Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Want to Reboot server from ASPX page

Reply
Thread Tools

Want to Reboot server from ASPX page

 
 
Terry
Guest
Posts: n/a
 
      04-18-2004
I am developing a asp.net web based service application for our product
I am trying to trigger a reboot of the server based on a user request
I believe I have all the appropriate code for AdjustingTokens etc an
all those calls seem to succeed, however, the final call to ExitWindowsE
is failing with 'Access Denied'

In my machine.config, I have already set the userName to 'System' as
seem to require this for some other functionality I implemented. I also trie
to impersonate a local user account with admin priviledges via my application
web.config file but that failed as well with the same 'Access Denied' (by th
way what exactly does 'impersonate' in the web.config do when the machine.config
file already lets me specify the user as 'SYSTEM'?

I expect there is some other security thing that I need to twiddle ... any ideas greatl
appreciated (with as much detail as possible, I am very new to this whole web securit
stuff)

Thanks

Terr

 
Reply With Quote
 
 
 
 
Chris Botha
Guest
Posts: n/a
 
      04-18-2004
Terry, first get the code to run in a normal Windows App, so you know that
it works.
After that, it should be a security issue, and impersonation should work,
but you also have to switch off anonymous access to the virtual directory
for impersonation to work.
To ensure that your impersonation is set up correctly, add a test call
somewhere in a form, returning the current user, and check that it is what
you expect (not the anonymous, or ASP.NET user, etc). To get the current
user, call
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

"Terry" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I am developing a asp.net web based service application for our product.
> I am trying to trigger a reboot of the server based on a user request.
> I believe I have all the appropriate code for AdjustingTokens etc and
> all those calls seem to succeed, however, the final call to ExitWindowsEx
> is failing with 'Access Denied'.
>
> In my machine.config, I have already set the userName to 'System' as I
> seem to require this for some other functionality I implemented. I also

tried
> to impersonate a local user account with admin priviledges via my

applications
> web.config file but that failed as well with the same 'Access Denied' (by

the
> way what exactly does 'impersonate' in the web.config do when the

machine.config
> file already lets me specify the user as 'SYSTEM'?)
>
> I expect there is some other security thing that I need to twiddle ... any

ideas greatly
> appreciated (with as much detail as possible, I am very new to this whole

web security
> stuff).
>
> Thanks,
>
> Terry
>



 
Reply With Quote
 
 
 
 
Terry
Guest
Posts: n/a
 
      04-18-2004
OK, I have verified that the shutdown related code is working fine fro
a regular app

How do I switch off anonymous access to the virtual directory
Are you talking about adding a statement like <deny user="?"
in my web.config file or are you talking about a setting i
the IIS Service Mgr

I am using a simple application based 'Forms' authentication
In this case if I use <identity impersonate="true" /> who woul
it be impersonating ... or in this case because I am using Form
authentication would I have to spell all that out like
<identity impersonate="true" userName="abc" password="def"

I am still a little puzzled by all this impersonate stuff ... if you d
impersonation what is the point of setting the user='SYSTEM' i
the machine.config file

Thanks

Terr

----- Chris Botha wrote: ----

Terry, first get the code to run in a normal Windows App, so you know tha
it works
After that, it should be a security issue, and impersonation should work
but you also have to switch off anonymous access to the virtual director
for impersonation to work
To ensure that your impersonation is set up correctly, add a test cal
somewhere in a form, returning the current user, and check that it is wha
you expect (not the anonymous, or ASP.NET user, etc). To get the curren
user, cal
System.Security.Principal.WindowsIdentity.GetCurre nt().Nam

"Terry" <(E-Mail Removed)> wrote in messag
news:(E-Mail Removed)..
> I am developing a asp.net web based service application for our product
> I am trying to trigger a reboot of the server based on a user request
> I believe I have all the appropriate code for AdjustingTokens etc an
> all those calls seem to succeed, however, the final call to ExitWindowsE
> is failing with 'Access Denied'
>> In my machine.config, I have already set the userName to 'System' as

> seem to require this for some other functionality I implemented. I als

trie
> to impersonate a local user account with admin priviledges via m

application
> web.config file but that failed as well with the same 'Access Denied' (b

th
> way what exactly does 'impersonate' in the web.config do when th

machine.confi
> file already lets me specify the user as 'SYSTEM'?
>> I expect there is some other security thing that I need to twiddle ... an

ideas greatl
> appreciated (with as much detail as possible, I am very new to this whol

web securit
> stuff)
>> Thanks
>> Terr

>

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      04-19-2004
If you are using Forms authentication and have impersonation enabled, you
are impersonating the anonymous user configured in IIS to be used for
anonymous requests (IUSER_MACHINENAME by default).

If you need SYSTEM privileges to do what you need to do, you must not
impersonate the anonymous user. You could set the processModel to SYSTEM
(like you said you did before) and that should work, as the processModel
account is the account the request runs under when you are not
impersonating.

However, running under SYSTEM is generally not a good idea for other
security reasons. It is probably a better idea to create a COM+ component
that does the required functionality and run that with an identity with the
correct permissions. Then, you would call that COM+ component from your
application.

It is hard for me to imagine why you would want to allow a remote web
request to reboot the server, but I guess we'll help you do that if that's
what you want...

Joe K.

"Terry" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK, I have verified that the shutdown related code is working fine from
> a regular app.
>
> How do I switch off anonymous access to the virtual directory?
> Are you talking about adding a statement like <deny user="?">
> in my web.config file or are you talking about a setting in
> the IIS Service Mgr.
>
> I am using a simple application based 'Forms' authentication.
> In this case if I use <identity impersonate="true" /> who would
> it be impersonating ... or in this case because I am using Forms
> authentication would I have to spell all that out like
> <identity impersonate="true" userName="abc" password="def">
>
> I am still a little puzzled by all this impersonate stuff ... if you do
> impersonation what is the point of setting the user='SYSTEM' in
> the machine.config file?
>
> Thanks,
>
> Terry
>
> ----- Chris Botha wrote: -----
>
> Terry, first get the code to run in a normal Windows App, so you know

that
> it works.
> After that, it should be a security issue, and impersonation should

work,
> but you also have to switch off anonymous access to the virtual

directory
> for impersonation to work.
> To ensure that your impersonation is set up correctly, add a test

call
> somewhere in a form, returning the current user, and check that it is

what
> you expect (not the anonymous, or ASP.NET user, etc). To get the

current
> user, call
> System.Security.Principal.WindowsIdentity.GetCurre nt().Name
>
> "Terry" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I am developing a asp.net web based service application for our

product.
> > I am trying to trigger a reboot of the server based on a user

request.
> > I believe I have all the appropriate code for AdjustingTokens etc

and
> > all those calls seem to succeed, however, the final call to

ExitWindowsEx
> > is failing with 'Access Denied'.
> >> In my machine.config, I have already set the userName to 'System'

as I
> > seem to require this for some other functionality I implemented. I

also
> tried
> > to impersonate a local user account with admin priviledges via my

> applications
> > web.config file but that failed as well with the same 'Access

Denied' (by
> the
> > way what exactly does 'impersonate' in the web.config do when the

> machine.config
> > file already lets me specify the user as 'SYSTEM'?)
> >> I expect there is some other security thing that I need to twiddle

.... any
> ideas greatly
> > appreciated (with as much detail as possible, I am very new to this

whole
> web security
> > stuff).
> >> Thanks,
> >> Terry

> >



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reboot, reboot, reboot Lawrence D'Oliveiro NZ Computing 12 03-07-2009 11:35 PM
To reboot the PIX or not reboot - that is the question Darren Green Cisco 1 03-14-2006 10:59 PM
I want to create a link "e-mail this page to a friend" on clicking this link i want to send the URL of that current page to a friend pavi Javascript 0 01-13-2006 12:10 PM
adding main.aspx.vb & main.aspx.resx under aspx John M ASP .Net 1 05-29-2005 09:27 PM
Want to Reboot server from ASPX page =?Utf-8?B?VGVycnk=?= ASP .Net 5 04-19-2004 02:10 AM



Advertisments