Calling COM objects from ASP.NET application.

Calling COM objects from ASP.NET application.

I think this is one of the common problems on the newsgroups and I personally get weekly emails about that issue. ASP.NET is running under dedicate process: aspnet_wp(IIS 5) or w3wp(IIS 6). This process is running under default user that defines in processmodel tag in machine.config. the default user is System that got quit limited rights that obviously don’t got rights to activate COM objects.

The solution is to change the user with user with sufficient rights or to add rights and as usual there are several ways to do it. But before doing so remember the reason way System user is limited, yes it’s about security. If you will add new user with administrator rights or add System user to administrator group you open a big hole in your web security wall, so it’s better to stay away from solution like this. The preferred solution usually works with intranet application in enterprises. This solution use impersonation to “transfer” the user rights that authenticate via IIS to ASP.NET process and to use the user rights to activate COM objects. This option demands enforcing of windows authentication and disabling of anonymous access of IIS security. To use this option you need to add the identity tag to web.config :

<identity impersonate=”true”\>

the second option also use the identity tag but with username and password attributes. Those attribute enables us to define use that will replace the default defined by impersonating the given user. Before setting a user create a user with the minimum needed rights (see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh19.asp) this option usage might looks like:

<identity impersonate=”true” username=”myUser” password=”1234”) or to get values from registry