Welcome to the new platform of Programmers Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use it's exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.
ASPNET Security & Impersonation
I have been developing a web-based application that will manage our FTP servers by creating users, folders, setting NTFS security and creating virtual directories. I have been devloping these pages in VB.NET using DirectoryServices, and up until this point, I have had no problems. I have been abled to create local user accounts, folders and set their security on the remote servers but I have not been able to create virtual directories.
Here is my code...
Dim FTPService As DirectoryEntry
Dim FTPSites As DirectoryEntries
Dim FTPSite As DirectoryEntry
FTPServices = DirectoryEntry("IIS://SERVER/MSFTPSVC")
'FTPServices.UserName = "DomainUserName"
'FTPServices.Password = "Password"
FTPSites = FTPServices.Children
For Each FTPSite in FTPSites
Every time I execute this code against any IIS server other than what is running on my own machine, I get an Access Denied error for any property I attempt to access or change/add.
I have researched this for days, and every answer I find is security related. I have tried all of the following:
1. Configure IIS to run the website under admin credentials
2. Configure the machine.config to impersonate with admin credentials
3. Configure the web.config to impersonate with admin credentials
4. Use code level impersonation with admin credentials
All fail with Access Denied against both W2K/IIS5 and W2K3/IIS6 servers.
The security logs on all of these services shows failures by the ASPNET account on my machine attempting to access the box.
My questions are these...
1. Why can I use DirectoryServices to create and manage local user accounts on a remote server, as well as NTFS folders and their security, but NOT manage IIS on the remote server?
2. Why is my code NOT impersonating as shown by the security logs on the remote servers?
ANY help would be appreciated?
Before you respond, know that I have used accounts that DO have admin rights not only on those servers, but also elsewhere in the domain. I have no intent on using these extremely powerful accounts for the production version of my code, but just for determining the cause of this problem. Also, if there is another way besides DirectoryServices, I would be willing to entertain approaching this from another angle.