"select Name,Path from Win32_Share" permissions required by ASP.NET to return paths,

[Guest developers2008]

I'm tripping over ASP.NET local machine permissions with the following

on an inside the firewall app:

List<SharePathEntry> allLocalShares = new List<SharePathEntry>(); // a

container for share=local path string pairs

WqlObjectQuery objectQuery = new WqlObjectQuery ("select Name,Path from

Win32_Share��) ;

ManagementScope scope = new ManagementScope(@\\.\root\cimv2); //[1]

scope.Options.Impersonation = ImpersonationLevel.Impersonate; //[1]

scope.Options.EnablePriveleges = true; //[1]

ManagementObjectServer searcher = new

ManagementObjectSearcher(scope,objectQuery);

foreach(ManagementObject share in searcher.Get())

{

object objName = share["Name"];

object objPath = share["Path"];

if(null!=objName)

{

if(null!=objPath)

{

AllLocalShares.Add(new SharePathEntry(objName.ToString(),

objPath.ToString());

}

else

{

// non-null Name returned, null Path retruned only when running totally

[ 3 ] under ASP.NET...[ 4 ]

}

}

}

[ 1 ] I've tried with and without these

[ 2 ] I'm running as admin when I hit webservice that uses this object

[ 3 ] If I run webservice in F5 debug mode, works normally and can

trace above.

[ 4 ] If I run as webservice, condition [4] occurs.

[ 5 ] If I run as webservice, then attach debug to asp.net process, I

can trace above and see [4] occur.

[ 6 ] Same code behind object running under NETWORK_SERVICE credentials

on same local machine works normally.

[ 7 ] I've randomly tried permissions as follows:

Local Security Policy

LocalPolicies:User Rights Assignment : Profile system performance

(Added ASP.NET) : does not fix the problem.

LocalPolicies:User Rights Assignment : Perform volume maintenance tasks

(Added ASP.NET) : does not fix the problem.

Full permissions granted to ASP.NET in security tab for:

Computer Management: Services and Applications: WMI Control :

Properties : Security : Root : CIMV2 and WMI : does not fix the problem

 

The only thing that has worked so far is to add asp.net account to

local administrators, run as admin. This is a dedicated/private inside

the firewall application, so OK-ish, but I'm hoping to just add the

required permission to asp.net account as is.

 

 

--

developers2008