My application uses windows authentication mode.
I have a scenario where i need to move the excel file from one server to another server.Is it possibel to move the files did i get any security problems b'coz i am using the windows authentication mode. Please help?
Related
Appreciate help on below issue where we are using a decryption program written in .net from a web application to decrypt and encrypt files on server.
This program is working fine on Windows 2008 server when launched from command line. However when we are calling the same program from Asp.net code in an application hosted on IIS 7.5 --> Its not working at all.
Its not even showing any error. Even checked event logs. It simply does not decrypts.
Please note we are using ProcStart to launch this decryption program and passing necessary parameters. The Keys are well places on server in a local folder and the exe file with required config files is placed in another folder on server. All these folders have been provided full access to everyone right now just to make sure there are no access issues with files when accessing through IIS.
Also, the same program works fine when we run the site in debug mode on server (from visual studio after logging with localadmin).
Please help if we are missing some settings somewhere which are not allowing the decryption program to work when launched by a web user from website.
Unless we have any error it is difficult to troubleshoot but can you try to configure an apppool with some user/system idenitity. Give that identity full previledge on files to encrylt/decrypt and program. Run your asp.net website using this configured apppool.
Every time the ASP.NET application in question throws an error the Global.asax writes to an error file: logs\error.log. The ASP.NET applications works using Windows authentication.
I am able to write to the log file when debugging using Visual Studio, however it does not work when the application is deployed in the live environment. How do I find out what user account I need to give access to: logs/error.log?
The application is deployed on a Windows 2003 Server with IIS6. Microsoft.NET 3.5.
You would have to give the required permissions to the network service account. This link might be able to help you out.
Windows Server 2003 defaults to the "Network Service" account.
This can be verified by opening IIS (expand the computer if needed), expand the "Application Pools" folder, right click on the pool used by your web app, and go to the Identity tab.
FYI: Windows Server 2008 uses the IIS_IUSER instead of Network Services.
I hope that logs folder is a virtual directory setup outside the web site directory.
Otherwise every time you deploy the entire solution you will overwrite the logs folder and its content.
Microsoft has a tool for monitoring file access that can be useful for troubleshooting permission issues.
Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645
You will also want to check if your application is using windows authentication & identity impersonation since that can change the identity the application is executing with when enabled.
I always thought the user running the app pool was used to, for instance, access the file system when an application is trying to write a file.
I have an application in IIS, setup with Windows Integrated Authentication, that tries to write a file to the file system. I always get an error unless I give permissions on the file system to the specific domain user that logged in through Windows Integrated Authentication.
Any reason why I´m observing this behaviour?
Thx in advance
Are you using Impersonation? This would use the User's identity to do stuff, rather than the one of the AppPool. If you're using a third party ASP.net Application, check if they use Impersonation (for example, SharePoint does).
There is a way to revert the identity of the AppPool. Check this question which includes the RevertToSelf and HostingEnvironment.Impersonate methods. The Question is about SharePoint, but these two answers are the non-SharePoint way of reverting to the apppool, so they apply.
My web service needs to open some files located on a remote computer.
From Windows I can do the authentication so I can see those files using the File Explorer.
If I try to open the files from my Web Service while it's running using Visual Studio (ASP.NET Development Server) it also works.
However, if I do everything from IIS it doesn't.
In order to find out where is the problem what I did was to run a network sniffer and I found out that when using IIS, the system will try to use the account 'ASPNET' to login into those remote computers which will obviously fail.
However this doesn't happen if I run from the IDE (Using the ASP.NET Development Server)
I found out that if I use Impersonation for accessing this it will work, the problem is I need to have the same account names on the computer running IIS so I would rather not to do that.
Why is it working from the ASP.NET Development Server and not from IIS? Is there a way to give full access to the ASPNET account?
Thanks and hopefully somebody will be able to help with this. I don't know what else to try...
Any request on IIS is served by the ASPNET user. So the user ASPNET is working. I think you are using XP. On Win2K3 etc, the user is Network Service
But the Cassini (Visual Studio Dev server) runs under the current logged in user.
So the difference is. You need to use impersonation for your need.
I've recently had my PC upgraded to Vista, which means it includes IIS7. The problem is that the ASP.NET website we're working on doesn't work anymore. I get an error because the application is trying to connect to the SQL Server with NT AUTHORITY/ANONYMOUS LOGON instead of my domain user, and anonymous isn't authorized. I've tried several things, but no solution yet:
- install and enable the 'IIS Metabase and IIS 6 configuration compatibility'
- enable Windows Authentication for this website
- created a different Application Pool with managed pipeline mode set to Classic
- enabled IIS6 WMI compatibility and IIS6 management console (getting desperate here)
In our web.config there's and in our machine.config there's . I've tried putting impersonate to false and entering my domain user and password in the machine.config (it used to be like this) but that didn't help either.
Are there things I'm missing? Has anyone else had a similar problem?
How does your application authenticate with SQL Server? Does it use SQL or Windows Auth? I hope you are trying to use Windows Auth. In that case, your IIS worker process should be running under that Windows user account. If not, it should at the least impersonate a Windows user account that has necessary access rights to SQL Server. If you have impersonation enabled and if you are using the right Windows user account and if SQL Server authenticates using Windows auth and if you are still unable to access SQL Server, you may be running into the classic double hop issue. In other words, you are trying to authenticate to IIS once and you are using the same crdentials to authenticate to the SQL Server over a network next(which is your second hop) and Windows does not allow that for security reasons.
I believe I have found a/the solution. At least it's working now. This is what I did:
The website is now running in a seperate application pool with Managed Pipeline mode set to classic, Load userprofile set to False and Identity set to custom and using a domain user (and password) that has access to the database.
Under 'authorization' of the website itself, I have Anonymous set to enabled and ASP.NET impersonate set to disabled.
in the web.config of the site is also set.
Credit where it's due, this site helped me.
I'm sorry to say I can't look into the issue any further. Indeed, it probably is something with the way we connected to SQL Server (Win Auth) because we've changed it now. Now we connect with username and password in the connection string and it's solved.
So I can't really say if you provided the answer, msvcyc, but I did vote on your solution. Thanks for the time and trouble.
Well, I recommend you migrate to Integrated mode if there is not too many troubles to enjoy the innovation it brings. :)
http://mvolo.com/blogs/serverside/archive/2007/12/08/IIS-7.0-Breaking-Changes-ASP.NET-2.0-applications-Integrated-mode.aspx