|
|
This chapter presents a process for troubleshooting and provides a range of techniques and tools that can be used to help diagnose security related problems.
The following approach has proven to be helpful for resolving security and security context related issues.
Start by describing the problem very clearly. Make sure you know precisely what is supposed to happen, what is actually happening, and most importantly, the detailed steps required to reproduce the problem.
Isolate the problem as accurately as you can. Try to determine at which stage during the processing of a request the problem occurs. Is it a client or server related issue? Does it appear to be a configuration or code related error? Try to isolate the problem by stripping away application layers. For example, consider building a simple console-based test client application to take the place of more complex client applications.
Analyze error messages and stack traces (if they are available). Start by consulting the Windows event and security logs.
Check the Microsoft Knowledge Base to see if the problem has been documented as a Knowledge Base article.
Many security related problems relate to the identity used to run code; these are not always the identities you imagine are running the code. Use the code samples presented in the “Determining Identity” subsection of the “ASP.NET” section in this chapter to retrieve and diagnose identity information. If the identities appear incorrect, check the configuration settings in web.config and machine.config and also check the IIS authentication settings for your application’s virtual directory. Factors that can affect identity within an ASP.NET Web application include:
The <processModel> element in machine.config used to determine the process identity of the ASP.NET worker process (aspnet_wp.exe).
Authentication settings in IIS.
Authentication settings in web.config.
Impersonation settings in web.config.
Even if it appears that the correct settings are being used and displayed, you may want to explicitly configure a web.config file for your application (in the application’s virtual directory) to make sure it is not inheriting settings from a higher level application (perhaps from a web.config in a higher-level virtual directory) or from machine.config.
Use some of the troubleshooting tools listed in the “Troubleshooting Tools” section later in this chapter to capture additional diagnostics.
Attempt to reproduce the problem on another computer. This can help isolate environmental related problems and can indicate whether or not the problem is in your application’s code or configuration.
If your application is having problems accessing a remote resource, you may be running into impersonation/delegation related problems. Identify the security context being used for the remote resource access, and if you are using Windows authentication, verify that the account providing the context (for example, a process account), should be able to be authenticated by the remote computer.
Search newsgroups to see if the problem has already been reported. If not, post the problem to the newsgroup to see if anyone within the development community can provide assistance.
The online newsgroup for ASP.NET is located at: http://communities.microsoft.com/newsgroups/default.asp?icp=mscom&slcid=US&newsgroup=microsoft.public.dotnet .framework.aspnet
Call the Microsoft Support Center. For details, see the Microsoft Knowledge Base.
If you have a specific issue and need to understand the best way to tackle the problem, use the following approach.
Search in Chapters 5, 6, and 7of this book for your scenario or a similar scenarios.
Consult the MSDN library documentation and samples.
Refer to one of the many ASP.NET information Web sites, such as:
Search the Microsoft Knowledge Base for an appropriate How To article.
Post questions to newsgroups.
Call the Microsoft Support Center.
|
|