Home > Archive > WSH > February 2005 > Help in WMI in ASP.net application
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Help in WMI in ASP.net application
|
|
| John @ X 2005-02-17, 3:55 pm |
| Hi there,
We have been having trouble with the WMI in ASP.Net 2.0 application. let me
explain what we try to accomplish and please advice if this is the feasible
and correct solution if not help us to do it the right way.
There are many Services (such as Tomcat/watchdog events NT service/JVMI
services) which run on a remote servers(windows 2003/2000 server) and we
would like to stop the service from a ASP.Net application (web application).
We have created a DLL which can invoke the WMI APIs to stop/start the
services. The parameters that we pass or the server name (the host name),
user name who has administrative previleges on thsoe servers and the password
for that user. We are using the SystemName\cvim2 as the namespace.
Everything is working well when we try to invoke the DLL in development
environment (we are able to stop/start any servers remotely in Win XP
machine. But when we move to the production server the issue is that the
services are not able to be stopped or started. But we are able to query the
services. (we are able to find the services status thro the DLL).
We made a test application in VB form and tested in the production server as
well as from a remote machine it is giving the correct result. The only issue
which I am thinking of is IMPERSONATION of the user. When I log in from a
development server I am running as an administrator for the Web application
and it is able to commuicate to the remote server with the credentials I am
passing. But when I login to the PRODUCTION server after deploying the
ASP.net application I am using ASP.net user account which is not an
administrator. Is this the cause for this mishap. Please advice and help me
to fix this problem. It is been three days I am struggling to get this out
but in vain I am unable to figure out where things are going. i even tried
uninstalling the whole stuff like ASP .net, .net framework, web server but
none helps.
Any help would be greatly appreciated.
Thanks
John
| |
| Gerry Hickman 2005-02-17, 8:55 pm |
| Hi,
WMI is supposed to be Microsoft's implementation of WBEM, but in reality
the only way to achieve this is by hacking and damaging security. The
official Microsoft solution is to "Enable delegation on the IIS". Of
course not many SysAdmins in a real enterprise will allow this.
The problem stems from not being able to use NTLM over more than one
network hop; the password has been "hashed" after the first hop, so you
can't pass it to a second server.
Options include:
1. Using plain text passwords in your ASP (security risk)
2. Using plain text passwords in a COMponent (security risk)
3. Use Basic authentication on a web form (annoying, and also a security
risk)
4. Enable Delegation on the IIS (security risk)
5. Hack your computers
6. Hack your security
7. Use Basic auth with a web form over an SSL link (annoying but maybe
security is ok?)
8. Run IIS and ASP.NET with a different account (security risk)
I don't understnad why you "created a DLL" and "made a VB form", this
sounds like a very convoluted way of starting and stopping a few services.
John @ X wrote:
> Hi there,
> We have been having trouble with the WMI in ASP.Net 2.0 application. let me
> explain what we try to accomplish and please advice if this is the feasible
> and correct solution if not help us to do it the right way.
>
> There are many Services (such as Tomcat/watchdog events NT service/JVMI
> services) which run on a remote servers(windows 2003/2000 server) and we
> would like to stop the service from a ASP.Net application (web application).
> We have created a DLL which can invoke the WMI APIs to stop/start the
> services. The parameters that we pass or the server name (the host name),
> user name who has administrative previleges on thsoe servers and the password
> for that user. We are using the SystemName\cvim2 as the namespace.
> Everything is working well when we try to invoke the DLL in development
> environment (we are able to stop/start any servers remotely in Win XP
> machine. But when we move to the production server the issue is that the
> services are not able to be stopped or started. But we are able to query the
> services. (we are able to find the services status thro the DLL).
> We made a test application in VB form and tested in the production server as
> well as from a remote machine it is giving the correct result. The only issue
> which I am thinking of is IMPERSONATION of the user. When I log in from a
> development server I am running as an administrator for the Web application
> and it is able to commuicate to the remote server with the credentials I am
> passing. But when I login to the PRODUCTION server after deploying the
> ASP.net application I am using ASP.net user account which is not an
> administrator. Is this the cause for this mishap. Please advice and help me
> to fix this problem. It is been three days I am struggling to get this out
> but in vain I am unable to figure out where things are going. i even tried
> uninstalling the whole stuff like ASP .net, .net framework, web server but
> none helps.
> Any help would be greatly appreciated.
> Thanks
> John
--
Gerry Hickman (London UK)
| |
| Samster 2005-02-24, 4:56 pm |
| In my option you did the correct thing by creating a COM+ DLL. The only step I see you missing is that you need to register the DLL in COM+. Once you have put the DLL in COM+, assign a domain user that has rights to the boxes you are trying to start/stop the services on.
Thus, when a person invokes the methods you had crated, start/stop request to the servers will attempted with the creditials you had set when you registered the DLL in component services.
BTW: I've done this for many web applications i've coded where authentication is needed that grants the web user account greater rights on the network.
Thanks,
Samster
quote:
Originally posted by John @ X
Hi there,
We have been having trouble with the WMI in ASP.Net 2.0 application. let me
explain what we try to accomplish and please advice if this is the feasible
and correct solution if not help us to do it the right way.
There are many Services (such as Tomcat/watchdog events NT service/JVMI
services) which run on a remote servers(windows 2003/2000 server) and we
would like to stop the service from a ASP.Net application (web application).
We have created a DLL which can invoke the WMI APIs to stop/start the
services. The parameters that we pass or the server name (the host name),
user name who has administrative previleges on thsoe servers and the password
for that user. We are using the SystemName\cvim2 as the namespace.
Everything is working well when we try to invoke the DLL in development
environment (we are able to stop/start any servers remotely in Win XP
machine. But when we move to the production server the issue is that the
services are not able to be stopped or started. But we are able to query the
services. (we are able to find the services status thro the DLL).
We made a test application in VB form and tested in the production server as
well as from a remote machine it is giving the correct result. The only issue
which I am thinking of is IMPERSONATION of the user. When I log in from a
development server I am running as an administrator for the Web application
and it is able to commuicate to the remote server with the credentials I am
passing. But when I login to the PRODUCTION server after deploying the
ASP.net application I am using ASP.net user account which is not an
administrator. Is this the cause for this mishap. Please advice and help me
to fix this problem. It is been three days I am struggling to get this out
but in vain I am unable to figure out where things are going. i even tried
uninstalling the whole stuff like ASP .net, .net framework, web server but
none helps.
Any help would be greatly appreciated.
Thanks
John
|
|
|
|
|