Welcome to MobyThreads.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

IIS Management and ASP.Net Impersonation

  
   Web Hosting and Web Master Forums (Home) -> IIS RSS
Related Topics:
IIS 6 management from XP - I that there is no way to manage IIS 6 from Windows XP using any MMC tool and that this feature was planned for XP Service Pack 2. However, in the light that SP2 has been pushed back into the middle of 2004, Microsoft - PLEASE

IIS 5.0 CRL management - Hi, I'm working on a windows 2000 server with IIS 5.0 . I SSL with client I did some tests on but it doesn't seem to work I revoked a client I checked that the CRL was

Using IIS for State Management - Is it possible to use IIS for state in an Intranet AND Extranet What I'm trying to do is to preserve session for a user regarding resources and apps) across different web This..

Log file management - I noted that my site log files seemed to end around 2/21/04. After checking my server I found that the drive where log files are stored is maxed out. How do you manage these log files? Is there a way in IIS to purge the oldest files based upon a..

process management - somebody knows if there's a kind of or script for IIS for process to prevent processes to run over ( permitted ) a specified time. (eg.. a asp script that performs a query. The script has only a single minute to..
Next:  IIS: disable http 1.0 capabilities  
Author Message
Mick Walker

External


Since: Sep 12, 2007
Posts: 5



(Msg. 1) Posted: Tue Oct 23, 2007 11:58 am
Post subject: IIS Management and ASP.Net Impersonation
Archived from groups: microsoft>public>inetserver>iis, others (more info?)
I am attempting to write a web application that will allow various users
(under very tight security) to control IIS.

I am using Microsoft.Web.Administration.dll to do this.

If I try the following:

ServerManager iisManager = new ServerManager();
iisManager.Sites.Add("NewSite", "http", "*:8080:", "d:\\MySite");
iisManager.CommitChanges();

I get the error:

Filename: redirection.config
Error: Cannot read configuration file due to insufficient permissions


Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Filename:
redirection.config
Error: Cannot read configuration file due to insufficient permissions



ASP.NET is not authorized to access the requested resource. Consider
granting access rights to the resource to the ASP.NET request identity.
ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
or Network Service on IIS 6) that is used if the application is not
impersonating. If the application is impersonating via <identity
impersonate="true"/>, the identity will be the anonymous user (typically
IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer,
choose "Properties" and select the Security tab. Click "Add" to add the
appropriate user or group. Highlight the ASP.NET account, and check the
boxes for the desired access.


What account should I set ASP.Net to impersonate to be able to have the
required permissions for this operation?

Regards
Mick Walker

 >> Stay informed about: IIS Management and ASP.Net Impersonation 
Back to top
Login to vote
kenremove

External


Since: Aug 23, 2003
Posts: 2901



(Msg. 2) Posted: Wed Oct 24, 2007 12:23 pm
Post subject: Re: IIS Management and ASP.Net Impersonation [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi,

I am going to assuing you are using IIS 7.0

redirection.config is used when enabling IIS 7.0's "shared configuration"
feature. This allows you to store IIS 7.0 configuration on a remote file
share, rather than locally in the default location.

By default, only users in the local Administrators group have permission to
alter this file. Additionally, the LocalSystem account (which is what the
Windows Activation Service and IIS Admin Service run as) must have
permission to read this file in order to read it's contents.

So you can either:
a) impersonate a user in the Administrators group
b) grant an additional user Read permissions to this file, and impersonate
this second user (this would obviuosly be the more secure way of doing
things)

Cheers
Ken

"Mick Walker" <materialised RemoveThis @privacy.net> wrote in message
news:5o6gigFld69dU1@mid.individual.net...
>I am attempting to write a web application that will allow various users
>(under very tight security) to control IIS.
>
> I am using Microsoft.Web.Administration.dll to do this.
>
> If I try the following:
>
> ServerManager iisManager = new ServerManager();
> iisManager.Sites.Add("NewSite", "http", "*:8080:", "d:\\MySite");
> iisManager.CommitChanges();
>
> I get the error:
>
> Filename: redirection.config
> Error: Cannot read configuration file due to insufficient permissions
>
>
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information
> about the error and where it originated in the code.
>
> Exception Details: System.UnauthorizedAccessException: Filename:
> redirection.config
> Error: Cannot read configuration file due to insufficient permissions
>
>
>
> ASP.NET is not authorized to access the requested resource. Consider
> granting access rights to the resource to the ASP.NET request identity.
> ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5
> or Network Service on IIS 6) that is used if the application is not
> impersonating. If the application is impersonating via <identity
> impersonate="true"/>, the identity will be the anonymous user (typically
> IUSR_MACHINENAME) or the authenticated request user.
>
> To grant ASP.NET access to a file, right-click the file in Explorer,
> choose "Properties" and select the Security tab. Click "Add" to add the
> appropriate user or group. Highlight the ASP.NET account, and check the
> boxes for the desired access.
>
>
> What account should I set ASP.Net to impersonate to be able to have the
> required permissions for this operation?
>
> Regards
> Mick Walker

 >> Stay informed about: IIS Management and ASP.Net Impersonation 
Back to top
Login to vote
Mick Walker

External


Since: Sep 12, 2007
Posts: 5



(Msg. 3) Posted: Wed Oct 24, 2007 12:23 pm
Post subject: Re: IIS Management and ASP.Net Impersonation [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Ken Schaefer wrote:
> Hi,
>
> I am going to assuing you are using IIS 7.0
>
> redirection.config is used when enabling IIS 7.0's "shared
> configuration" feature. This allows you to store IIS 7.0 configuration
> on a remote file share, rather than locally in the default location.
>
> By default, only users in the local Administrators group have permission
> to alter this file. Additionally, the LocalSystem account (which is what
> the Windows Activation Service and IIS Admin Service run as) must have
> permission to read this file in order to read it's contents.
>
> So you can either:
> a) impersonate a user in the Administrators group
> b) grant an additional user Read permissions to this file, and
> impersonate this second user (this would obviuosly be the more secure
> way of doing things)
>
> Cheers
> Ken
Thanks for that reply Ken.

Obviously security needs to be at its tightest even though the system
will only be used locally.
I am just wondering would it be possible to store multiple servers
redirections.config files in a network share? And manage them from a
single instance of IIS?
Or would it be better to simply create an Instance of the Hosting
Provisioning tool on each seperate server and redirect based on the
server selected by the user?

For a better idea of what I am doing here, see:
http://groups.google.co.uk/group/microsoft.public.inetserver.iis/brows...hread/t
 >> Stay informed about: IIS Management and ASP.Net Impersonation 
Back to top
Login to vote
Mick Walker

External


Since: Sep 12, 2007
Posts: 5



(Msg. 4) Posted: Wed Oct 24, 2007 1:57 pm
Post subject: Re: IIS Management and ASP.Net Impersonation [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Ken Schaefer wrote:
> Hi,
>
> You could just buy one of the existing solutions out there (like Helm).
>
> The redirection.config file is always local. It stores the location of
> where the server's applicationHost.config (and other config files are)
> if those files aren't stored in the default directory.
>
> Cheers
> Ken
>
>
Normally would agree with you, however we looked at various options,
Helm, Plesk etc. And all of these would require substantial internal
development to intergrate with other existing systems such as Active
Directory and our in house billing system, as it is not just a cause of
billing for hosting, but more full Media management (broadband, dial up,
Telephone, TV - and it gets more complex due to the fact we serve the
whole of Ireland (North and South) so we have the issue that the North
uses GBP and the South uses Euros).
Were also partnering with the Microsoft RDP team on this, so we are
recieving investment of time and resources in return for becoming a
windows 2008 case study.
At the moment all updates to IIS are done manually. So were just trying
to create a tool which can automate the process and 'talk' to our
billing system (and log actions as this is something which isnt done!).
 >> Stay informed about: IIS Management and ASP.Net Impersonation 
Back to top
Login to vote
kenremove

External


Since: Aug 23, 2003
Posts: 2901



(Msg. 5) Posted: Thu Oct 25, 2007 2:08 am
Post subject: Re: IIS Management and ASP.Net Impersonation [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi,

You could just buy one of the existing solutions out there (like Helm).

The redirection.config file is always local. It stores the location of where
the server's applicationHost.config (and other config files are) if those
files aren't stored in the default directory.

Cheers
Ken


"Mick Walker" <materialised.TakeThisOut@privacy.net> wrote in message
news:5o897vFli5ufU1@mid.individual.net...
> Ken Schaefer wrote:
>> Hi,
>>
>> I am going to assuing you are using IIS 7.0
>>
>> redirection.config is used when enabling IIS 7.0's "shared configuration"
>> feature. This allows you to store IIS 7.0 configuration on a remote file
>> share, rather than locally in the default location.
>>
>> By default, only users in the local Administrators group have permission
>> to alter this file. Additionally, the LocalSystem account (which is what
>> the Windows Activation Service and IIS Admin Service run as) must have
>> permission to read this file in order to read it's contents.
>>
>> So you can either:
>> a) impersonate a user in the Administrators group
>> b) grant an additional user Read permissions to this file, and
>> impersonate this second user (this would obviuosly be the more secure way
>> of doing things)
>>
>> Cheers
>> Ken
> Thanks for that reply Ken.
>
> Obviously security needs to be at its tightest even though the system will
> only be used locally.
> I am just wondering would it be possible to store multiple servers
> redirections.config files in a network share? And manage them from a
> single instance of IIS?
> Or would it be better to simply create an Instance of the Hosting
> Provisioning tool on each seperate server and redirect based on the server
> selected by the user?
>
> For a better idea of what I am doing here, see:
> http://groups.google.co.uk/group/microsoft.public.inetserver.iis/brows...hread/t
 >> Stay informed about: IIS Management and ASP.Net Impersonation 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting and Web Master Forums (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]