1

I have a password reset website for my 0ffice 365 users. It runs powershell commands in the background to reset user passwords. For some reason when I am using VS and I run the browser with the page it works fine. However when I run it from the live site I get this error

Processing data from remote server failed with the following error message: Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

The page is aspx.net with C# code behind.

I have tried using the impersonator class but that does not work either.

Here is some of my code.

 using (new Impersonator("user", "domain", "pass"))
    {

        PSCredential creds = new PSCredential("office365email", "password");

        WSManConnectionInfo connectionInfo = new WSManConnectionInfo(
            new Uri("https://server.outlook.com/PowerShell-LiveID?PSVersion=2.0"),
            "http://schemas.microsoft.com/powershell/Microsoft.Exchange", creds);
        connectionInfo.AuthenticationMechanism = AuthenticationMechanism.Basic;



        Runspace runspace = RunspaceFactory.CreateRunspace(connectionInfo);

        runspace.ApartmentState = System.Threading.ApartmentState.STA;
        runspace.ThreadOptions = PSThreadOptions.UseCurrentThread;

        try
        {


            runspace.Open();


            pipeline = runspace.CreatePipeline();

            Command forwardcommand = new Command("Set-Mailbox");
            forwardcommand.Parameters.Add("Identity", user);
            forwardcommand.Parameters.Add("Password", pass);




            pipeline.Commands.Add(forwardcommand);

            try
            {
                pipeline.Invoke();



                runspace.Close();
                pipeline.Stop();
                return "Password Successfully Changed";



            }
            catch (Exception er)
            {
                runspace.Close();
                pipeline.Stop();

                return er.Message;


            }
        }
        catch (PSRemotingTransportException eer)
        {

            runspace.Close();


            return eer.Message;// "Server busy please try again later";
        }
    }

Any ideas why I can't do it from the actual website but I can on my local host?

<authentication mode="Windows"/>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
        <providers>
            <clear/>
            <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"/>
            <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
        </providers>
    </roleManager>
    <identity impersonate="true"/>
Improve this question

2 Answers 2

Reset to default
2

In IIS I changed the ApplicationPoolIdentity to LocalService. This resolved the Access Denied error when running a published Visual Studio web site when it worked fine before publishing.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This could be a "double-hop" identity / security problem.

When running on localhost, the Windows identity is known on the same machine.
When running on the web server, there is at least one more machine involved.

Relevant questions include: What identity is IIS using to run the web page? Does that ID have permissions to use networking? Does that ID have permissions to execute password-reset on the remote server?

Improve this answer

1 Comment

in my web config I have identity impersonate = true, I am not sure what identity it uses though, there is none set. Where can I check?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.