|
| System.UnauthorizedAccessException: Access is denied |
|
|
|
|
| Messages |
|
Related Types |
This message was discovered on microsoft.public.dotnet.framework.aspnet.security.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.
| Efi (VIP) |
| GOOD ANSWER |
Hi,
We have a simple 3 tier application which its core application is VC++ 6.0
ATL COM running as a server application in the COM+. An asp pipe is in charge
of handling the requests and passes it to the COM for processing.
We are now trying to migrate the asp pipe to Asp.Net (C#).
When running the above configuration with Asp.Net on IIS 5.0 (W2K) we have
no problems but when trying the do it on IIS 6.0 (W2K3) we are getting the
following error which is basically access denied error on the line that tries
to create the COM instancing.
Access is denied.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information about
the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access is denied.
ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or
Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the boxes
for the desired access.
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.
Stack Trace:
[UnauthorizedAccessException: Access is denied.]
BurstingPipe.Net.WebForm1.Page_Load(Object sender, EventArgs e) in
d:\burstingweb\burstingpipe.net\adserverpipe.aspx.cs:160
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +731
I've tried to set permissions (ASPNET and Network Service) on files and in
the COM+ (Launching permissions).
Help Please!!!
Thanks,
Efi
|
|
|
| |
|
|
| |
| |
| Prodip Saha |
ASPNET account is local to the web server machine and normally it is not a
domain account. Granting permission to the ASPNET account may not bring any
good because it has no permission outside the box.
Are you implementing Windows Integrated Authentication? If so, you can turn
the impersonation to true (i.e. use the original callers domain account) in
code before calling the COM+ component and turn it back to false by using
Undo method. You can also trun the impersonation to true at all time but it
really depends on the architecture of the application.
If you are not using the Windows Integrated Authentication, you can
impersonate a specific user with their username and password. Look at this
article on how to do it--
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT01.asp
A lot more can be said but it's hard to comment w/o knowing the architecture
of the asp.net application.
Prodip
"Efi" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
|
|
|
| |
|
| |
|
|
|
|
|
|
|
|
BootFX
Reliable and powerful .NET application framework. |
|
|
|
|
|
|
