需要有关Web安全性的帮助 [英] Need help on a Web security thing
问题描述
我写了一个非常简单的网络应用程序,我遇到各种各样的问题
,安全性受阻。所有Web应用程序都会加载
作为服务运行的进程外COM服务器。代码在这里
为WinForm C#应用程序(可正常工作)和Web
应用程序(无法正常工作)编写:
// C#应用程序
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration( );
// WEB应用程序
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
我得到一个异常:System.UnautorizedAccessException:访问被拒绝。
因此,我试图简单地使用它,我将IUSR_CDTBTL1F6
用户和ASPNET用户添加到管理员帐户,但没有效果。
我的授权我的Web.Config中的部分如下所示:
< authentication mode =" None" />
< authorization>
< allow users =" *" />
< / authorization>
此Web应用程序在我的Windows XP开发机器上运行正常但是如果
我试着把它放在我的Windows 2000测试机器上,它给了我一个例外。
任何人都有任何想法,我可以从这里去?我知道Web应用程序访问本地COM对象没有其他安全性。
谢谢
我在机器上运行文件监视器并在浏览器中重现错误
但是我没有看到故障类型结果但仍然有错误消息。嗯。
这对我来说似乎很奇怪。
" Jayme Pechan" < JA ********** @ whitefeld.com>在消息中写道
新闻:uD ************** @ TK2MSFTNGP10.phx.gbl ...我写的很简单网络应用程序和我有各种各样的问题
与安全性阻碍。所有Web应用程序都是
加载作为服务运行的进程外COM服务器。代码是
,这里为WinForm C#应用程序(可正常工作)和
Web应用程序(无法正常工作)编写:
// C#application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB APPLICATION
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
我得到一个异常:System.UnautorizedAccessException:Access被拒绝。
因此,为了简单地让这个工作,我将IUSR_CDTBTL1F6
用户和ASPNET用户添加到管理员帐户,但没有效果。
我的Web.Config中的授权部分如下所示:
< authentication mode =" None" />
< authorization>
< allow users =" *" />
< / authorization>
这个Web应用程序在我的Windows XP开发机器上工作正常,但是如果我尝试将它放在我的Windows 2000上,则需要
测试机器,它给我
例外。我有什么想法可以从这里出发吗?我知道Web应用程序没有其他
安全机制来访问本地COM对象。
您为几个用户授予了权限,但COM
服务器运行的身份是什么?
-
Scott
http://www.OdeToCode.com/blogs/ scott /
周一,2004年12月6日12:50:19 -0800,Jayme Pechan
< ja ** ********@whitefeld.com>写道:
我写了一个非常简单的网络应用程序,我遇到各种各样的问题
安全性阻碍了。所有Web应用程序都会加载作为服务运行的进程外COM服务器。这里的代码是为WinForm C#应用程序(可正常工作)和Web应用程序(无法正常工作)编写的:
// C#application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB APPLICATION
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
我得到一个异常:System.UnautorizedAccessException:Access被拒绝。
因此,为了简单地让这个工作,我将IUSR_CDTBTL1F6
用户和ASPNET用户添加到管理员帐户,但没有效果。
我的Web.Config中的授权部分如下所示:
< authentication mode =" None" />
< authorization>
< allow users =" *" />
< / authorization>
这个Web应用程序在我的Windows XP开发机器上运行正常但是如果我试着把它放在我的Windows 2000上测试机,它给了我例外。
任何人有任何想法,我可以从这里去?我知道Web应用程序无法访问本地COM对象的其他安全性。
您需要使用DCOMCNFG.EXE设置您的DCOM权限
Willy。
Jayme Pechan < JA ********** @ whitefeld.com>在消息中写道
新闻:uD ************** @ TK2MSFTNGP10.phx.gbl ...我写的很简单网络应用程序和我有各种各样的问题
与安全性阻碍。所有Web应用程序都负载
一个作为服务运行的进程外COM服务器。这里的代码是为WinForm C#应用程序(可以正常工作)和一个
Web应用程序(无法正常工作)编写的:
// C#application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB应用程序
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
我得到异常:System.UnautorizedAccessException:拒绝访问。
因此,为了简单地使用它,我将IUSR_CDTBTL1F6
用户和ASPNET用户添加到管理员帐户,但没有任何效果。
我的Web.Config中的授权部分如下所示:
< authentication mode =" None" />
< authorization>
< allow users =" *" />
< / authorization>
这个Web应用程序在我的Windows XP开发机器上运行正常但是如果我试着把它放到它上面在我的Windows 2000测试机器上,它给了我
例外。
任何人都有任何想法,我可以从这里去?我知道Web应用程序无法访问本地COM对象的其他安全性。
I wrote a very simply web application and I''m having all sorts of problems
with the security getting in the way. All the web application does is load
an out-of-process COM server that is running as a service. The code is here
written for both a WinForm C# application (which works correctly) and a Web
application (which does not work correctly):
// C# application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB APPLICATION
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
I get an exception : System.UnautorizedAccessException: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6
user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
This Web Application works fine on my Windows XP development machine but if
I try to put it on my Windows 2000 test machine, it gives me the exception.
Anyone have any ideas where I can go from here? I know of no other security
mechnism for a Web Application to access a local COM object.
Thanks
I ran File Monitor on the machine and reproduced the error in the browser
but I saw no failure type result but still got the error message. Hmmm.
This seems very odd to me.
"Jayme Pechan" <ja**********@whitefeld.com> wrote in message
news:uD**************@TK2MSFTNGP10.phx.gbl...I wrote a very simply web application and I''m having all sorts of problems
with the security getting in the way. All the web application does is load an out-of-process COM server that is running as a service. The code is here written for both a WinForm C# application (which works correctly) and a Web application (which does not work correctly):
// C# application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB APPLICATION
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
I get an exception : System.UnautorizedAccessException: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6
user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
This Web Application works fine on my Windows XP development machine but if I try to put it on my Windows 2000 test machine, it gives me the exception. Anyone have any ideas where I can go from here? I know of no other security mechnism for a Web Application to access a local COM object.
Thanks
You gave permissions to a couple users, but what identity does the COM
server run with?
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Mon, 6 Dec 2004 12:50:19 -0800, "Jayme Pechan"
<ja**********@whitefeld.com> wrote:
I wrote a very simply web application and I''m having all sorts of problems
with the security getting in the way. All the web application does is load
an out-of-process COM server that is running as a service. The code is here
written for both a WinForm C# application (which works correctly) and a Web
application (which does not work correctly):
// C# application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB APPLICATION
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
I get an exception : System.UnautorizedAccessException: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6
user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
This Web Application works fine on my Windows XP development machine but if
I try to put it on my Windows 2000 test machine, it gives me the exception.
Anyone have any ideas where I can go from here? I know of no other security
mechnism for a Web Application to access a local COM object.
Thanks
You need to set your DCOM permissions using DCOMCNFG.EXE
Willy.
"Jayme Pechan" <ja**********@whitefeld.com> wrote in message
news:uD**************@TK2MSFTNGP10.phx.gbl...I wrote a very simply web application and I''m having all sorts of problems
with the security getting in the way. All the web application does is
load
an out-of-process COM server that is running as a service. The code is
here
written for both a WinForm C# application (which works correctly) and a
Web
application (which does not work correctly):
// C# application
xtapisvrLib.XtapiConfig x = new xtapisvrLib.XtapiConfigClass();
txtConfig.Text = x.GetConfiguration();
// WEB APPLICATION
xtapisvrLib.XtapiConfig xc = new xtapisvrLib.XtapiConfigClass();
TextBox1.Text = xc.GetConfiguration();
I get an exception : System.UnautorizedAccessException: Access is denied.
So as an attempted to simply get this working, I added the IUSR_CDTBTL1F6
user and the ASPNET user to the administrator account with no effect.
My authorization section in my Web.Config looks like this:
<authentication mode="None" />
<authorization>
<allow users="*" />
</authorization>
This Web Application works fine on my Windows XP development machine but
if
I try to put it on my Windows 2000 test machine, it gives me the
exception.
Anyone have any ideas where I can go from here? I know of no other
security
mechnism for a Web Application to access a local COM object.
Thanks
这篇关于需要有关Web安全性的帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
