I have developed a web site to show job status of our fax server. I use windows fax service (fxscomex.dll interop). when I am debugging from VS2010 (using development sever), everything is fine, I can read jobs status of, but when I run my web site under IIS, job queue is always empty.
here is my code to check sent items:
FaxOutgoingMessageIterator sentItems = fxServer.Folders.OutgoingArchive.GetMessages(100);
sentItems.MoveFirst();
while (!sentItems.AtEOF)
{
Response.Write(itm.Recipient.Name);
sentItems.MoveNext();
}
on IIS, sentItems.AtEOF is always true.
Thank you
I received this answer from asp.net forum and it worked!
The identity is different from visual studio and IIS application pool. You can try to change the IIS application pool's identity to be local system or your machine/domain account or event administrator to have a try.
however the other built-in accounts didn't work but when I set the application pool identity to a admin user, it worked.
Related
I have a asp.net application where I am using running process.start. it runs on my pc but not the server.
I have read that I needed to give my iis worker permission to run interactivity with the desktop however this still is not working.on my server the asp.net app is under its own application pool. How do I give my application pool access to run the process.start?
Give permission for ASP.NET worker process account (\ASPNET) to interact with desktop or allow ASP.NET worker process to run in SYSTEM account.
To know how to allow worker process to run in SYSTEM account and to know the default permissions of ASPNET account, check this article
INFO: Process and Request Identity in ASP.NET (http://support.microsoft.com/default.aspx?scid=kb;en-us;317012)
2. Enable IIS Admin Service to interact with desktop
To configure this, follow this steps.
a. Open Control Panel and follow these steps:
For Windows NT: click Services.
For Windows 2000, Windows XP, and .NET Server: click Administrative Tools, and then click Services.
b. Double-click IIS Admin Service.
c. On the Log On tab, select the Allow Service to Interact with Desktop check box.
Note: This article assumes that the IIS Admin Service runs as a local system.
d. Stop and restart the IIS Admin Service.
Then you need to change you Application Pool Identity to Local Service. Start and Stop Application Pool and Website.
Then this will work
1) I want to know suppose we are using an ASP.NET web application in debug mode in VS, then, the code runs under which user account?
2) I also want to know, suppose we publish this to the IIS and then, set it up to use WBA/FBA, then, the username/password of logged in user is used to authenticate user to the ASP.NET site, however, the code (SQL query, etc) runs under credentials of apppool account. Further, which credential is used to access resources on server like files? What is your view on this point?
1) I want to know suppose we are using an ASP.NET web application in
debug mode in VS, then, the code runs under which user account?
This is depending on the hosting. VS provides 4 ways to host & debug a web application : VS Dev Server (VS 2012), IIS Express, Local IIS and Custom Host (VS 2013). Devs servers generally runs under your -Administrator- account, and may not be suitable to test security. Working directly with IIS as your development web server lets you work in an environment closer to that of an IIS production web server.
This is configured in the Web Tab in your web project properties.
2) I also want to know, suppose we publish this to the IIS and then,
set it up to use WBA/FBA, then, the username/password of logged in
user is used to authenticate user to the ASP.NET site, however, the
code runs under credentials of apppool account. What is your view on
this point?
Not very clear, but I think your undestanding of IIS security may not be correct. There is only one application pool per web site which runs under a specific account (by default apppool account, but it could be Network Service or Local System). When a user logs in, absolutely nothing is changed in this process. The user is just connected using an authentication provider : Windows Authentatication or Forms Authentication are 2 common providers. User identity is kept in http context, which allow you to use authorization rules later. So every code block always run under the same account (unless you enable delegation but that's another story).
I higly suggest you to read this complete introduction on asp.net security.
I have two websites which are more or less identical, both running on the same server, but under different app pools. The app pools are both configured to run with "NETWORK SERVICE" credentials.
On one website - call this the development copy, I receive the infamous "validation of view state MAC failed" error. This happens when a postback occurs after the page is idle for 20 minutes. I've been informed this is because I don't specify the machine key in the web.config or the machine config file. Manually recycling the app pool reproduces the error as expected. So my question is not about how to stop the issue, but rather I want to know why the error happens in dev but not production. The only difference between the setup of the two sites is the authentication method.
In the "basic settings" section of the IIS config, the dev version of the site is set to connect using a service account, while the production version is using "application user" (pass through authentication). Under authentication settings, both pages are configured with impersonation and windows authentication.
This is the only difference I can see. My knowledge of how IIS handles authentication at the site and app pool level is fairly limited. Is there a specific reason why one setup should result in the machine key being refreshed but the other does not?
After installing .NET 3.5 SP1 you may get Validation of viewstate MAC failed exceptions when doing post backs on ASP.NET pages.
Every time the ASP.NET application in question throws an error the Global.asax writes to an error file: logs\error.log. The ASP.NET applications works using Windows authentication.
I am able to write to the log file when debugging using Visual Studio, however it does not work when the application is deployed in the live environment. How do I find out what user account I need to give access to: logs/error.log?
The application is deployed on a Windows 2003 Server with IIS6. Microsoft.NET 3.5.
You would have to give the required permissions to the network service account. This link might be able to help you out.
Windows Server 2003 defaults to the "Network Service" account.
This can be verified by opening IIS (expand the computer if needed), expand the "Application Pools" folder, right click on the pool used by your web app, and go to the Identity tab.
FYI: Windows Server 2008 uses the IIS_IUSER instead of Network Services.
I hope that logs folder is a virtual directory setup outside the web site directory.
Otherwise every time you deploy the entire solution you will overwrite the logs folder and its content.
Microsoft has a tool for monitoring file access that can be useful for troubleshooting permission issues.
Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645
You will also want to check if your application is using windows authentication & identity impersonation since that can change the identity the application is executing with when enabled.
I am having a problem with deploying a multiple tables report into my IIS server. The page shows : "The report you requested requires further information". However, I have tried to set databaselogon at the server-side but it didn't work. (The report is working fine on VS Debugging Mode)
It is confusing that it happens only to a multiple tables report and it is working fine on a single table report.
I am using VS2008 and CrystalReportViewer version 10.
When you get "The report you requested requires further information", are you prompted to log in? I think that is the header message for DB authentication required.
If so, what you need to understand is the concept that the Crystal Reports runtime runs within the security context of the ASP.NET server. Your database connections within the Crystal Report are probably set up to use Integrated Authentication, which means the report will authenticate to the DB server using the credentials of the ASP.NET process.
In debug mode, the ASP.NET development server runs as your user account. Undoubtedly, you have access to the DB. However when you try to run in production mode, the ASP.NET server (by default) is either running as a local account called ASPNET on the IIS server, or as the NetworkService account, depending on what version of IIS you are running.
If you are running IIS 7.x, you need to either give the IIS server's directory object (NtDomainName\ServerName$) access to the DB, or change the security identity of the application pool associated with your ASP.NET application.
Hopefully this sets you on the right track and if you still need more help please post what version of IIS you are running and more information on the error message you are getting.
Response to Comment:
To configure Application Pools, in IIS Manager, select the Site in question, click Basic Settings... and check the Application Pool it is assigned to. Then go into Application Pools, you should see the current Identity of the pool listed. This is the account the application "runs as". This account needs to have access to all the files and resources in your web application, including your MySQL DB.
You can edit the Identity settings in the Advanced Settings dialog for the Pool.
Unfortunately I can't give you any advice on MySQL since I have never worked with it.