Active Directory, Windows 8
If I logged on with user "xxx" and runs application with such code:
//WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
it works well.
However when runs this code in IIS on the same mashine I'v got exception:
// WindowsIdentity.GetCurrent().Name - is "NT AUTHORITY\SYSTEM" or "IIS APPPOOL\DefaultAppPool", tryed both
var windowsIdentity = User.Identity as WindowsIdentity;
if (windowsIdentity != null)
{
using (windowsIdentity.Impersonate())
{
// WindowsIdentity.GetCurrent().Name - is "MyDomain\xxx";
var connectionOptions = new ConnectionOptions
{
EnablePrivileges = true,
Impersonation = ImpersonationLevel.Impersonate
};
var scope = new ManagementScope(
string.Format("\\\\{0}\\root\\CIMV2", computerName),
connectionOptions);
scope.Connect();
// throws exception "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
// my other code here
}
}
Used Windows Authentication:
<authentication mode="Windows" />
<identity impersonate="false" />
Tried run AppPool as ApplicationPoolIdentity and as System. Tried grant "Act as part of the operating system" for AppPool. The result is same, I always got "Access is denied".
Why I've got this exception? Should I do something else than just Impersonate or maybe grant some privileges for AppPool?
User contributions licensed under CC BY-SA 3.0