false);
Is there some way to make this work?
And if not, what is the best way to persist session variables? This is on an Azure VM but it's not an Azure website, it's a plain old Windows 2012 VM. No clustering or fail over or publishing to a changing system.
thanks - dave