WMI local connect thru Web Service (DNS)

  • Thread starter Thread starter Christopher Aitchison
  • Start date Start date
C

Christopher Aitchison

Hello,

I am attempting to write a web service that manages a DNS server using the
DNS WMI provider.

I have all the code I want working fine when it is called through a windows
application or console application, however as soon as I paste this code
into a webservice and try and execute it there I start getting a "generic
error". This is only happening when the webservice tries to manage a dns
service that is installed on the same machine, because you can not connect
to the local machine with the username and password options.

I believe I know why this is happening - but I am at a loss to finding a
work around.

The WMI objects use DCOM to connect to the remote/local computer, and even
though my webservice is impersonating a Domain Admin user because it is
using a MTA thread (like all web services do) it is reverting to the NT
AUTHORITY\NETWORK SERVICE account somewhere inside the System.Management
classes, which has no permissions. I don't want to give this account any
permissions either. I have tried to start a STA thread and have the work
done inside that thread but when I look at logs for the WMI it still says my
application is trying to connect using the network service account.

Does anyone know how I can force the WMI to use the currently impersonated
account?

Many thanks,
Chris Aitchison
 
Use the ConnectionOptions class - it let's you specify which account to use
when performing the WMI operations.

The reason for the reverting identify is because the process is running
under that identity. Beacuse of security, the impersonated identity is not
allowed to be delegated to the DCOM call, and the system reverts back to the
process identity. This is not a special case for System.Management, the same
happens when accessing files on remote computers, or a SQL server etc. There
is an article in MSDN describing this scenario, and possible solutions -
don't have the link at hand but do a search with the words ASP.NET
delegation and security and you should find it.


Arild
 
Hi Arild,

I have tried using the ConnectionOptions class, but it won't work if you are
trying to connect to the local machine. It states something along the lines
of user credentials not allowed for local connection.

It is looking like this simply can't be run from within a webservice.

Thank you for your help,
Chris
 
You have to adapt the security permissions to allow NETWORK SERVICE to
access the DNS provider WMI local service (see Computer Management/WMI
Control).

Willy.
 
Back
Top