Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Changing NTFS permissions in ASP.NET

Reply
Thread Tools

Changing NTFS permissions in ASP.NET

 
 
Dmitry Maslakov
Guest
Posts: n/a
 
      03-03-2005
Hi.

Some related questions were discussed here, but my question is some
different.

I'm writing the project, the metter of it can be expressed as following.
* System: IIS 6 on W2003server.
* Site: application pool works with NETWORK SERVICE, anonymous access is
allowed on site.
* Goal: operate with files and change permissions on files (remote files
using UNC as well).

Using form authentication i recieve UPN and password from user. Than
inpersonate using API LogonUser and saves returned token in session vars.
All operations with files performs after call to API function
ImpersonateLoggedOnUser.
The account user logs in has full access to files. So it operates
(move/copy/delete) with files successfully, and reads DACL as well.

BUT THE PROBLEMS begin when i try to set permissions to files (try to use
WRITE_DAC access). I use ActiveDs ActiveX. Here are two situations.

1) if user is owner of file he tries to set permissions on, permissions
will set successfully. But this is not the case of real situation because
a) owner of files is Administrators group, b) user have full access to his
files, but belongs to Users group.

2) if user is not an owner of files, the following error occures when call
to SetSecurityDescriptor:
System.Runtime.InteropServices.COMException: This security ID may not be
assigned as the owner of this object.

Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
try to take same privilege to the process (after impersonation) gives error
"Access is denied".

Have someone suggestions how could i achieve the goal.
 
Reply With Quote
 
 
 
 
Dmitry Maslakov
Guest
Posts: n/a
 
      03-03-2005
> Attemps to take SeTakeOwnershipPrivilege to user token gives nothing. The
> try to take same privilege to the process (after impersonation) gives error
> "Access is denied".


Here is a piece of my code i use to take privilege. I hope it's
understandable code. The Access denied error occures in call of
OpenProcessToken.

IntPtr token;
IntPtr proc=Kernel32.GetCurrentProcess(); // returns pseudo handle (-1)

if(AdvApi32.OpenProcessToken(proc,
AdvApi32.TOKEN_ADJUST_PRIVILEGES | AdvApi32.TOKEN_QUERY,
out token)!=0)
{
// take privilege to variable token
}
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset NTFS permissions under wwwroot Gaetan ASP .Net 0 01-20-2006 12:36 AM
NTFS Permissions Question blastingfonda@gmail.com MCSE 15 02-04-2005 02:36 PM
Change NTFS Permissions or run shell script Shawn H. Mesiatowsky ASP .Net 0 02-03-2005 10:23 PM
ASPX file returning obscur runtime error - after changing permissions to a subweb (.net app) to different permissions than on its parent ? Isabelle ASP .Net 0 08-11-2004 02:04 PM
Creating a batch to determine if HD is NTFS if not format it NTFS Tech Computer Support 3 04-06-2004 06:19 PM



Advertisments