So instead of :
<authorization>
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
I put:
<authorization>
<identity impersonate="true" userName="domain\username"
password="password"/>
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
-----Original Message-----
From: [email protected]
[mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala
Sent: Tuesday, August 09, 2005 8:42 AM
To: [email protected]
Subject: Re: [AspNetAnyQuestionIsOk] Windows
ServiceAdministrationwithASP.NET ... Access denied
web.config
On 8/9/05, Mike Belcher <[EMAIL PROTECTED]>
wrote:
> Were does this line go?
> <identity impersonate="true" userName="domain\username"
> password="password"/>
>
> in the html or web config ............... If I could see what it looks
> like.
>
> -----Original Message-----
> From: [email protected]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala
> Sent: Monday, August 08, 2005 11:35 PM
> To: [email protected]
> Subject: Re: [AspNetAnyQuestionIsOk] Windows
> ServiceAdministrationwithASP.NET ... Access denied
>
> Mike,
> I turned off anonymous access, set the identity to impersonate, and
> was able to shut down a service from a web page. The app will use the
> logged in user's permissions to access the system.
>
> If you want to impersonate a specific account, you can do that too:
>
> <identity impersonate="true" userName="domain\username"
> password="password"/>
>
> The app will use the permissions for whichever account you set here.
> Note that means any user that can access the page will be able to turn
> off the service. That's why I like the logged-in user impersonation,
> at least they need to be authenticated by the system.
>
> The default account that ASP.NET runs under depends on the OS. Under
> XP it runs under the ASPNET account, under 2003 it does run under
> network services.
>
> On 8/8/05, Mike Belcher <[EMAIL PROTECTED]>
> wrote:
> > Oh BTW just for the fun of it I gave the aspnet account admin privileges
> to
> > try it and still access denied.............. Doesn't asp also use the
> > network service account. If I go to even viewer that is what is listed
> there
> > during this error........
> >
> >
> > Event code: 3005
> > Event message: An unhandled exception has occurred.
> > Event time: 8/8/2005 10:33:39 PM
> > Event time (UTC): 8/9/2005 2:33:39 AM
> > Event ID: 4cff5bf8164b42c99bc456c37bbd294b
> > Event sequence: 63
> > Event occurrence: 6
> > Event detail code: 0
> >
> > Application information:
> > Application domain: /LM/W3SVC/1/ROOT-1-127680280702061250
> > Trust level: Full
> > Application Virtual Path: /
> > Application Path: c:\someplace\
> > Machine name: astupidname
> >
> > Process information:
> > Process ID: 4032
> > Process name: w3wp.exe
> > Account name: NT AUTHORITY\NETWORK SERVICE
> >
> > Exception information:
> > Exception type: InvalidOperationException
> > Exception message: Cannot open CSS 10003 service on computer '.'.
> >
> > Request information:
> > Request URL:
> > http://www.gamznmore.com/CSS_.aspx?ServerAction=StartStopRestart
> > Request path: /CSS_.aspx
> > User host address: 69.89.163.0
> > User:
> > Is authenticated: False
> > Authentication Type:
> > Thread account name: NT AUTHORITY\NETWORK SERVICE
> >
> > Thread information:
> > Thread ID: 5
> > Thread account name: NT AUTHORITY\NETWORK SERVICE
> > Is impersonating: False
> > Stack trace: at
> > System.ServiceProcess.ServiceController.GetServiceHandle(Int32
> > desiredAccess)
> > at System.ServiceProcess.ServiceController.Stop()
> > at gamznmore.CSS_.ButtonStopServer_Click(Object sender, EventArgs e)
> > at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
> > at System.Web.UI.WebControls.Button.RaisePostBackEvent(String
> > eventArgument)
> > at
> >
>
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePo
> > stBackEvent(String eventArgument)
> > at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
> > sourceControl, String eventArgument)
> > at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection
postData)
> > at System.Web.UI.Page.ProcessRequestMain(Boolean
> > includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
> >
> >
> > Custom event details:
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Belcher
> > Sent: Monday, August 08, 2005 10:10 PM
> > To: [email protected]
> > Subject: RE: [AspNetAnyQuestionIsOk] Windows
> > ServiceAdministrationwithASP.NET ... Access denied
> >
> > I was wondering how could I pass a username and password of an account
to
> > allow this page to be able to stop and start the service in the code? I
> have
> > this part
> >
> >
> > Dim myController As New
> System.ServiceProcess.ServiceController("CSS
> > SERVER 10003")
> >
> > If myController.CanStop Then
> >
> > myController.Stop()
> > myController.Start()
> > Response.Write(myController.ServiceName & " Restarted.")
> >
> > Else
> > Response.Write(myController.ServiceName & " cannot stop.")
> >
> > End If
> >
> >
> > if I do like I said myController.Stop() then I get access denied. I did
> > notice on the server that the account is defaulted to local service so I
> > tried network server and aspnet also. Denied. I think I have to include
a
> > username and a password to make it work in the code. I search but can't
> find
> > anything on it.............
> >
> >
> >
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala
> > Sent: Monday, August 08, 2005 9:52 PM
> > To: [email protected]
> > Subject: Re: [AspNetAnyQuestionIsOk] Windows
> > ServiceAdministrationwithASP.NET ... Access denied
> >
> > Mike,
> > Since this page is something that I assume only admin users will be
> > using as it will be a bit dangerous, I'd make it a separate app and I
> > would use Windows Authentication for it
> > I would turn off anonymous access in IIS and and then set up the app
> > to impersonate the logged in user.
> > <identity impersonate="true"/>
> >
> > A logged-in user with admin privileges will be able to access the
service.
> >
> > Giving the ASP.NET user admin priveleges means that every app on the
> > machine running under the ASP.NET account will have admin priveleges.
> >
> >
> > On 8/8/05, Mike Belcher
<[EMAIL PROTECTED]>
> > wrote:
> > > I have the same problem this guy below has...... is this solution what
I
> > > need to do? I noticed my service is currently running under the
Network
> > > service account:
> >
> >
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Dean Fiala
> Very Practical Software, Inc
> http://www.vpsw.com
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
--
Dean Fiala
Very Practical Software, Inc
http://www.vpsw.com
Yahoo! Groups Links
------------------------ Yahoo! Groups Sponsor --------------------~-->
<font face=arial size=-1><a
href="http://us.ard.yahoo.com/SIG=12hnrduut/M=362335.6886445.7839731.1510227/D=groups/S=1705006764:TM/Y=YAHOO/EXP=1123617089/A=2894361/R=0/SIG=13jmebhbo/*http://www.networkforgood.org/topics/education/digitaldivide/?source=YAHOO&cmpgn=GRP&RTP=http://groups.yahoo.com/";>In
low income neighborhoods, 84% do not own computers. At Network for Good, help
bridge the Digital Divide!</a>.</font>
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
