Calling COM objects from ASP.NET application.
Calling COM objects from ASP.NET application.
I think this is one of the common problems on the
newsgroups and I personally get weekly emails about that
issue. ASP.NET is running under dedicate process:
aspnet_wp(IIS 5) or w3wp(IIS 6). This process is running
under default user that defines in processmodel tag in
machine.config. the default user is System that got quit
limited rights that obviously don’t got rights to activate
COM objects.
The solution is to change the user with user with
sufficient rights or to add rights and as usual there are
several ways to do it. But before doing so remember the
reason way System user is limited, yes it’s about
security. If you will add new user with administrator
rights or add System user to administrator group you open
a big hole in your web security wall, so it’s better to
stay away from solution like this. The preferred solution
usually works with intranet application in enterprises.
This solution use impersonation to “transfer” the user
rights that authenticate via IIS to ASP.NET process and to
use the user rights to activate COM objects. This option
demands enforcing of windows authentication and disabling
of anonymous access of IIS security. To use this option
you need to add the identity tag to web.config :
<identity impersonate=”true”\>
the second option also use the identity tag but with
username and password attributes. Those attribute enables
us to define use that will replace the default defined by
impersonating the given user. Before setting a user create
a user with the minimum needed rights (see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh19.asp) this option usage might looks like:
<identity impersonate=”true” username=”myUser” password=”1234”) or to get values from registry