Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Web Services > Web Service Security problem

Reply
Thread Tools

Web Service Security problem

 
 
Russ
Guest
Posts: n/a
 
      05-15-2004
Hello. I'm still struggling with a million new concepts in this .NET
world, so forgive me if the answers are obvious.

I wrote a test web service using managed C++. It works ok on
localhost but I need it to open files on another machine on the lan.
When I try to do that, it fails with error 2 (file not found). But
the file is there and accessible through windows explorer and normal
application programs.

Security auditing on the target machine (Win2K server) indicates a
failed logon attempt by user ASPNET every time I try to open the file.
It says "unknown user or bad password".

I think the problem is the use of the user ASPNET for trying to access
another computer on the lan. How can I cause the web service to use a
different username that is known to the domain server?

I read somewhere that asp.net security does not apply to non .NET
resources. Since I am trying to open a simple text file (using
CFile::Open or even fopen), I don't think the solution is to be found
in machine.config or web.config. I have tried changing the username
in the process model in machine.config on the server to "SYSTEM", and
same on the workstation on which the web service is running, but to no
avail.

Another possible issue is the ASPNET account on the server. That
account was initially disabled when I looked at it. Each security
audit indicated that the user domain was the workstation. After
enabling the ASPNET account on the server, subsequent security audit
failures showed the domain of the ASPNET user to be the server. But
it still fails.

Help?

Russ
 
Reply With Quote
 
 
 
 
CodeMeister
Guest
Posts: n/a
 
      05-15-2004
The web service project should hav a web.config.

In the web.config file, set the identity element as follows:

<identity impersonate="true" userName="domain\someuser"
password="somepassword" />

make sure the domain\someuser has access permission to the files on te lan.

The ASPNET account is the default account used by the .Net process for
ASP.Net. It is used by default for every ASP.Net application on a machine.
Allowin that account access to lan resources would be a large security risk.

Since the web.config is a text file, the username and password elements
should be encrypted if you are using .Net 1.1. The information on encryption
can be found at
http://support.microsoft.com/default...b;en-us;329290



"Russ" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello. I'm still struggling with a million new concepts in this .NET
> world, so forgive me if the answers are obvious.
>
> I wrote a test web service using managed C++. It works ok on
> localhost but I need it to open files on another machine on the lan.
> When I try to do that, it fails with error 2 (file not found). But
> the file is there and accessible through windows explorer and normal
> application programs.
>
> Security auditing on the target machine (Win2K server) indicates a
> failed logon attempt by user ASPNET every time I try to open the file.
> It says "unknown user or bad password".
>
> I think the problem is the use of the user ASPNET for trying to access
> another computer on the lan. How can I cause the web service to use a
> different username that is known to the domain server?
>
> I read somewhere that asp.net security does not apply to non .NET
> resources. Since I am trying to open a simple text file (using
> CFile::Open or even fopen), I don't think the solution is to be found
> in machine.config or web.config. I have tried changing the username
> in the process model in machine.config on the server to "SYSTEM", and
> same on the workstation on which the web service is running, but to no
> avail.
>
> Another possible issue is the ASPNET account on the server. That
> account was initially disabled when I looked at it. Each security
> audit indicated that the user domain was the workstation. After
> enabling the ASPNET account on the server, subsequent security audit
> failures showed the domain of the ASPNET user to be the server. But
> it still fails.
>
> Help?
>
> Russ



 
Reply With Quote
 
 
 
 
Russ
Guest
Posts: n/a
 
      05-15-2004
Thank you for that. This solves the problem of accessing a text file.
But I still have another permission problem that you MAY be able to
help me with.

I have Pervasive Software's Btrieve engine (version 2000i) running on
the server. Although I can now access a text file, trying to open one
of the Btrieve files via a call to it's requester (from the web
service) fails with an error 94 - permission error.

Before I added impersonation to the web.config, the user name shown in
the failed logon attempt was ASPNET. Now the user name and domain are
changed to the ones specified, but the logon still fails (only when
the request is through the Btrieve engine). Access to the same file
is successful when the request is done from a normal windows client
program (unmanaged code and not a web service).

I know this is probably a Btrieve problem, and I have posted a query
to the appropriate news group, but I thought I would ask here too in
case you, or anyone, has any idea how to cure this.

Thanks, Russ

On Sat, 15 May 2004 05:47:06 -0400, "CodeMeister"
<(E-Mail Removed)> wrote:

>The web service project should hav a web.config.
>
>In the web.config file, set the identity element as follows:
>
><identity impersonate="true" userName="domain\someuser"
>password="somepassword" />
>
>make sure the domain\someuser has access permission to the files on te lan.
>
>The ASPNET account is the default account used by the .Net process for
>ASP.Net. It is used by default for every ASP.Net application on a machine.
>Allowin that account access to lan resources would be a large security risk.
>
>Since the web.config is a text file, the username and password elements
>should be encrypted if you are using .Net 1.1. The information on encryption
>can be found at
>http://support.microsoft.com/default...b;en-us;329290
>
>
>
>"Russ" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed).. .
>> Hello. I'm still struggling with a million new concepts in this .NET
>> world, so forgive me if the answers are obvious.
>>
>> I wrote a test web service using managed C++. It works ok on
>> localhost but I need it to open files on another machine on the lan.
>> When I try to do that, it fails with error 2 (file not found). But
>> the file is there and accessible through windows explorer and normal
>> application programs.
>>
>> Security auditing on the target machine (Win2K server) indicates a
>> failed logon attempt by user ASPNET every time I try to open the file.
>> It says "unknown user or bad password".
>>
>> I think the problem is the use of the user ASPNET for trying to access
>> another computer on the lan. How can I cause the web service to use a
>> different username that is known to the domain server?
>>
>> I read somewhere that asp.net security does not apply to non .NET
>> resources. Since I am trying to open a simple text file (using
>> CFile::Open or even fopen), I don't think the solution is to be found
>> in machine.config or web.config. I have tried changing the username
>> in the process model in machine.config on the server to "SYSTEM", and
>> same on the workstation on which the web service is running, but to no
>> avail.
>>
>> Another possible issue is the ASPNET account on the server. That
>> account was initially disabled when I looked at it. Each security
>> audit indicated that the user domain was the workstation. After
>> enabling the ASPNET account on the server, subsequent security audit
>> failures showed the domain of the ASPNET user to be the server. But
>> it still fails.
>>
>> Help?
>>
>> Russ

>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Consuming local web service - ok, remote web service -problem? dgleeson422111 ASP .Net Web Controls 0 01-26-2010 11:17 AM
Web service autentication problem when call another web service Redhot ASP .Net Web Services 0 07-18-2009 09:43 PM
Does timer in Web Service Global.asax block my Web Service from processing web-site requests? Leo Violette ASP .Net Web Services 0 04-17-2009 12:39 AM
Problem: My web service calls only open a single connection to the web service machine Scott Baierl ASP .Net Web Services 1 07-29-2006 01:16 AM
InvocationTargetException when calling "new Service()" in Axis web service to call another web service Michael Averstegge Java 0 01-10-2006 11:05 PM



Advertisments