Geek Answers Handbook

"Access Denied" when trying to connect to a remote IIS server - C #

I get a COMException "Access Deined" when I try to connect to a remote IIS 6 server from my C # application that runs on IIS 5.1.

Any ideas? I am experiencing the same problems with the original questions.

Update - 4/1/09

I found this solution ( http://www.codeproject.com/KB/cs/Start_Stop_IIS_Website.aspx ), which consists of a windowed application connecting to the IIS server to start and stop websites. I can run it on my workstation and connect to the IIS server.

Ugh .... why can I run this standalone application, but not my ASP.NET application?

Original

I get a “Access Denied” COMException when I try to connect to IIS from a remote machine using the DirectoryEntry.Exist method to check if the IIS server is valid.

string path = string.Format("IIS://{0}/W3SVC", server);

if(DirectoryEntry.Exist(path))
{
    //do something is valid....
}

I am a member of the Active Directory group that has been added to the Administrators group on the IIS server I'm trying to connect to.

Does anyone experience this problem and know how to solve it?

UPDATE:

@Kev is an ASP.NET application. In addition, I can connect without a username and password to the remote server through IIS6 Manager.

@Chris. I am trying to connect to a remote server to display the number of virtual directories and determine the version of the .NET platform for each directory. See this question .

@dautzenb - ASP.NET IIS 5.1, IIS 6. ASPNET . , .

2:

@Kev - DirectoryEntry, :

public DirectoryEntry
(    
    string path,    
    string username,    
    string password
)

" " System.Runtime.InteropServices.COMException ", .

, AuthenticationType Secure.

3:

IIS , :

:

:
: 680
: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
: ASPNET
:
: 0xC0000234

:

: /
: 529
:
:
: ASPNET
: (MyDomain)
: 3
: NtLmSsp
: NTLM
: (MyWorkstationId)
Caller : -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
: -
: 10.12.13.35
: 1708

true, . ASPNET IIS.

+2
8

, IIS 5.1 Windows, web.config - IIS5.1 system.web, .

<identity impersonate="true"/>
<authentication mode="Windows" />
+2

ASP.NET, IIS. ( " ", " " ).

?

. MSDN.

+1

, . - NTLM, ( IIS 5.1). -, , , . , , . , .

, , , . Windows, IIS 5.1 , .

Kerberos, , AD NTLM.

+1

? , ?

0

- , . , . DirectoryEntry :

public DirectoryEntry(
    string path,
    string username,
    string password
)

: MSDN: DirectoryEntry (, , )

... ...

public DirectoryEntry(
    string path,
    string username,
    string password,
    AuthenticationTypes authenticationType
)

: MSDN: DirectoryEntry (String, String, String, AuthenticationTypes)

, AD , . , , , , . , , , .

( ):

, , DirectoryEntry.Exists() , , :

public static bool MetabasePathExists(string metabasePath)
{
  try
  {
    using(DirectoryEntry site = new DirectoryEntry(metabasePath))
    {
      if(site.Name != String.Empty)
      {
        return true;
      }
      return false;
    }
  }
  catch(COMException ex)
  {
    if(ex.Message.StartsWith("The system cannot find the path specified"))
    {
      return false;
    }
    LogError(ex, String.Format("metabasePath={0}", metabasePath));
    throw;
  }
  catch(Exception ex)
  {
    LogError(ex, String.Format("metabasePath={0}", metabasePath));
    throw;
  }
}

. , :).

0

, , Windows . , , WMI/ADSI/COM , . , , Windows.

0

NTLM, SETSPN IIS.

Active Directory, ( , NETWORK SERVICE LOCAL SERVICE) SPN.

-- ! , ! , !

:

http://support.microsoft.com/kb/929650

0

I believe that DirectoryEntry.Exists silently ignores all provided credentials and uses the authents user creds. This is similar to the behavior you described. For work with AD we never use it for this reason.

0
source

More articles:


All Articles