Space shuttles aren't built for rocket scientists, they're built for astronauts. The goal isn't the ship, its the moon.
posts - 303, comments - 180, trackbacks - 35

My Links


Where's Rick?

AgileAlliance deliver:Agile 2019- 4/29
Desert Code Camp, PHX - 10/11
VS Live Austin, TX - 6/3
VS Live SF - 6/17

About Me
Hands on leader, developer, architect specializing in the design and delivery of distributed systems in lean, agile environments with an emphasis in continuous improvement across people, process and technology. Speaker and published author with 18 years' experience leading the delivery of large and/or complex, high-impact distributed solutions in Retail, Intelligent Transportation, and Gaming & Hospitality.

I'm currently a Principal Engineer at Amazon, within the North America Consumer organization leading our global listings strategy that enable bulk and non-bulk listing experiences for our WW Selling Partners via apps, devices and APIs.

Full bio

Note: All postings on this site are my own and don’t necessarily represent the views of my employer.

Check out my publications on Amazon Kindle!


Post Categories

Published Works

Executing an SSIS Package Programatically from WCF or ASP.NET

When a thread is impersonated, it is commonly used to flow identity to all resources on the same machine. This is true for SQL Server authentication, and NTFS authentication/authorization. While not ideal, impersonation is a common technique in IIS for overriding the default process identity with the identity of the interactive user, or a fixed identity.
When System.Diagnostics.Process.Start() executes Dtexec.exe, it does not flow the impersonated identity. Instead, the impersonated identity is ignored, and the identity running the process (the Win32 thread) is used instead.
In the case of IIS, the process runs under ASPNET account for Windows 2000 and XP, and NETWORK SERVICE in Windows 2003 Server. These accounts are least privileged and thus, cannot start Dtexec.exe.
There are at least two solutions to this problem:
1. Configure IIS to run as a fixed identity that is able to start dtexec.exe. When running IIS 5, there is no other option than to change the processModel key in machine.config to use a fixed identity. In IIS 6, configuring an application pool with a fixed identity will accomplish the same result.This identity will then flow to dtexec.exe.
2. The following article describes how to use Win32 calls to propagate the impersonation context. This is undesirable in my opinion, as making unmanaged calls should be avoided unless absolutely necessary: http://msdn2.microsoft.com/en-us/library/ms682425.aspx
I believe that not flowing the impersonated security context is inconsistent with the .NET security model and should be reconsidered or at least published as an issue in a KB.

Print | posted on Thursday, February 15, 2007 12:34 PM | Filed Under [ Misc. ]

Comments have been closed on this topic.

Powered by: