ASPNET Security & Impersonation

I have been developing a web-based application that will manage our FTP servers by creating users, folders, setting NTFS security and creating virtual directories. I have been devloping these pages in VB.NET using DirectoryServices, and up until this point, I have had no problems. I have been abled to create local user accounts, folders and set their security on the remote servers but I have not been able to create virtual directories.

Here is my code...

Dim FTPService As DirectoryEntry
Dim FTPSites As DirectoryEntries
Dim FTPSite As DirectoryEntry

FTPServices = DirectoryEntry("IIS://SERVER/MSFTPSVC")
'FTPServices.UserName = "DomainUserName"
'FTPServices.Password = "Password"
FTPSites = FTPServices.Children
For Each FTPSite in FTPSites

Every time I execute this code against any IIS server other than what is running on my own machine, I get an Access Denied error for any property I attempt to access or change/add.

I have researched this for days, and every answer I find is security related. I have tried all of the following:
1. Configure IIS to run the website under admin credentials
2. Configure the machine.config to impersonate with admin credentials
3. Configure the web.config to impersonate with admin credentials
4. Use code level impersonation with admin credentials

All fail with Access Denied against both W2K/IIS5 and W2K3/IIS6 servers.
The security logs on all of these services shows failures by the ASPNET account on my machine attempting to access the box.

My questions are these...

1. Why can I use DirectoryServices to create and manage local user accounts on a remote server, as well as NTFS folders and their security, but NOT manage IIS on the remote server?
2. Why is my code NOT impersonating as shown by the security logs on the remote servers?

ANY help would be appreciated?

Before you respond, know that I have used accounts that DO have admin rights not only on those servers, but also elsewhere in the domain. I have no intent on using these extremely powerful accounts for the production version of my code, but just for determining the cause of this problem. Also, if there is another way besides DirectoryServices, I would be willing to entertain approaching this from another angle.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!