Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > LogonUser Access Denied

Reply
Thread Tools

LogonUser Access Denied

 
 
Dominick Baier
Guest
Posts: n/a
 
      10-10-2006
which OS?

before XP/2k3 LogonUser needed basically SYSTEM privileges...

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

> I'm also having problems with impersonation. Or rather, I'm not quite
> getting that far.
>
> I need to be able to manually authenticate users. However, every
> attempt to make the Win32 call to LogonUser returns an "Access Denied"
> exception.
>
> I've attempted this from both web and windows forms apps, with
> identical results. I've tried demanding full trust to no effect.
>
> I'm running the 2.0 framework.
>
> Anyone have any ideas?
>
> Thanks.
>



 
Reply With Quote
 
 
 
 
Bill Alexander
Guest
Posts: n/a
 
      10-10-2006
I'm also having problems with impersonation. Or rather, I'm not quite
getting that far.

I need to be able to manually authenticate users. However, every attempt to
make the Win32 call to LogonUser returns an "Access Denied" exception.

I've attempted this from both web and windows forms apps, with identical
results. I've tried demanding full trust to no effect.

I'm running the 2.0 framework.

Anyone have any ideas?


Thanks.
 
Reply With Quote
 
 
 
 
Bill Alexander
Guest
Posts: n/a
 
      10-10-2006
Actually, I found the problem. The true error code was being overridden by
some code that I hadn't noticed. This was causing any failure to
authenticate to be reported as "Access Denied".

The problem was an actual failure to authenticate due to attempting to pass
the domain and username as "domain\username" while leaving the domain
argument null. The docs state that this is an acceptable practice, but it
wasn't able to authenticate this way.

I suspect that the slash's escaped form "\\" may have been passed to
LogonUser without being unescaped, and may have been the source of the
problem. Though I haven't had time to confirm that yet.

"Dominick Baier" wrote:

> which OS?
>
> before XP/2k3 LogonUser needed basically SYSTEM privileges...
>
> ---
> Dominick Baier, DevelopMentor
> http://www.leastprivilege.com
>
> > I'm also having problems with impersonation. Or rather, I'm not quite
> > getting that far.
> >
> > I need to be able to manually authenticate users. However, every
> > attempt to make the Win32 call to LogonUser returns an "Access Denied"
> > exception.
> >
> > I've attempted this from both web and windows forms apps, with
> > identical results. I've tried demanding full trust to no effect.
> >
> > I'm running the 2.0 framework.
> >
> > Anyone have any ideas?
> >
> > Thanks.
> >

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Very annoying error: Access to the path is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity Jay ASP .Net 2 08-20-2007 07:38 PM
LogonUser access denied Lee ASP .Net Security 9 08-28-2006 11:28 AM
403 Forbidden: You were denied access because: Access denied by access control list Southern Kiwi NZ Computing 6 03-19-2006 05:19 AM
To grant access to a protected directory use " impersonate" or " LogonUser"? Johannes Hammersen ASP .Net Security 1 06-12-2005 02:27 AM
Re: Impersonation in ASPNET and LogonUser Mary Chipman ASP .Net 0 09-03-2003 03:48 PM



Advertisments