Re: an indirect ASP security problem

#1

Hi Boban,

My initial question would be why do you have to "wake up" the windows
service? You could let that run on the machine with the proper crendentials
and then send it jobs through the website that it can pick up on
predetermined time intervals. The windows service could also run your dlls
and it can have an app.config file associated to it to contain data that is
needed like database connection strings.

hope this helps

Adam

"Boban Dragojlovic" <news (AT) _N_O_S_P_AM_dragojlovic (DOT) org> wrote

Quote:

I have an dot net website which calls a class (which is in a project that
is
referenced by the website project). I will call the class "WakeUp"

In other words, somepage.aspx.vb instantiates "wakeup" and calls a method
wakeup.now().

This method ... wakeup.now() ... uses the appropriate mechanism to start a
Windows Service.

When I try to run this on my web server, it fails because of lack of
permission.

If I add an <identity impersonate="true" ...> section to my web.config
file,
I can give it credentials so that the whole thing works.

The downside, of course, is that then the entire site runs under these
administrative credentials.

Is there a way that I can assign such administrative credentials (e.g.
impersonation) to only the "wakeup" class, instead of to the entire
website.
Since wakeup.dll is in the website\bin folder, it doesn't have its own
.config file.

Thanks,

b

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Re: an indirect ASP security problem

ASP.net Security microsoft.public.dotnet.framework.aspnet.security

Re: an indirect ASP security problem - 09-04-2003 , 06:41 PM