C# .NET - Accessing WMI with ASP.NET without impersonation

Asked By Brandon Schave on 30-Apr-13 06:22 PM
I have an SSRS server that I am trying to connect to which is on server A. I have a asp.net web application (which has anonymous access because we use forms authentication) that is trying to connect to it on server B. The web application is using WMI to access the server, but is returning a "access is denied  (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" error.

I read online that all I needed to do was go on to:
server a -> go into the component services -> computer -> DCOM Config -> WMI -> right click -> go to properties -> click on security tab and add network service with remote access. Then I restarted the server.

I did all of that, but I still keep getting the same error. I was then thinking, well don't I need to add the machine name before the account? Well, I can't do that because the domain doesn't recognize that machine.

This doesn't seem that complicated. Is there something I am missing?
Robbe Morris replied to Brandon Schave on 30-Apr-13 10:14 PM
You are going to run into all sorts of permission issues attempting to use WMI with an anonymous account.  Why do you need to access WMI in this way?  Granting access to the anonymous user account is pretty dangerous from a security perspective.
Brandon Schave replied to Robbe Morris on 01-May-13 10:41 AM
WMI is what the custom security extension uses to communicate with the report server. My requirements are to create an accessible external ssrs server that is forms authenticated. I thought that the app ran under the the network service account?

The issue is that I have to pass in parameters to the reports that the user cannot see. I therefore am logging in to the report server from code behind to get the report list, which will then push to a reportviewer page. The page with the reportviewer control will pass in the parameters to the report behind the scenes. Is there another way to do it that doesn't involve windows authentication? 
Robbe Morris replied to Brandon Schave on 01-May-13 10:52 AM
Then just use impersonation in your code behind using a designated windows account with the proper permissions.  This way, you can still use forms authentication for your users.
Brandon Schave replied to Robbe Morris on 01-May-13 11:56 AM
That's what I did and it works. Thanks.