IIS Virtual Directory Create Failure in Web Service :(

[Eskimo]

System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create

....

tried on the local development box and it had issues like this

until I gave permissions like described in Article ID 329986, scroll down,
Method A.

It is a double hop as I did the test at the bottom in the Quick Test section.



Code snippets:

Web.config for web service having the error shown above...

<identity impersonate="true" />
....

SCHEMA= "IIsWebVirtualDir";
mRootSubPath = "/W3SVC/1/Root";

....

DirectoryEntry deRoot= new DirectoryEntry("IIS://" + "localhost"
+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTypes.Secure);

....

if (Directory.Exists("c:\temp\Eskimo\") == false)
{

Directory.CreateDirectory("c:\temp\Eskimo\");

}

deRoot.RefreshCache();

DirectoryEntry deNewVDir =
deRoot.Children.Add("Eskimo",mSchema);

deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

....
deNewVDir.Properties["AccessRead"][0] =true;
deNewVDir.Properties["AccessWrite"][0] = true;
deNewVDir.Properties["AccessExecute"][0] = true;
deNewVDir.Properties["AuthAnonymous"][0] = false;
deNewVDir.Properties["AuthBasic"][0] = false;
deNewVDir.Properties["AuthNTLM"][0] = true;
deNewVDir.Properties["ContentIndexed"][0] = false;
deNewVDir.Properties["EnableDirBrowsing"][0] = true;
...
deNewVDir.Invoke("AppCreate",true);

deNewVDir.CommitChanges();
deRoot.CommitChanges();

deNewVDir.Close();

deRoot.Close();
....

Now: in a windows application it works great! I have a DLL project and a
windows app test project and the web service accessing the DLL project.
In a web service I get the error listed above...

 

[Daniel Fisher\(lennybacon\)]

You get the error because a WindowsApplication runs under the CodeGroup
My_Computer_Zone, WebServices and WebApplications run under
LocalIntranet_Zone. It's a CodeAccessSecurity issue.

Try to add an assembly with the code to the GAC, write a wrapper for the GAC
assembly and deploy it to the bin directory of the WebService and call the
methods of the wrapper from the assembly of your solution (WebService).

 

[Eskimo]

?????

It's installed on a win 2003 server with a web installation project. It
works fine on the dev box, not on the server <grrr - code fix? />

as such - it's in the gac! the dll project is just that - a dll referenced
via the web service. the windows app hits the same dll project.

code example please of the "hello world" web service for what you're
suggesting

You get the error because a WindowsApplication runs under the CodeGroup
My_Computer_Zone, WebServices and WebApplications run under
LocalIntranet_Zone. It's a CodeAccessSecurity issue.

Try to add an assembly with the code to the GAC, write a wrapper for the GAC
assembly and deploy it to the bin directory of the WebService and call the
methods of the wrapper from the assembly of your solution (WebService).

--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/

System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create

...

tried on the local development box and it had issues like this

until I gave permissions like described in Article ID 329986, scroll down,
Method A.

It is a double hop as I did the test at the bottom in the Quick Test
section.



Code snippets:

Web.config for web service having the error shown above...

<identity impersonate="true" />
...

SCHEMA= "IIsWebVirtualDir";
mRootSubPath = "/W3SVC/1/Root";

...

DirectoryEntry deRoot= new DirectoryEntry("IIS://" +
"localhost"
+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTypes.Secure);

...

if (Directory.Exists("c:\temp\Eskimo\") == false)
{

Directory.CreateDirectory("c:\temp\Eskimo\");

}

deRoot.RefreshCache();

DirectoryEntry deNewVDir =
deRoot.Children.Add("Eskimo",mSchema);

deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

...
deNewVDir.Properties["AccessRead"][0] =true;
deNewVDir.Properties["AccessWrite"][0] = true;
deNewVDir.Properties["AccessExecute"][0] = true;
deNewVDir.Properties["AuthAnonymous"][0] = false;
deNewVDir.Properties["AuthBasic"][0] = false;
deNewVDir.Properties["AuthNTLM"][0] = true;
deNewVDir.Properties["ContentIndexed"][0] = false;
deNewVDir.Properties["EnableDirBrowsing"][0] = true;
...
deNewVDir.Invoke("AppCreate",true);

deNewVDir.CommitChanges();
deRoot.CommitChanges();

deNewVDir.Close();

deRoot.Close();
...

Now: in a windows application it works great! I have a DLL project and a
windows app test project and the web service accessing the DLL project.
In a web service I get the error listed above...

 

[Joe Kaplan \(MVP - ADSI\)]

Actually, it would have been a SecurityException if it was related to CAS.
This was the Windows security error that we were previously discussing.
Also, it is more typical for web applications to run with Full Trust.
Downloaded controls tend to run in partial trust, but that wasn't being
discussed here.

Joe K.

?????

It's installed on a win 2003 server with a web installation project. It
works fine on the dev box, not on the server <grrr - code fix? />

as such - it's in the gac! the dll project is just that - a dll
referenced
via the web service. the windows app hits the same dll project.

code example please of the "hello world" web service for what you're
suggesting

You get the error because a WindowsApplication runs under the CodeGroup
My_Computer_Zone, WebServices and WebApplications run under
LocalIntranet_Zone. It's a CodeAccessSecurity issue.

Try to add an assembly with the code to the GAC, write a wrapper for the
GAC
assembly and deploy it to the bin directory of the WebService and call
the
methods of the wrapper from the assembly of your solution (WebService).

--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/

System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create

...

tried on the local development box and it had issues like this

until I gave permissions like described in Article ID 329986, scroll
down,
Method A.

It is a double hop as I did the test at the bottom in the Quick Test
section.



Code snippets:

Web.config for web service having the error shown above...

<identity impersonate="true" />
...

SCHEMA= "IIsWebVirtualDir";
mRootSubPath = "/W3SVC/1/Root";

...

DirectoryEntry deRoot= new DirectoryEntry("IIS://" +
"localhost"
+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTypes.Secure);

...

if (Directory.Exists("c:\temp\Eskimo\") == false)
{

Directory.CreateDirectory("c:\temp\Eskimo\");

}

deRoot.RefreshCache();

DirectoryEntry deNewVDir =
deRoot.Children.Add("Eskimo",mSchema);


deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

...
deNewVDir.Properties["AccessRead"][0] =true;
deNewVDir.Properties["AccessWrite"][0] = true;
deNewVDir.Properties["AccessExecute"][0] = true;
deNewVDir.Properties["AuthAnonymous"][0] = false;
deNewVDir.Properties["AuthBasic"][0] = false;
deNewVDir.Properties["AuthNTLM"][0] = true;
deNewVDir.Properties["ContentIndexed"][0] = false;
deNewVDir.Properties["EnableDirBrowsing"][0] = true;
...
deNewVDir.Invoke("AppCreate",true);

deNewVDir.CommitChanges();
deRoot.CommitChanges();

deNewVDir.Close();

deRoot.Close();
...

Now: in a windows application it works great! I have a DLL project and
a
windows app test project and the web service accessing the DLL project.
In a web service I get the error listed above...

 

[Eskimo]

So where do you assign a web service full trust? and the underlying dll's ?

Actually, it would have been a SecurityException if it was related to CAS.
This was the Windows security error that we were previously discussing.
Also, it is more typical for web applications to run with Full Trust.
Downloaded controls tend to run in partial trust, but that wasn't being
discussed here.

Joe K.

?????

It's installed on a win 2003 server with a web installation project. It
works fine on the dev box, not on the server <grrr - code fix? />

as such - it's in the gac! the dll project is just that - a dll
referenced
via the web service. the windows app hits the same dll project.

code example please of the "hello world" web service for what you're
suggesting

You get the error because a WindowsApplication runs under the CodeGroup
My_Computer_Zone, WebServices and WebApplications run under
LocalIntranet_Zone. It's a CodeAccessSecurity issue.

Try to add an assembly with the code to the GAC, write a wrapper for the
GAC
assembly and deploy it to the bin directory of the WebService and call
the
methods of the wrapper from the assembly of your solution (WebService).

--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/



System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create

...

tried on the local development box and it had issues like this

until I gave permissions like described in Article ID 329986, scroll
down,
Method A.

It is a double hop as I did the test at the bottom in the Quick Test
section.



Code snippets:

Web.config for web service having the error shown above...

<identity impersonate="true" />
...

SCHEMA= "IIsWebVirtualDir";
mRootSubPath = "/W3SVC/1/Root";

...

DirectoryEntry deRoot= new DirectoryEntry("IIS://" +
"localhost"
+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTypes.Secure);

...

if (Directory.Exists("c:\temp\Eskimo\") == false)
{

Directory.CreateDirectory("c:\temp\Eskimo\");

}

deRoot.RefreshCache();

DirectoryEntry deNewVDir =
deRoot.Children.Add("Eskimo",mSchema);


deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

...
deNewVDir.Properties["AccessRead"][0] =true;
deNewVDir.Properties["AccessWrite"][0] = true;
deNewVDir.Properties["AccessExecute"][0] = true;
deNewVDir.Properties["AuthAnonymous"][0] = false;
deNewVDir.Properties["AuthBasic"][0] = false;
deNewVDir.Properties["AuthNTLM"][0] = true;
deNewVDir.Properties["ContentIndexed"][0] = false;
deNewVDir.Properties["EnableDirBrowsing"][0] = true;
...
deNewVDir.Invoke("AppCreate",true);

deNewVDir.CommitChanges();
deRoot.CommitChanges();

deNewVDir.Close();

deRoot.Close();
...

Now: in a windows application it works great! I have a DLL project and
a
windows app test project and the web service accessing the DLL project.
In a web service I get the error listed above...

 

[Joe Kaplan \(MVP - ADSI\)]

In your case, you already have Full Trust. You can't even call
System.DirectoryServices.dll without it because it doesn't allow partially
trusted callers at all. So that isn't really important for the original
issue you were asking about. That is strictly an issue with Windows
security.

However, to modify CAS policy for a web application, you modify the
<securityPolicy> element in web.config.

Joe K.

So where do you assign a web service full trust? and the underlying dll's
?

Actually, it would have been a SecurityException if it was related to
CAS.
This was the Windows security error that we were previously discussing.
Also, it is more typical for web applications to run with Full Trust.
Downloaded controls tend to run in partial trust, but that wasn't being
discussed here.

Joe K.

?????

It's installed on a win 2003 server with a web installation project.
It
works fine on the dev box, not on the server <grrr - code fix? />

as such - it's in the gac! the dll project is just that - a dll
referenced
via the web service. the windows app hits the same dll project.

code example please of the "hello world" web service for what you're
suggesting

:

You get the error because a WindowsApplication runs under the
CodeGroup
My_Computer_Zone, WebServices and WebApplications run under
LocalIntranet_Zone. It's a CodeAccessSecurity issue.

Try to add an assembly with the code to the GAC, write a wrapper for
the
GAC
assembly and deploy it to the bin directory of the WebService and call
the
methods of the wrapper from the assembly of your solution
(WebService).

--
Daniel Fisher(lennybacon)
MCP ASP.NET C#
Blog: http://www.lennybacon.com/



System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at CreateVirtualDirectories.Dal.CreateWebVirtualDirectory.Create

...

tried on the local development box and it had issues like this

until I gave permissions like described in Article ID 329986, scroll
down,
Method A.

It is a double hop as I did the test at the bottom in the Quick Test
section.



Code snippets:

Web.config for web service having the error shown above...

<identity impersonate="true" />
...

SCHEMA= "IIsWebVirtualDir";
mRootSubPath = "/W3SVC/1/Root";

...

DirectoryEntry deRoot= new DirectoryEntry("IIS://" +
"localhost"
+ mRootSubPath,winAcctId,winAcctPwd,AuthenticationTypes.Secure);

...

if (Directory.Exists("c:\temp\Eskimo\") == false)
{

Directory.CreateDirectory("c:\temp\Eskimo\");

}

deRoot.RefreshCache();

DirectoryEntry deNewVDir =
deRoot.Children.Add("Eskimo",mSchema);


deNewVDir.Properties["Path"].Insert(0,"c:\temp\Eskimo\");

...
deNewVDir.Properties["AccessRead"][0] =true;
deNewVDir.Properties["AccessWrite"][0] = true;
deNewVDir.Properties["AccessExecute"][0] = true;
deNewVDir.Properties["AuthAnonymous"][0] = false;
deNewVDir.Properties["AuthBasic"][0] = false;
deNewVDir.Properties["AuthNTLM"][0] = true;
deNewVDir.Properties["ContentIndexed"][0] = false;
deNewVDir.Properties["EnableDirBrowsing"][0] = true;
...
deNewVDir.Invoke("AppCreate",true);

deNewVDir.CommitChanges();
deRoot.CommitChanges();

deNewVDir.Close();

deRoot.Close();
...

Now: in a windows application it works great! I have a DLL project
and
a
windows app test project and the web service accessing the DLL
project.
In a web service I get the error listed above...