Access denied to WMI when using it from ASP .NET Web Services project.
Jean-Francois Hamelin
I have created a ASP .NET Web Services to export some WMI information on a
W2K SP2 box. When connecting my ManagementScope object and exception is
raised with the following message: "Access Denied" when calling from the
service test page.
Here's the code ( C# ).
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using System.Management;
namespace Management
{
public class Service1 : System.Web.Services.WebService
{
public Service1()
{
InitializeComponent();
}
[WebMethod]
public string Connect()
{
ManagementScope scope = new ManagementScope("root\\CIMV2");
try
{
scope.Connect();
return "Success";
}
catch( System.Exception e )
{
return e.Message;
}
}
}
}
Thanks
JF
Joakim Söderberg
something like the following you will achieve the same thing but you get to
specify user credentials for connecting:
ConnectionOptions options = new ConnectionOptions;
options.Username = "<login name>";
options.Password = "<password>";
ManagementScope scope = new ManagementScope("\\\\root\\cimv2", options);
ObjectQuery oq = new ObjectQuery("SELECT * FROM
Win32_ComputerSystemProduct");
ManagementObjectSearcher query = new ManagementObjectSearcher(scope,oq);
ManagementObjectCollection queryCollection = query.Get();
"Jean-Francois Hamelin" <jean-franc...@srtelecom.com> wrote in
message news:uAnwrdo9BHA.1612@tkmsftngp07...
Jean-Francois Hamelin
Application project type, it's execute with any problems.
"Joakim Söderberg" <joakim.s...@ies.luth.se> wrote in message
news:#qge8po9BHA.1868@tkmsftngp04...
Andy Cheung [MS]
likely when an ASP.NET web application tries to access System.Management
with aspnet.exe worker process running under ASPNET account, which is a
default in .NET RTM. There are two ways to work around the access problem
you saw.
1) Give <MachineNameHere>\ASPNET account remote-enable privilege to the
namespace your web application is accessing (e.g. root\cimv2).
To do that, run wmimgmt.msc. Right click "WMI Control" and select
"Properties". Select the security tab and un-fold the namespace structure to
find the namespace you want to allow your application to access. Click the
security button and add ASPNET account. Check "Remote Enable" and click OK.
NOTE: It is not recommened to grant 'Remote Enable' privilege to EVERYONE.
2) Modify the username attribute in <processModel> tag in the machine.config
file from "machine" to "system". This allows aspnet.exe worker process to
run as local system (admin privilege) account. You need to restart IIS to
let this take effect.
NOTE: This workaround, however, is not recommended.
This problem will be fixed by the upcoming service pack of Windows 2000 and
Windows XP.
--
Andy Cheung
Microsoft WMI Test Engineer
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Jean-Francois Hamelin" <jean-franc...@srtelecom.com> wrote in
message news:eb9BgRr9BHA.2432@tkmsftngp04...
Richard K Bethell
news:uEPXyfU$BHA.2296@tkmsftngp05...
> The "Access Denied" error is returned by System.Management. It happens
most
> likely when an ASP.NET web application tries to access System.Management
> with aspnet.exe worker process running under ASPNET account, which is a
> default in .NET RTM. There are two ways to work around the access problem
> you saw.
>
> 2) Modify the username attribute in <processModel> tag in the
machine.config
> file from "machine" to "system". This allows aspnet.exe worker process to
> run as local system (admin privilege) account. You need to restart IIS to
> let this take effect.
> NOTE: This workaround, however, is not recommended.
I did this. (Recommended or not, large swaths of dot net classes don't work
under asp.net if you don't.)
Didn't do a thing for me. I continue to get the "Access Denied" even though
the user is a domain administrator, the ASP app is NT authenticated, and the
web.config file is set to impersonate. Administrators have WMI access, and
the asp.net application does work to the localhost.
Just not to remote machines.
Richard
Jean-Francois Hamelin
JF
"Andy Cheung [MS]" <ha...@online.microsoft.com> wrote in message
news:uEPXyfU$BHA.2296@tkmsftngp05...
Andy Cheung [MS]
authentication method of your web application is turned on in IIS. If you
want to use impersonation to connect to WMI through ASP.NET, you will need
to set impersonate to true in machine.config file and turn "Annonymous
access" off for your web application through inetmgr.exe. Then restart IIS.
Note that in this impersonation scenario, you are not required to change the
username in <processModel> tag to "System" provided that the user you're
impersonating has access to WMI.
--
Andy Cheung
Microsoft WMI Test Engineer
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Richard K Bethell" <cj...@freenet.carleton.ca> wrote in message
news:e7M$DVa$BHA.2336@tkmsftngp05...