%appdata% from web services

General discussions related to APLNext's Application and Commerce WebServices and WebTransfer product.

Moderators: Tech Support, phpbb_admin

%appdata% from web services

Postby Chizever » January 5th, 2015, 10:38 am

The attached workspace is very simple. When hooked up to web services, it will display the time, value of the %appdata% directory, what ID is used to log in to APL Web Services, and the value of %USERNAME%.
Just set up a virtual directory that calls the function Show with no left or right arg. The result is of type document.

If APL Web services uses LocalSystem to logon, then %appdata% correctly becomes C:\windows\system32\config\systemprofile\AppData\Roaming

But, if I specify a user to login as, then %appdata% is still C:\windows\system32\config\systemprofile\AppData\Roaming (but it should be C:\Users\brian.chizever\AppData\Roaming).


Why doesn't changing the "Logon As" for APL Web Services change these environment variables.

Thanks,
Brian
Attachments
APPDATA.w3
(11.15 KiB) Downloaded 527 times
Chizever
 
Posts: 85
Joined: March 1st, 2007, 12:12 pm

Re: %appdata% from web services

Postby Tech Support » January 6th, 2015, 4:02 pm

To help determine if the problem is with the Windows function used in retrieving the %appdata% variable in your EnvString function, could you
try the following approach instead:
Code: Select all
​      ⎕cself←'C'⎕cse 'Init'   'System'
      sink←⎕cse 'ExecStmt'   'using System;'
      ⎕cse 'GetValue'   'Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)'

Thanks,
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Chizever » January 6th, 2015, 4:41 pm

My APL Web Services is currently set up with APL+Win 11 which doesn't have []cse.
Chizever
 
Posts: 85
Joined: March 1st, 2007, 12:12 pm

Re: %appdata% from web services

Postby Tech Support » January 7th, 2015, 9:38 am

Are you able to temporarily install v14 on the machine to perform this test? This would be preferable. But if not, then we can do it here but that will require you providing the information below:

  • the web services configuration file
  • the workspace (if different from the one you posted earlier)
  • the web URL
You can post the information here or send them to support@apl2000.com.
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Chizever » January 7th, 2015, 10:13 am

The attached zip file includes AplWebServices.Config and appdata.w3.

You'll need to update the wslocation to ensure the path to appdata.w3 is correct.

Once setup, start APLWebServices and go to the URL
http://localhost:9998/show

Then change the Logon As for the service, restart it, and refresh that URL.
The time will change, the logon name will change, but the APPDATA won't.

Thanks,
Brian
Attachments
APPDATA.zip
(5.46 KiB) Downloaded 484 times
Chizever
 
Posts: 85
Joined: March 1st, 2007, 12:12 pm

Re: %appdata% from web services

Postby Tech Support » January 7th, 2015, 11:18 am

We need the version of your APL webservices. Please post a screen grab for the About box for it here.

The reason for this is that your APL webservices configuration file didn't import in the current release, which
may mean you're still using an earlier version of APL webservices.

Thanks,
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Chizever » January 7th, 2015, 1:00 pm

Yes, I'm on an old version. I will be updating to the latest webservices and APL+Win within a few months.

The version is 1.1.1993.17266 with a date of June 16, 2005

If you want to hook up the APPDATA workspace to your APLWebServices there is a single Web Server named appdata. (I have it on localhost:9998)
It has a single virtual path "/show".
wsid=appdata
function=Show
rarg/larg are both empty
result: Name=r ; Type=document

There's a single workspace called "appdata" pointing to the appdata.w3 workspace.

Thanks
Chizever
 
Posts: 85
Joined: March 1st, 2007, 12:12 pm

Re: %appdata% from web services

Postby Tech Support » January 7th, 2015, 1:25 pm

Please post your definition for the Windows function OpenSCManager. It's needed for the Show function.
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Tech Support » January 7th, 2015, 2:56 pm

Tech Support wrote:Please post your definition for the Windows function OpenSCManager. It's needed for the Show function.

You can disregard my earlier request. It isn't important to this problem.

I can now report that we are indeed getting the same behavior with the CSE. We'll explore this more internally then get back with any
news shortly.
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Tech Support » January 27th, 2015, 1:32 pm

The developers investigated this matter and provided the explanation for it below. We hope that you find this information useful and would welcome any comments you have on it.

When the APL+Win ActiveX Server component is instantiated behind a Windows service, it is important to understand the user profile which is loaded by that Windows service. A Windows service runs in the security context of a specified user account. The user name and password are used by the CreateService function at the time the service is installed on the server hardware. The user name and password associated with a Windows service can be modified using the ChangeServiceConfig function. The QueryServiceConfig function may be used to obtain the user name, but not the password associated with a service.

When the Windows service starts the Microsoft Service Control Manager (SCM) uses the credentials of the user account associated with the service, however the SCM loads the user profile associated with the SCM and not the user profile associated with the user account under which the service runs.

This behavior is by Microsoft design and is not a function of APL+Win or APLNext Application Web Services. Go to
http://msdn.microsoft.com/en-gb/library/windows/desktop/ms686005(v=vs.85).aspx for more information.

This means that an application, such as the APL+Win Server ActiveX component, running under a Windows service will have access to the SCM user profile using the associated Win32 API methods. In this scenario APL+Win use of the Win32 API to obtain user profile information, e.g. from Windows environment variables, may yield unexpected results.

For example ⎕wcall 'ExpandEnvironmentStrings' ‘%appdata%’ (512⍴⎕tcnul) 512 may not return the expected application data folder path specific to the service user’s credential, e.g. ‘myusername.mydomain’. That Win32 API method will return the application data folder path for the SCM user profile, e.g. “c:\windows\system32\config\systemprofile\AppData\Roaming” and not “C:\Users\ myusername\Roaming”.

There is an alternate method, the Windows Registry, for obtaining the “%appdata%” folder path for the profile associated with the user account under which the Windows service is running from on the target server. The following illustrates how to obtain this folder path from the Windows Registry:

Code: Select all
The line below replaces your line in the APL function Show that retrieves the AppData folder path:
     
      z←z,⎕tcnl,'<p><b>AppData (Registry): </b><br>', Profile 'AppData'

where Profile (code shown below), in the line above, is a new APL function.

    ∇ res←Profile data;∆key
[1]
[2]   ⍝ Sources:
[3]   ⍝ http://www.lubby.org/result.jsf?DB=lkb_windows_english&ID=154
[4]   ⍝ http://superuser.com/questions/681588/environment-variable-for-hkey-users-software
[5]   ⍝
[6]   ⍝ Makes use of the APL2000 Registry ActiveX control
[7]   ⍝
[8]   ⍝ Copyright 2015 APLNow LLC. -- John Walker
[9]
[10]  ⎕wself←'∆reg' ⎕wi 'Create' 'apl2000.regkey'
[11] 
[12]  :if (⍴SID) > 12
[13]      ∆key←'HKU\',SID,'\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
[14]  :else
[15]      ⍝ Support logon as "Local System Account"
[16]      ∆key←'HKU\',SID,'\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
[17]  :end
[18]  ⎕wi 'xKeyName' ∆key
[19]  res←⎕wi 'GetValue' data
    ∇

Profile then calls another function SID (code shown below) that retrieves the sid (security identifier) for the user that is logged on.

    ∇ res←SID;name
[1]   ⍝ Copyright 2015 APLNow LLC. -- John Walker
[2]
[3]   ⎕nuntie ⎕nnums
[4]   3 ⎕cmd 'whoami /user > who2.txt'
[5]   'who2.txt' ⎕ntie ¯1
[6]   name←(⎕nread ¯1,82,(⎕nsize ¯1),0)~⎕tcnl,⎕tclf
[7]   res←⌽(¯1+((⌽name)='\')⍳1)↑(⌽name)
[8]   res←(¯1+(res ⎕ss 'S-1')⍳1)↓res
    ∇

The functions, Profile and SID, are included in the workspace in the attachment.
Attachments
APL2000_APPDATA_FNS.w3
(7.05 KiB) Downloaded 442 times
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Chizever » January 27th, 2015, 8:24 pm

Your second paragraph makes sense - "A Windows service runs in the security context of a specified user account."

But then in the third paragraph you say "the SCM loads the user profile associated with the SCM and not the user profile associated with the user account under which the service runs." Why?

The link in the fourth paragraph (the link is missing the closing parenthesis) agrees with your second paragraph, but not with your third paragraph. It says "The service control manager (SCM) automatically loads the user profile." That doesn't say it loads the user profile of the SCM account. It seems to me that it's saying that it loads the user profile "associated with the service object" (from the prior sentence).

In either case, I guess I'll go with reading the registry.

Thanks,
Brian
Chizever
 
Posts: 85
Joined: March 1st, 2007, 12:12 pm

Re: %appdata% from web services

Postby Tech Support » January 28th, 2015, 8:56 am

Thanks for sharing your comments. They'll be reviewed then responded to when time permits.

The URL in the 4th paragraph has been fixed.
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD

Re: %appdata% from web services

Postby Tech Support » January 28th, 2015, 1:45 pm

Chizever wrote:Your second paragraph makes sense - "A Windows service runs in the security context of a specified user account."
But then in the third paragraph you say "the SCM loads the user profile associated with the SCM and not the user profile associated with the user account under which the service runs." Why?

That is the way Microsoft designed it. Only they would know why, but most likely it is the resolution of a potential security issue.
Chizever wrote:The link in the fourth paragraph (the link is missing the closing parenthesis) agrees with your second paragraph, but not with your third paragraph. It says "The service control manager (SCM) automatically loads the user profile." That doesn't say it loads the user profile of the SCM account. It seems to me that it's saying that it loads the user profile "associated with the service object" (from the prior sentence).

You noticed the potential for ambiguity in the text behind the Microsoft link describing how the service manager works with profiles. I think you answered your own question since one has to look to the most recent antecedent in the paragraph, which is the service and not the user.

Chizever wrote:In either case, I guess I'll go with reading the registry.

Good idea.

In case you or someone else is interested, attached is information describing how to retrieve the same information from the Windows Registry using []CSE and a .NET assembly.
Attachments
Get User AppData Folder Path.docx
(300.82 KiB) Downloaded 489 times
GetUserAppDataFolder.zip
(100.45 KiB) Downloaded 499 times
Tech Support
 
Posts: 1230
Joined: February 10th, 2007, 7:33 am
Location: Rockville, MD


Return to APL WebServices

Who is online

Users browsing this forum: No registered users and 5 guests

cron