Required Permissions

The account running the Eiffel CodeDom Provider might have restricted permissions such as when used through ASP.NET. This section aims at defining the security permissions required for the execution of the Eiffel CodeDom Provider.

Eiffel Metadata Cache

Both when generating and compiling source code, the Eiffel CodeDom Provider needs to read and write from and to the Eiffel Metadata Cache. This repository stores the mapping information between .NET and Eiffel names for both types and their members. By default the Eiffel Metadata Cache is located in the Assemblies subfolder of the Eiffel CodeDom Provider directory.

Note: The Eiffel for ASP.NET installation program will grant read and write access to the Eiffel Metadata Cache folder for the ASPNET (default ASP.NET worker process account on Windows XP Professional) and the IIS_WPG (default ASP.NET worker process account on Windows Server 2003) accounts.

The path to the Eiffel Metadata Cache folder might be changed via the Eiffel CodeDom Provider Manager , make sure the new folder can be read from and written to by the account running the process that uses the Eiffel CodeDom Provider.

Precompile Cache

The same requirements apply to the Precompile Cache folder. By default the Precompile Cache folder is located in the Precompile subfolder of the Eiffel CodeDom directory.

Note: The Eiffel for ASP.NET installation program will grant read and write access to the Precompile Cache folder for the ASPNET (default ASP.NET worker process account on Windows XP Professional) and the IIS_WPG (default ASP.NET worker process account on Windows Server 2003) accounts.

As with the Eiffel Metadata Cache folder, it is possible to change the location of the Precompile Cache folder but the process running the Eiffel CodeDom Provider must always have read and write access to the folder.

Logging

Logging requires registry read access as well as event log write access. By default, the ASP.NET worker process does not have these permissions. The easiest way to grant the required permissions to the ASP.NET worker process is by using ASP.NET impersonation. This mechanism allows the ASP.NET worker process to run under a different account. This is done by providing a web.config file in the root folder of the ASP.NET application. The content of the configuration file needs to include the following declaration: <configuration> <system.web> <identity impersonate="true" userName="Username" password="Password"/> </system.web> </configuration> where Username is the name of an account which has all the required permissions and Password the corresponding password. Refer to the .NET Framework SDK documentation for additional information on ASP.NET impersonation. The solution described above might not be acceptable on a production web server. However, it is possible to configure the Eiffel CodeDom Provider to log events on a different machine (see Eiffel CodeDom Provider Manager ). The log machine should grant the appropriate permissions to the impersonated account for logging and could only be accessible through the web server. This setting would avoid having to grant additional permissions to the ASP.NET worker process account on the web server while still enabling logging.