[thelist] ASP FSO problem.

Ken Schaefer Ken at adOpenStatic.com
Mon Dec 20 00:05:04 CST 2004


Whether or not ASP runs inside dllhost.exe depends on the IIS application
setting.

Low Isolation -> ASP pages in that app run inside inetinfo.exe (runs as
LocalSystem)

Medium Isolation -> ASP pages in that app run inside a shared dllhost.exe
that all other medium isolation apps share

High Isolation -> ASP pages in that app run inside a dllhost.exe that's not
shared with any other apps

By default IWAM_machinename is the process identity for out-of-process web
applications (out-of-process means any app running in medium or high
isolation, ie outside inetinfo.exe)

However, in order to access a resource (eg run a webpage), the thread
servicing the request "impersonates" a user account - IIS logs on that
account and processes the page under that user context. If the app requires
authentication, then the page will be run under the context of the
credentials supplied by the user. If the app allows "anonymous" access, then
IIS will impersonate the configured anonymous user account (by default
IUSR_<machinename>)

HTH

Note: this applies to IIS up to IIS5.1, and IIS6 running in IIS5 Isolation
Mode. IIS6 running in its native Worker Process Isolation mode is a different
kettle of fish.

Cheers
Ken

: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Rosalie Sennett
: Sent: Monday, 20 December 2004 3:49 PM
: To: thelist at lists.evolt.org
: Subject: RE: [thelist] ASP FSO problem.
: 
: Correct me if I'm wrong... but IWAM_machine name starts up dllhost.exe
: 
: And all .asp, com and other ISAPI extensions are run under dllhost
: 
: (ASP is considered an ISAPI extension)
: 
: So, perhaps it is the IWAM_machine user that is being locked out?
: 
: 
: Keep that in mind when you're poking around with effective permissions
: 
: 
: You also may want to simplify your code just to be sure it isn't some typo
: that none of us is noticing...
: 
: I had something the other day that was driving me nuts... and just when I
: was sure my machine was haunted... I went back to a kind of "hello world"
: script and found that I'd done something stupid...
: 
: So run this with and without a folder specified in the drive, 'cause I
: know
: it works fine.
: 
: <table border="1">
: <tr>
:   <td>Path</td>
:   <td>Name</td>
:   <td>Size</td>
:   <td>DateCreated</td>
:   <td>DateLastAccessed</td>
:   <td>DateLastModified</td>
: </tr>
: 
: <%
: Set FSObj=Server.CreateObject("Scripting.FileSystemObject")
: Set FolderObj = FSObj.GetFolder ("M:\")
: 
: For Each Item in FolderObj.Files %>
:   <tr>
:     <td><%= Item.Path %></td>
:     <td><%= Item.Name %></td>
:     <td><%= Item.Size %></td>
:     <td><%= Item.DateCreated %></td>
:     <td><%= Item.DateLastAccessed %></td>
:     <td><%= Item.DateLastModified %></td>
:   </tr>
: <% Next %>
: 
: </table>
: 
: <% Response.Write("Total = " & FolderObj.Files.Count)%>
: 
: rose
: 
: -----------------
: c:/dos
: c:/dos/run
: run/dos/run
: >>
: -----------------
: 
: > -----Original Message-----
: > From: thelist-bounces at lists.evolt.org [mailto:thelist-
: > bounces at lists.evolt.org] On Behalf Of Ken Schaefer
: > Sent: Sunday, December 19, 2004 9:18 PM
: > To: thelist at lists.evolt.org
: > Subject: RE: [thelist] ASP FSO problem.
: >
: >
: > : -----Original Message-----
: > : From: thelist-bounces at lists.evolt.org
: > [mailto:thelist-bounces at lists.evolt.org] On
: > : Behalf Of cd-ml at aardvark.net.au
: > : Subject: RE: [thelist] ASP FSO problem.
: > :
: > : > What are the permissions on the share that 'M' is mapped to? IUSR
: > isn't
: > : > part of the everyone group, which can be confusing.
: > :
: > : Drive M: is a local drive, not a networked share or anything.
: > :
: > : > Does this behave as expected on local drives? How 'bout if you get
: the
: > : > item's name rather than size?
: > :
: > : Yes, the item.name works but item.size get's permission denied. I
: don't
: > : know why ?:)
: > :
: > : Drive M: (which is a local HD) will give me a permission denied,
: however
: > : if I set it to the CD-ROM drive or my USB Key it works. It must be a
: > : permission issue somewhere.
: >
: > I suppose you next need to check the effective permissions on those
: files.
: >
: > Right-click on a file -> properties -> security -> advanced -> effective
: > permissions -> add IUSR_Machinename
: >
: > Cheers
: > Ken
: > --
: >
: > * * Please support the community that supports you.  * *
: > http://evolt.org/help_support_evolt/
: >
: > For unsubscribe and other options, including the Tip Harvester
: > and archives of thelist go to: http://lists.evolt.org
: > Workers of the Web, evolt !
: 
: 
: --
: 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
: 
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !


More information about the thelist mailing list