VBAHole22 Posted August 12, 2004 Posted August 12, 2004 I am trying to access network resources from a web method as follows: <WebMethod(Description:="Authorize")> _ Public Function TestImpersonate() As String If File.Exists("//0501DD/PRO/12546/ENT.doc") Then Return "Authorized" Else Return "Locked Out" End If End Function I am locked out at all times. I have tried the following incantations of the impersonate line in my web.config: <identity impersonate="true" userName="administrator" password=""/> <identity impersonate="true" userName="administrator"/> <identity impersonate="true" /> I am an admin on this machine and I can see these files in windows explorer. I have tried adding in my actual login name instead of 'administrator' but then I can't even compile. I cannot compile with my login.domain either. Any suggestions? What would be the proper way to express one's full login name: First.Last/domain First.Last\domain First.Last@domain Quote Wanna-Be C# Superstar
Administrators PlausiblyDamp Posted August 12, 2004 Administrators Posted August 12, 2004 IIRC you can use the "DOMAIN\User" style of login - if on win2k domain then you might be able to use your UPN. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
VBAHole22 Posted August 12, 2004 Author Posted August 12, 2004 I am on win2k. What is UPN? I have tried \\domain\username \domain\username domain\username None will compile. It's as if Vis Studio is checking the username value at compile and it won't continue if it doesn't like it. Quote Wanna-Be C# Superstar
VBAHole22 Posted August 12, 2004 Author Posted August 12, 2004 An identical function works in an asp.net application with only <identity impersonate="true" /> Quote Wanna-Be C# Superstar
VBAHole22 Posted August 12, 2004 Author Posted August 12, 2004 I figured it out by looking at the IIS properties for both the web service and the asp.net page side by side. The only difference between the two was in the Directory Security>Edit Tab titled Authentication Methods. The asp.net page had anonymous access off and the web service had it checked. Once I unchecked it the web method works. I guess the reasoning is that if you have anonymous access then there can be no impersonating anyhow. Quote Wanna-Be C# Superstar
VBAHole22 Posted August 12, 2004 Author Posted August 12, 2004 Alright, the plot thickens. The method is authorized to check if the File.Exists with the following stub <identity impersonate="true"/> BUT... I have a web method that runs a function on a different thread that I spawn. That thread is NOT authorized to do anything to the file. Don't the threads you spawn run under the same scenario as the calling code? Quote Wanna-Be C# Superstar
VBAHole22 Posted August 12, 2004 Author Posted August 12, 2004 I pity anyone else in this predicament. MS says that this is 'behavior by design'. Basically it's a security threat for a secondary thread to run on the same impersonation as the primary thread. http://support.microsoft.com/default.aspx?scid=kb;EN-US;842790 This article offers 3 solutions. Two of which I have tried (1 & 2) and do not work. The third option is to edit machine.config and set the processmodel from Machine to System. Does anyone know what the implications of said change would be? I am loathe to try it. My only other option is to give up the performance that I was gaining from the twin threads and go back to synchronous. Oh well. MS giveth and MS taketh away. Quote Wanna-Be C# Superstar
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.