Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Running an assembly in different User

Reply
Thread Tools

Running an assembly in different User

 
 
NMN
Guest
Posts: n/a
 
      01-21-2004
Hi All

I have an asp.net Application. It calls an assembly which copies a file from one location say c:\temp to another directory say c:\temp1. I created an assembly to do this where i did not have any problems after giving the ASPNet User write access to that destination forlder c:\temp1. We feel that providing the aspnet user with write access to a folder is a possible security threat, so we want to run this assembly under a different user (other than aspnet user). can any one suggest me how to do this.

Thanks in advanc

 
Reply With Quote
 
 
 
 
Kunal
Guest
Posts: n/a
 
      01-21-2004
Use identity Impersonation..Create an account with the minimum priveleges
you need to do the copying and update your web.config file with this:

<identity impersonate="true"
userName="domain\user"
password="password" />

that way, the requests will be executed under the context of that user
instead of ASPNET....



"NMN" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hi All,
>
> I have an asp.net Application. It calls an assembly which copies a file

from one location say c:\temp to another directory say c:\temp1. I created
an assembly to do this where i did not have any problems after giving the
ASPNet User write access to that destination forlder c:\temp1. We feel that
providing the aspnet user with write access to a folder is a possible
security threat, so we want to run this assembly under a different user
(other than aspnet user). can any one suggest me how to do this.
>
> Thanks in advance
>



 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      01-22-2004
Probably the best way to do this is to set up your "copy" component to run
under COM+ and have COM+ run it under a different identity with the correct
privileges.

The other ways to do it would be to do some sort of out of process call via
a Web Service or Remoting, but those are probably more complex. You could
also try to do some sort of impersonation scenario in ASP.NET so that you
would be running under the context of a user that has the right permissions.
Finally, you could change the ASP.NET process model to use a different
account than ASPNET that already has the correct permissions.

Joe K.

"NMN" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hi All,
>
> I have an asp.net Application. It calls an assembly which copies a file

from one location say c:\temp to another directory say c:\temp1. I created
an assembly to do this where i did not have any problems after giving the
ASPNet User write access to that destination forlder c:\temp1. We feel that
providing the aspnet user with write access to a folder is a possible
security threat, so we want to run this assembly under a different user
(other than aspnet user). can any one suggest me how to do this.
>
> Thanks in advance
>



 
Reply With Quote
 
NMN
Guest
Posts: n/a
 
      01-23-2004
Thanks. Where do i need to put this web.config file. As i want only the dll to run in this user account, but the asp.net page needs to still run in a different user which does not have access to write into a particular directory

Thanks once again
----- Kunal wrote: ----

Use identity Impersonation..Create an account with the minimum privelege
you need to do the copying and update your web.config file with this

<identity impersonate="true
userName="domain\user
password="password" /

that way, the requests will be executed under the context of that use
instead of ASPNET...

 
Reply With Quote
 
NMN
Guest
Posts: n/a
 
      01-23-2004
Hi joe

Thanks for you valuable suggestions. If you can suggest me on some article which will guide me in doing this i will be very grateful. I would prefer the first scenario of using COM+. I also would like some more details on this statement, actually i am not sure how with this i can run an assembly alone in a different user
"You coul
also try to do some sort of impersonation scenario in ASP.NET so that yo
would be running under the context of a user that has the right permissions.

Thank

----- Joe Kaplan (MVP - ADSI) wrote: ----

Probably the best way to do this is to set up your "copy" component to ru
under COM+ and have COM+ run it under a different identity with the correc
privileges

The other ways to do it would be to do some sort of out of process call vi
a Web Service or Remoting, but those are probably more complex. You coul
also try to do some sort of impersonation scenario in ASP.NET so that yo
would be running under the context of a user that has the right permissions
Finally, you could change the ASP.NET process model to use a differen
account than ASPNET that already has the correct permissions

Joe K

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      01-23-2004
COM+ is not my specialty at all, so you might get better help if you ask
more people. I'd start a new thread saying that you want to write a .NET
component that runs under COM+ so that you can run it under a different
identity. There is some good help on writing seviced components here:

http://msdn.microsoft.com/library/de...asp?frame=true

Regarding your second question, that doesn't sound like to the way to go
based on your reply to one of the other messages. From what I could gather,
you want the main part of the request running as the current user so that
you can take advantage of their security context, but want this one thing to
run as a different context. In that situation, you should really be doing
COM+. Trying to do it by changing impersonation contexts and then changing
back would be a bit of a hack job.

HTH,

Joe K.

"NMN" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hi joe,
>
> Thanks for you valuable suggestions. If you can suggest me on some

article which will guide me in doing this i will be very grateful. I would
prefer the first scenario of using COM+. I also would like some more details
on this statement, actually i am not sure how with this i can run an
assembly alone in a different user.
> "You could
> also try to do some sort of impersonation scenario in ASP.NET so that

you
> would be running under the context of a user that has the right

permissions. "
>
> Thanks
>
>
> ----- Joe Kaplan (MVP - ADSI) wrote: -----
>
> Probably the best way to do this is to set up your "copy" component

to run
> under COM+ and have COM+ run it under a different identity with the

correct
> privileges.
>
> The other ways to do it would be to do some sort of out of process

call via
> a Web Service or Remoting, but those are probably more complex. You

could
> also try to do some sort of impersonation scenario in ASP.NET so that

you
> would be running under the context of a user that has the right

permissions.
> Finally, you could change the ASP.NET process model to use a

different
> account than ASPNET that already has the correct permissions.
>
> Joe K.
>



 
Reply With Quote
 
NMN
Guest
Posts: n/a
 
      01-26-2004
Thanks Joe and Kunal. I was able to implement this by using Managed COM+ Component. The material i used for referring is as follows

http://www.informit.com/isapi/product_id~{A1CE8908-9877-4B24-9B2C-BD7B836490D6}/element_id~{A53BFEC1-3FB7-4E6B-B8A7-653F61DAA526}/st~{EA7C8D03-4995-402D-B085-06E000F897B8}/session_id~{275EC953-2A7F-44FB-B08C-BBA54C9C3106}/content/articlex.as

Thanks once again for your help

regard
Madhavan
 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      01-26-2004
Glad you got it working.

Joe K.

"NMN" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Joe and Kunal. I was able to implement this by using Managed COM+

Component. The material i used for referring is as follows:
>
>

http://www.informit.com/isapi/product_id~{A1CE8908-9877-4B24-9B2C-BD7B836490D6}/element_id~{A53BFEC1-3FB7-4E6B-B8A7-653F61DAA526}/st~{EA7C8D03-4995-402D-B085-06E000F897B8}/session_id~{275EC953-2A7F-44FB-B08C-BBA54C9C3106}/content/articlex.asp
>
> Thanks once again for your help.
>
> regards
> Madhavan



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adding assembly to windows\assembly through bat file Grant Merwitz ASP .Net 3 09-15-2005 11:40 AM
Assembly's manifest definition does not match the assembly reference. Horatiu Margavan via .NET 247 ASP .Net 0 08-30-2004 04:14 PM
ASP.NET 2.0: What is the namespace and assembly name of generated assembly SA ASP .Net 0 08-09-2004 05:09 PM
Referencing assembly from GAC using @assembly fails Brent ASP .Net 1 01-23-2004 08:23 PM
can a strongly named assembly reference a regular assembly? Prasanna Padmanabhan ASP .Net 1 11-19-2003 06:21 AM



Advertisments