it doesn't go in the authorization element, this is a separate element and has nothing to with authorization. Stick it under system.web. Check out
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfIdentitySection.asp On 8/9/05, Mike Belcher <[EMAIL PROTECTED]> wrote: > So instead of : > > > <authorization> > <allow users="*" /> <!-- Allow all users --> > > <!-- <allow users="[comma separated list of users]" > roles="[comma separated list of roles]"/> > <deny users="[comma separated list of users]" > roles="[comma separated list of roles]"/> > --> > </authorization> > > > > I put: > > > <authorization> > > > <identity impersonate="true" userName="domain\username" > password="password"/> > > <!-- <allow users="[comma separated list of users]" > roles="[comma separated list of roles]"/> > <deny users="[comma separated list of users]" > roles="[comma separated list of roles]"/> > --> > </authorization> > > > > -----Original Message----- > From: [email protected] > [mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala > Sent: Tuesday, August 09, 2005 8:42 AM > To: [email protected] > Subject: Re: [AspNetAnyQuestionIsOk] Windows > ServiceAdministrationwithASP.NET ... Access denied > > web.config > > On 8/9/05, Mike Belcher <[EMAIL PROTECTED]> > wrote: > > Were does this line go? > > <identity impersonate="true" userName="domain\username" > > password="password"/> > > > > in the html or web config ............... If I could see what it looks > > like. > > > > -----Original Message----- > > From: [email protected] > > [mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala > > Sent: Monday, August 08, 2005 11:35 PM > > To: [email protected] > > Subject: Re: [AspNetAnyQuestionIsOk] Windows > > ServiceAdministrationwithASP.NET ... Access denied > > > > Mike, > > I turned off anonymous access, set the identity to impersonate, and > > was able to shut down a service from a web page. The app will use the > > logged in user's permissions to access the system. > > > > If you want to impersonate a specific account, you can do that too: > > > > <identity impersonate="true" userName="domain\username" > > password="password"/> > > > > The app will use the permissions for whichever account you set here. > > Note that means any user that can access the page will be able to turn > > off the service. That's why I like the logged-in user impersonation, > > at least they need to be authenticated by the system. > > > > The default account that ASP.NET runs under depends on the OS. Under > > XP it runs under the ASPNET account, under 2003 it does run under > > network services. > > > > On 8/8/05, Mike Belcher <[EMAIL PROTECTED]> > > wrote: > > > Oh BTW just for the fun of it I gave the aspnet account admin privileges > > to > > > try it and still access denied.............. Doesn't asp also use the > > > network service account. If I go to even viewer that is what is listed > > there > > > during this error........ > > > > > > > > > Event code: 3005 > > > Event message: An unhandled exception has occurred. > > > Event time: 8/8/2005 10:33:39 PM > > > Event time (UTC): 8/9/2005 2:33:39 AM > > > Event ID: 4cff5bf8164b42c99bc456c37bbd294b > > > Event sequence: 63 > > > Event occurrence: 6 > > > Event detail code: 0 > > > > > > Application information: > > > Application domain: /LM/W3SVC/1/ROOT-1-127680280702061250 > > > Trust level: Full > > > Application Virtual Path: / > > > Application Path: c:\someplace\ > > > Machine name: astupidname > > > > > > Process information: > > > Process ID: 4032 > > > Process name: w3wp.exe > > > Account name: NT AUTHORITY\NETWORK SERVICE > > > > > > Exception information: > > > Exception type: InvalidOperationException > > > Exception message: Cannot open CSS 10003 service on computer '.'. > > > > > > Request information: > > > Request URL: > > > http://www.gamznmore.com/CSS_.aspx?ServerAction=StartStopRestart > > > Request path: /CSS_.aspx > > > User host address: 69.89.163.0 > > > User: > > > Is authenticated: False > > > Authentication Type: > > > Thread account name: NT AUTHORITY\NETWORK SERVICE > > > > > > Thread information: > > > Thread ID: 5 > > > Thread account name: NT AUTHORITY\NETWORK SERVICE > > > Is impersonating: False > > > Stack trace: at > > > System.ServiceProcess.ServiceController.GetServiceHandle(Int32 > > > desiredAccess) > > > at System.ServiceProcess.ServiceController.Stop() > > > at gamznmore.CSS_.ButtonStopServer_Click(Object sender, EventArgs e) > > > at System.Web.UI.WebControls.Button.OnClick(EventArgs e) > > > at System.Web.UI.WebControls.Button.RaisePostBackEvent(String > > > eventArgument) > > > at > > > > > > System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePo > > > stBackEvent(String eventArgument) > > > at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler > > > sourceControl, String eventArgument) > > > at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection > postData) > > > at System.Web.UI.Page.ProcessRequestMain(Boolean > > > includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) > > > > > > > > > Custom event details: > > > > > > For more information, see Help and Support Center at > > > http://go.microsoft.com/fwlink/events.asp. > > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Belcher > > > Sent: Monday, August 08, 2005 10:10 PM > > > To: [email protected] > > > Subject: RE: [AspNetAnyQuestionIsOk] Windows > > > ServiceAdministrationwithASP.NET ... Access denied > > > > > > I was wondering how could I pass a username and password of an account > to > > > allow this page to be able to stop and start the service in the code? I > > have > > > this part > > > > > > > > > Dim myController As New > > System.ServiceProcess.ServiceController("CSS > > > SERVER 10003") > > > > > > If myController.CanStop Then > > > > > > myController.Stop() > > > myController.Start() > > > Response.Write(myController.ServiceName & " Restarted.") > > > > > > Else > > > Response.Write(myController.ServiceName & " cannot stop.") > > > > > > End If > > > > > > > > > if I do like I said myController.Stop() then I get access denied. I did > > > notice on the server that the account is defaulted to local service so I > > > tried network server and aspnet also. Denied. I think I have to include > a > > > username and a password to make it work in the code. I search but can't > > find > > > anything on it............. > > > > > > > > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Dean Fiala > > > Sent: Monday, August 08, 2005 9:52 PM > > > To: [email protected] > > > Subject: Re: [AspNetAnyQuestionIsOk] Windows > > > ServiceAdministrationwithASP.NET ... Access denied > > > > > > Mike, > > > Since this page is something that I assume only admin users will be > > > using as it will be a bit dangerous, I'd make it a separate app and I > > > would use Windows Authentication for it > > > I would turn off anonymous access in IIS and and then set up the app > > > to impersonate the logged in user. > > > <identity impersonate="true"/> > > > > > > A logged-in user with admin privileges will be able to access the > service. > > > > > > Giving the ASP.NET user admin priveleges means that every app on the > > > machine running under the ASP.NET account will have admin priveleges. > > > > > > > > > On 8/8/05, Mike Belcher > <[EMAIL PROTECTED]> > > > wrote: > > > > I have the same problem this guy below has...... is this solution what > I > > > > need to do? I noticed my service is currently running under the > Network > > > > service account: > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Dean Fiala > > Very Practical Software, Inc > > http://www.vpsw.com > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > > > > -- > Dean Fiala > Very Practical Software, Inc > http://www.vpsw.com > > > > > Yahoo! Groups Links > > > > > > > > > > > > > > Yahoo! Groups Links > > > > > > > -- Dean Fiala Very Practical Software, Inc http://www.vpsw.com ------------------------ Yahoo! Groups Sponsor --------------------~--> <font face=arial size=-1><a href="http://us.ard.yahoo.com/SIG=12h4o6i8g/M=362131.6882499.7825260.1510227/D=groups/S=1705006764:TM/Y=YAHOO/EXP=1123618366/A=2889191/R=0/SIG=10r90krvo/*http://www.thebeehive.org ">Get Bzzzy! (real tools to help you find a job) Welcome to the Sweet Life - brought to you by One Economy</a>.</font> --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
