How can I get a component to work in an ASP.NET application that works in a Windows Form?

[Dean R. Henderson]

I have a DTS Package I am able to execute successfully from a Windows Form
application, but I cannot get this to work from an ASP.NET Web Service,
although the Web Service impersonates the same user the Windows Form runs
under.

When I run the Web Service, I make a call to
"System.Security.Principal.WindowsIdentity.GetCurrent().Name" and this
verifies the user-id is the same account I am logged onto when I
successfully run my Windows Form application.

Both the Web Service and the Windows Form do the same setup and call the
DTS.Package.LoadFromSQLServer method with the same parameter values.

No error is returned when trying to execute the DTS Package from the ASP.NET
Web Service, but the DTS Package does not get executed.

The account that Aspnet_wp.exe runs under has been granted "Act as part of
the operating system" privilege, so it is able to impersonate the user
account the Windows Form is using, but is there some other privilege needed
so it can execute the DTS Package?

Thanks,

Dean

 

[Oliver]

Just checking but have you set the web.config for your Web service to use
impersonation?

<configuration>
<system.web>
<identity impersonate="true"/>
</system.web>
</configuration>

<configuration>
<system.web>
<identity>
userName="registry:HKLM\Software\AspNetIdentity,Name"
password="registry:HKLM\Software\AspNetIdentity,Pwd"
</identity>
</system.web>
</configuration>

 

[Dean R. Henderson]

Hi Oliver,

I tried a few ways to perform the impersonation based on Knowledge Base
article 306158, INFO: Implementing Impersonation in an ASP.NET Application.

One of the ways was to use settings in my web.config file similar to how
your show in your email.

The "System.Security.Principal.WindowsIdentity.GetCurrent().Name" procedure
returns the domain and user account I am trying to impersonate for the
different ways I have tried impersonation, but the DTS Package that I issue
the .Execute method on does not actually execute the Package.

I doing further testing with Events enabled, I have found the following
error is getting logged:

Step Error Source: Microsoft Data Transformation Services (DTS) Package
Step Error Description:Access is denied.
(Microsoft Data Transformation Services (DTS) Package (80070005): Access is
denied.)
(Microsoft SQL-DMO (80004005): [SQL-DMO]CreateFile error on
'<servername>.<databasename>.LOG'. Access is denied.)
Step Error code: 80070005
Step Error Help File:sqldts80.hlp
Step Error Help Context ID:1100

I do not get this error when executing the DTS Package from a Windows Form
application, so the ASP.NET impersonation is different somehow from how my
Windows Form application.

I don't understand why I get the Access is denied error from ASP.NET when
the system says I am the same user account that works without any error from
my Windows program.

Hopefully someone can help provide information to resolve this problem ...
Thanks,

Dean

 

[MSFT]

HI Dean,

From error message, the "access is dennied" occur when your DTS package is
tring to access the log file. If you disable this in DTS package, or
specify the log file with a common path like "c:\temp\myfile.log". With
impersonate, you may have same permission with when you logon on and
execute a window app. However, the difference is the account didn't have
some folder like "My Document" and so on when running a in WEB Service.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[MSFT]

HI Dean,

Is there any updates? Did my suggestion help?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 

[Dean R. Henderson]

Hi Luke,

I got the same error with the Log function enabled or disabled and when
enabled, I made sure it had a fully qualified reference to a valid file and
this file when specified would contain log output.

I cannot get impersonation to work for aspnet_wp.exe when the
%windir%\Microsoft.NET\Framework\v1.1.4322\CONFIG\machine.config points to
my <domain>\ASPUSER account.

I just recently found that if I change the machine.config file to point to
my admin account, then I can execute the DTS Package from ASP.NET, but this
creates a security exposure I want to avoid.

Therefore, it appears there is some security setting my admin account has
that my ASPUSER account does not have that is preventing the ASPUSER account
when running aspnet_wp.exe in the ASP.NET environment from being able to
execute the DTS Package.

I would appreciate any help regarding how to adjust the settings on my
ASPUSER account to allow this account to be used by ASP.NET with the ability
to execute a DTS Package.

Thanks,

Dean

 

[MSFT]

Hi Dean,

For impersonate solution, you may take a look following KB article:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158

You may test the System account to see if it can execute the DTS
successfully.

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)