«

I need to create custome performance counters for my asp.net application,
these counters am creating in application_start event.

to create this counters i used following setting in IIS and web.config file

in IIS ---> Directory security tab--->
1) checked anonymus access and integrated windows authentication
2) settings in web.config --->

<identity impersonate = "true" userName = "mycomputername\TestRam"
password = "<password>" />

<authorization>
<allow users="*" />
</authorization>

<authentication mode="Windows" />

with the above settings its works fine, TestRam is local Admin

Now with my requirement I should not use plain password in my web.config, i
decided to use this thorugh IIS setting

in IIS ---> Directory security tab--->
1) checked anonymus access and integrated windows authentication
2) In anonymus section, i used following account as my anonymus account
mycomputername\TestRam
3) settings in web.config --->

<identity impersonate = "true" />

<authorization>
<allow users="*" />
</authorization>

<authentication mode="Windows" />

if i run the application i will get " Reqired registry access not allowed"

when i check identity account through "Envirnoment.UserName" i will see the
above account and even with "Windowsidentity.GetCurrent().name"

Even I gave explicitly full control permissions to above account in
following registrys

1)HKEY_LOCAL_MACHINE\SOFTWARE\MICROSFT\WINDOWSNT\C URRENTVERSION\Perflib
2) HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Service as well as ControlSet002



can anybody help me as it is due to move to my technical center


Regards
Ram

This is a bad approach. You really ought to install things like event log
sources and perf counters during the initial deployment of your application.
Let an admin do that. Then, in your code, you just instantiate your perf
counters and write to them.

You can do this easily by creating some PerformanceCounterInstaller classes
in your assembly and having an admin run installutil.exe on your assembly.
This way, your app can run as a normally privileged user as well and you
won't need to worry about hiding credentials. It is a win/win across the
board.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Ram" <> wrote in message
news:3BC06347-3189-4A04-A5C7-...
>I need to create custome performance counters for my asp.net application,
> these counters am creating in application_start event.
>
> to create this counters i used following setting in IIS and web.config
> file
>
> in IIS ---> Directory security tab--->
> 1) checked anonymus access and integrated windows authentication
> 2) settings in web.config --->
>
> <identity impersonate = "true" userName = "mycomputername\TestRam"
> password = "<password>" />
>
> <authorization>
> <allow users="*" />
> </authorization>
>
> <authentication mode="Windows" />
>
> with the above settings its works fine, TestRam is local Admin
>
> Now with my requirement I should not use plain password in my web.config,
> i
> decided to use this thorugh IIS setting
>
> in IIS ---> Directory security tab--->
> 1) checked anonymus access and integrated windows authentication
> 2) In anonymus section, i used following account as my anonymus account
> mycomputername\TestRam
> 3) settings in web.config --->
>
> <identity impersonate = "true" />
>
> <authorization>
> <allow users="*" />
> </authorization>
>
> <authentication mode="Windows" />
>
> if i run the application i will get " Reqired registry access not
> allowed"
>
> when i check identity account through "Envirnoment.UserName" i will see
> the
> above account and even with "Windowsidentity.GetCurrent().name"
>
> Even I gave explicitly full control permissions to above account in
> following registrys
>
> 1)HKEY_LOCAL_MACHINE\SOFTWARE\MICROSFT\WINDOWSNT\C URRENTVERSION\Perflib
> 2) HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Service as well as
> ControlSet002
>
>
>
> can anybody help me as it is due to move to my technical center
>
>
> Regards
> Ram
>
>
>

Thanks Joe

Yes, I will use installutill to install, in the mean i found the reason why
it is not doing before, i am creating counters in application_start event,at
this instance still impersonation has not yet applied, still it takes ASPNET
user, so i moved my logic to session_start event.
it worked well.

Ram


"Joe Kaplan (MVP - ADSI)" wrote:

> This is a bad approach. You really ought to install things like event log
> sources and perf counters during the initial deployment of your application.
> Let an admin do that. Then, in your code, you just instantiate your perf
> counters and write to them.
>
> You can do this easily by creating some PerformanceCounterInstaller classes
> in your assembly and having an admin run installutil.exe on your assembly.
> This way, your app can run as a normally privileged user as well and you
> won't need to worry about hiding credentials. It is a win/win across the
> board.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> --
> "Ram" <> wrote in message
> news:3BC06347-3189-4A04-A5C7-...
> >I need to create custome performance counters for my asp.net application,
> > these counters am creating in application_start event.
> >
> > to create this counters i used following setting in IIS and web.config
> > file
> >
> > in IIS ---> Directory security tab--->
> > 1) checked anonymus access and integrated windows authentication
> > 2) settings in web.config --->
> >
> > <identity impersonate = "true" userName = "mycomputername\TestRam"
> > password = "<password>" />
> >
> > <authorization>
> > <allow users="*" />
> > </authorization>
> >
> > <authentication mode="Windows" />
> >
> > with the above settings its works fine, TestRam is local Admin
> >
> > Now with my requirement I should not use plain password in my web.config,
> > i
> > decided to use this thorugh IIS setting
> >
> > in IIS ---> Directory security tab--->
> > 1) checked anonymus access and integrated windows authentication
> > 2) In anonymus section, i used following account as my anonymus account
> > mycomputername\TestRam
> > 3) settings in web.config --->
> >
> > <identity impersonate = "true" />
> >
> > <authorization>
> > <allow users="*" />
> > </authorization>
> >
> > <authentication mode="Windows" />
> >
> > if i run the application i will get " Reqired registry access not
> > allowed"
> >
> > when i check identity account through "Envirnoment.UserName" i will see
> > the
> > above account and even with "Windowsidentity.GetCurrent().name"
> >
> > Even I gave explicitly full control permissions to above account in
> > following registrys
> >
> > 1)HKEY_LOCAL_MACHINE\SOFTWARE\MICROSFT\WINDOWSNT\C URRENTVERSION\Perflib
> > 2) HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Service as well as
> > ControlSet002
> >
> >
> >
> > can anybody help me as it is due to move to my technical center
> >
> >
> > Regards
> > Ram
> >
> >
> >
>
>
>

IMO this is still a bad approach - you run your app with elevated privs...whats
wrong with pre-registering that stuff from an admin console??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Thanks Joe
>
> Yes, I will use installutill to install, in the mean i found the
> reason why
> it is not doing before, i am creating counters in application_start
> event,at
> this instance still impersonation has not yet applied, still it takes
> ASPNET
> user, so i moved my logic to session_start event.
> it worked well.
> Ram
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> This is a bad approach. You really ought to install things like
>> event log sources and perf counters during the initial deployment of
>> your application. Let an admin do that. Then, in your code, you just
>> instantiate your perf counters and write to them.
>>
>> You can do this easily by creating some PerformanceCounterInstaller
>> classes in your assembly and having an admin run installutil.exe on
>> your assembly. This way, your app can run as a normally privileged
>> user as well and you won't need to worry about hiding credentials.
>> It is a win/win across the board.
>>
>> Joe K.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Ram" <> wrote in message
>> news:3BC06347-3189-4A04-A5C7-...
>>> I need to create custome performance counters for my asp.net
>>> application, these counters am creating in application_start event.
>>>
>>> to create this counters i used following setting in IIS and
>>> web.config file
>>>
>>> in IIS ---> Directory security tab--->
>>> 1) checked anonymus access and integrated windows authentication
>>> 2) settings in web.config --->
>>> <identity impersonate = "true" userName = "mycomputername\TestRam"
>>> password = "<password>" />
>>>
>>> <authorization>
>>> <allow users="*" />
>>> </authorization>
>>> <authentication mode="Windows" />
>>>
>>> with the above settings its works fine, TestRam is local Admin
>>>
>>> Now with my requirement I should not use plain password in my
>>> web.config,
>>> i
>>> decided to use this thorugh IIS setting
>>> in IIS ---> Directory security tab--->
>>> 1) checked anonymus access and integrated windows authentication
>>> 2) In anonymus section, i used following account as my anonymus
>>> account
>>> mycomputername\TestRam
>>> 3) settings in web.config --->
>>> <identity impersonate = "true" />
>>>
>>> <authorization>
>>> <allow users="*" />
>>> </authorization>
>>> <authentication mode="Windows" />
>>>
>>> if i run the application i will get " Reqired registry access not
>>> allowed"
>>>
>>> when i check identity account through "Envirnoment.UserName" i will
>>> see
>>> the
>>> above account and even with "Windowsidentity.GetCurrent().name"
>>> Even I gave explicitly full control permissions to above account in
>>> following registrys
>>>
>>> 1)HKEY_LOCAL_MACHINE\SOFTWARE\MICROSFT\WINDOWSNT\C URRENTVERSION\Perf
>>> lib 2) HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Service as well as
>>> ControlSet002
>>>
>>> can anybody help me as it is due to move to my technical center
>>>
>>> Regards
>>> Ram