I'm trying to simply start/stop the application pool in IIS programmatically in C# in the following code:
ServerManager serverManager = new ServerManager();
ApplicationPoolCollection appPools = serverManager.ApplicationPools;
foreach (ApplicationPool ap in appPools)
{
if (ap.Name == "Test App")
ap.Start();
}
I already added the assembly Microsoft.Web.Administration in the project.
And I also gave the full permission for user "IIS AppPool\DefaultAppPool" in the folder C:\Windows\System32\inetsrv\config. (Before giving this permission, it's not even able read the application pool name.)
However, it's still throw an exception when it's trying to start the application pool.
An unhandled exception of type 'System.UnauthorizedAccessException' occurred in Microsoft.Web.Administration.dll
Additional information: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
What else permission should I need to add for fixing it? Thanks.
Related
I have a c# program that uses MBNApi for managing a Mobile Broadband 4G modem.
When I run the program interactively with an unprivileged local user, everything goes fine.
But, When i run that code from a Scheduled Task (task Scheduler runs under
the SYSTEM/S-1-5-18 security context) that is configured to run with the same unprivileged user and with "Run with highest privileges", as soon as I call a method of the classes exposed by this API, for example "GetInterfaces":
MbnInterfaceManager mbnInfMgr = new MbnInterfaceManager();
IMbnInterfaceManager infMgr =(IMbnInterfaceManager)mbnInfMgr;
IMbnInterface[] interfaces =(IMbnInterface[])infMgr.GetInterfaces();
I get the folowing exception:
Application: xxxx.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception info: System.UnauthorizedAccessException
in MbnApi.IMbnInterfaceManager.GetInterfaces()
Unprivileged account I use for running the scheduled task is a member of BUILT-IN group "Distributed COM Users"/S-1-5-32-562
That group has full permissions over all DCOM objects on the system
As I told previously, the code ran out of the context of a Scheduled task with the same unprivileged account does note generate this error. I tried to add BUILTIN SYSTEM (S-1-5-18) and "NETWORK SERVICE" (S-1-5-20) accounts to the "Distributed COM Users" group but the exception fires anyway:
System.UnauthorizedAccessException was unhandled
HResult=-2147024891
Message=Acceso denegado. (Excepción de HRESULT: 0x80070005 (E_ACCESSDENIED))
Source=xxxx
StackTrace:
en MbnApi.IMbnInterfaceManager.GetInterfaces()
en xxxx.mbn.use_MBNApi() en C:\Users\zzzzz\Documents\Visual Studio 2015\Projects\xxxx\xxxx\Program.cs:línea 2270
en xxxx.Program.Main(String[] args) en C:\Users\zzzzzz\Documents\Visual Studio 2015\Projects\xxxx\xxxx\Program.cs:línea 3114
Any ideas of the rights I have to set for SYSTEM or the unprivileged account in order to solve the problem?
I'm working on a tool to get running power point program and control it so
i used this code to get reference of running program.
var pptApplication = Marshal.GetActiveObject("PowerPoint.Application")
But it throws this erorr
Operation unavailable (Exception from HRESULT: 0x800401E3 (MK_E_UNAVAILABLE))
I noticed that was happening because my app was running as administrator but power point wasn't and when i run my app as normal it works, but i need it as administrator
Excuse me for my bad English.
Running on Windows Server 2012 R2 Standard, with IIS 8.5.9600
In C#, after setting up a site, I'm retrieving the DefaultAppPool from the site.
Upon retrieval of the pool, the following properties have exceptions on them:
appPool.State:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
appPool.WorkerProcesses
at Microsoft.Web.Administration.Interop.IAppHostElement.get_Collection()
at Microsoft.Web.Administration.ConfigurationElement.GetCollection(String collectionName, Type collectionType)
at Microsoft.Web.Administration.ApplicationPool.get_WorkerProcesses()
So I cannot call
AppPool.Recycle()
It throws this exception:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at Microsoft.Web.Administration.Interop.IAppHostMethodInstance.Execute()
at Microsoft.Web.Administration.ConfigurationMethodInstance.Execute()
at Microsoft.Web.Administration.ConfigurationElement.ExecuteMethod(String methodName)
at Microsoft.Web.Administration.ApplicationPool.Stop()
at EBI.Core.Common.WebHelper.IISHelper.AddApplicationIis7(String serverName, String applicationPool, String siteName, String applicationPath, String virtualDirectoryPath, String physicalPath, String defaultPage, Int32 deploymentType, String siteUrl)
Online research says to add high privileges to this folder:
C:\Windows\System32\inetsrv\config
So I have increasingly added the following:
SYSTEM
Administrators
IIS_IUSRS
INTERACTIVE
NETWORK
SERVICE
DefaultAppPool
NETWORK SERVICE
CREATOR OWNER
IUSR
BUT STILL SAME ERRORS.
It's probably a bad idea to add all those rights to that folder, so perhaps there is something else I might be missing, but I cannot find what it is. Any ideas?
Thanks for any help!
Whether you are trying to access the app-pool from any console application or windows service? If so then the console application or windows service should be executed with a username which has admin rights on the server. The username should also be part of IIS_WPG group. May be I have got your question totally wrong.
If using c# code and deploying to IIS Server then running AppPool.Recycle() can generate 'Access is denied' error.
Visit the application pool you are running the c# code under, and go to advanced Settings -> Identity and change the Identity to 'Administrator' or some user with Admin rights.
I am using Microsoft.Office.Interop.Word to read text from MS-word (doc/docx) file using c#. When I am running my apps under admin account then no problem is occurring but when I am running under a user which has not admin privilege then this below error occur. I am running my apps on windows 2008 64 bit.
System.UnauthorizedAccessException: Retrieving the COM class factory
for component with CLSID {000209FF-0000-0000-C000-000000000046} failed
due to the following error: 80070005 Access is denied. (Exception from
HRESULT: 0x80070005 (E_ACCESSDENIED)).
So please guide me what kind of permission I need to give to the user as a result com exception should not occur when I will read a doc/docx file programmatically by c#. Please discuss in details what are the steps I need to follow. Thanks.
I am having a problem with IIS permissions and Microsoft's Outlook 2010 interop assembly using a web forms project.
I created a proof of concept project to make sure I could use Microsoft's Outlook interop assembly in a particular the situation I am tasked with. The demo project worked great and I had no problems. Now I am trying to integrate it into our main project and I am running into an IIS permission issue. I have my web site running in IIS 7 locally. In IIS Manager, I click on Application Pools -> My Web Site -> Advanced Settings. In this window, I have a custom Identity called "fileshare" with a password ("fileshare" was create to secure access to the web site's images, pdf files, etc. on a development network server). I copied the outlook interop assembly into our common shared assemblies folder instead of referencing it from the GAC. I gave the assembly all permissions for IUSER, NETWORK SERVICE, IIS_WPG, ASP.NET and fileshare. I get the following run- time error:
Retrieving the COM class factory for component with CLSID {0006F03A-0000-0000-
C000-000000000046} failed due to the following error: 80070005 Access is denied.
(Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)). Description: An unhandled
exception occurred during the execution of the current web request. Please
review the stack trace for more information about the error and where it
originated in the code.
Exception Details: System.UnauthorizedAccessException: Retrieving the COM class
factory for component with CLSID {0006F03A-0000-0000- C000-000000000046} failed
due to the following error: 80070005 Access is denied. (Exception from HRESULT:
0x80070005 (E_ACCESSDENIED)).
ASP.NET is not authorized to access the requested resource. Consider granting
access rights to the resource to the ASP.NET request identity. ASP.NET has a
base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on
IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that
is used if the application is not impersonating. If the application is
impersonating via <identity impersonate="true"/>, the identity will be the
anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose
"Properties" and select the Security tab. Click "Add" to add the appropriate
user or group. Highlight the ASP.NET account, and check the boxes for the
desired access.
I checked the windows event logs and under Windows Logs -> System and I have this error:
The machine-default permission settings do not grant Local Activation permission
for the COM Server application with CLSID {0006F03A-0000-0000-
C000-000000000046} and APPID Unavailable to the user BSoup\fileshare SID
(S-1-5-21-2999627215-1482540357-33300828-1019) from address LocalHost (Using
LRPC). This security permission can be modified using the Component Services
administrative tool.
After doing a bit more research, I've decided that using the interop assembly is a bad choice. As Alexi stated, it's not for use over the network.
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab. Under Anonymous access and authentication control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.
Configure ASP.NET to use Windows authentication with impersonation, use the following configuration in WebConfig.
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
</system.web>