Re: <identity impersonate="true"> question

From: Dave Kolb (Dave.Kolb_removethis@sas.com)
Date: 07/17/02 

From: "Dave Kolb" <Dave.Kolb_removethis@sas.com>
Date: Wed, 17 Jul 2002 11:41:01 -0400

Thanks!

"Aaron Margosis [MS]" <aaronmaronline@microsoft.com> wrote in message
news:OeJEhp6KCHA.1008@tkmsftngp10...
> Good question! Impersonating an already authenticated (logged on) user
does
> not require TCB (trusted computing base, a.k.a. "act as part of the
> operating system"). What does require TCB is use of the LogonUser API to
> create a new logon session. That comes up when you use this form of the
> <identity> element:
>
> <identity impersonate="true" userName="YOYODYNE\JBigBoote"
> password="Sekrit!" />
>
> Rather than impersonating the user authenticated by IIS (which is what
> you're doing), the app always runs with the specified credentials. In
order
> to do this, ASPNET needs to be able to call LogonUser.
>
> HTH
>
> -- Aaron
>
>
> "Dave" <DaveAtHome_spam@nc.rr.com> wrote in message
> news:#L#Gcc0KCHA.1008@tkmsftngp10...
> > I added <identity impersonate="true"> to my web.config file and was
> > expecting to have to add "Act as part of the OS" to the local machine's
> > security policy for the ASPNET user as was posted various places but in
> fact
> > did NOT have to do this for the impersonation to work. Is that not a
> > required action? I'm running on Windows 2000 and not Windows XP where my
> > understanding was that policy for ASPNET would not need to be set. There
> are
> > no users explicity added with that security right on my machine. Thanks,
> > Dave
> >
> >
>
>

Relevant Pages

  • Re: Impersonate User asp.net
    ... User.Identity.Name is connected with the ASP.NET authentication pipeline. ... Generally, when you use Windows authentication in ASP.NET (in IIS, anonymous ... off, and basic, digest and or integrated enabled), then your request will be ... If you are impersonating in ASP.NET, ...
    (microsoft.public.dotnet.security)
  • Re: Need help writing a file to the server.
    ... Did you set ACLs for ASPNET on "C:\Mypath"? ... > granting access rights to the resource to the ASP.NET request identity. ... If the application is impersonating via <identity ... > adding aspnet to the admin group to hunting through gpedit.msc to find ...
    (microsoft.public.dotnet.framework.aspnet)
  • Impersonating using UPN problem
    ... I'm having trouble access network resources from an ASP.NET page on Windows ... I've tried impersonating a user by getting the WindowsIdentity ... Once I set the app pool identity to have Act as ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Impersonating using UPN problem
    ... I'm having trouble access network resources from an ASP.NET page on Windows ... I've tried impersonating a user by getting the WindowsIdentity ... Once I set the app pool identity to have Act as ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: what is the difference between manually constructed NetworkCredential and one from windowsident
    ... I have a winform and windows service, ... At client side, when I construct a NetworkCredential manually by ... When you say "get the default credential from current windows identity ... Depending on what is impersonating, you may have the security of the ...
    (microsoft.public.dotnet.general)
Loading