Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Elevated Privileges Problem-Please Help

Reply
Thread Tools

Elevated Privileges Problem-Please Help

 
 
Shalini
Guest
Posts: n/a
 
      03-04-2004
Hi
I am posting this again.Sorry for the trouble.
I just have a third party dll which does some custom functionality.
The Dll have some apis which run only when the user is an administrator.
I made a simple windows GUI application which makes use of the dll. Good it
works fine when i am logged in as the Administrator.

I made a Webservice which uses PInvoke thereby making use of the DLL.
The DLL reported Error as the WebService is not running in the Administrator
Authorization mode.
SOo i went into Machine.config and changed the process model attributes to
username :administrator password:MyPassword
and it works VERY FINE.. No problems at all.

But i dont want to have the machine.config approach as it makes each and
every webservice running on the system as an administrator mode.
How can i have customized thing which works as an administrator mode only
for that webservice and not for others.

I also tried
doing in web.config to make it personalised only for one webservice but it
did not work. I get an access denied message in the custom dll which says
admin did not login. It only works if i modify the machine.config. Can this
be done in some way?

I modified web.config as follows by adding one line
<identity impersonate="true" userName="Administrator" password="mypassword"
/>

Is there any way????
Expecting ur replies.
Regards
Shal






 
Reply With Quote
 
 
 
 
Hernan de Lahitte
Guest
Posts: n/a
 
      03-05-2004
If this DLL is strongnamed, try registering on to the GAC in order to
receive Fulltrust and work without CAS errors (in some cases you might need
the APTA attribute). This is the classic "sandbox" scenario.
However, if this DLL need to access protected resources by a strong ACL
(that is with Admin privileges), then you should run this DLL under a high
privilege account (admin alike). On approach to this might be to run this
DLL in another process that might be a Web Service running under an account
with the required privileges and with a "strong" authentication scheme
(i.e., NTLM/Kerberos) and allowing access to only your client web site
worker process account and public access to this site disabled. Whatever
strategy you choose, watch out for running with high privileges accounts on
your public web site.

--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl
Shadowfax Dev Team

This posting is provided "AS IS" with no warranties, and confers no rights.

"Shalini" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
> I am posting this again.Sorry for the trouble.
> I just have a third party dll which does some custom functionality.
> The Dll have some apis which run only when the user is an administrator.
> I made a simple windows GUI application which makes use of the dll. Good

it
> works fine when i am logged in as the Administrator.
>
> I made a Webservice which uses PInvoke thereby making use of the DLL.
> The DLL reported Error as the WebService is not running in the

Administrator
> Authorization mode.
> SOo i went into Machine.config and changed the process model attributes

to
> username :administrator password:MyPassword
> and it works VERY FINE.. No problems at all.
>
> But i dont want to have the machine.config approach as it makes each and
> every webservice running on the system as an administrator mode.
> How can i have customized thing which works as an administrator mode only
> for that webservice and not for others.
>
> I also tried
> doing in web.config to make it personalised only for one webservice but it
> did not work. I get an access denied message in the custom dll which says
> admin did not login. It only works if i modify the machine.config. Can

this
> be done in some way?
>
> I modified web.config as follows by adding one line
> <identity impersonate="true" userName="Administrator"

password="mypassword"
> />
>
> Is there any way????
> Expecting ur replies.
> Regards
> Shal
>
>
>
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows7 run python script / sub process with elevated privileges News123 Python 2 05-06-2010 09:11 AM
How? Granting elevated privileges to a web service / kill a process Lee Gillie ASP .Net 1 05-13-2005 12:48 PM
How? Granting elevated privileges to a web service / kill a process Lee Gillie ASP .Net Web Services 1 05-13-2005 12:48 PM
Elevated Privileges Problem-Please Help Shalini ASP .Net Security 1 03-05-2004 02:12 PM
Elevated Privileges Problem-Please Help Shalini ASP .Net 1 03-05-2004 02:12 PM



Advertisments