Re: <identity impersonate="true"> question
From: Microsoft Newsgroups (me@yahoo.com)
Date: 07/24/02
- Next message: Stephen Barrett: "Forms based security without cookies?"
- Previous message: David Thom: "Re: Understanding application security in .NET"
- In reply to: Aaron Margosis [MS]: "Re: <identity impersonate="true"> question"
- Next in thread: Aaron Margosis [MS]: "Re: <identity impersonate="true"> question"
- Reply: Aaron Margosis [MS]: "Re: <identity impersonate="true"> question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Microsoft Newsgroups" <me@yahoo.com> Date: Wed, 24 Jul 2002 08:45:55 -0700
What is required to make LogonUser work?
I have an ASP.NET app that needs to create categories in the Event Log. On
my development box, setting impersonate true, and setting the username/pwd
to the administrator works fine. But when I put it on the production IIS
server (Win2K) I get an error something about invalid rights or credentials.
What am I missing?
Thanks!
<<Kevin Finck>>
"Aaron Margosis [MS]" <aaronmaronline@microsoft.com> wrote in message
news:OeJEhp6KCHA.1008@tkmsftngp10...
> Good question! Impersonating an already authenticated (logged on) user
does
> not require TCB (trusted computing base, a.k.a. "act as part of the
> operating system"). What does require TCB is use of the LogonUser API to
> create a new logon session. That comes up when you use this form of the
> <identity> element:
>
> <identity impersonate="true" userName="YOYODYNE\JBigBoote"
> password="Sekrit!" />
>
> Rather than impersonating the user authenticated by IIS (which is what
> you're doing), the app always runs with the specified credentials. In
order
> to do this, ASPNET needs to be able to call LogonUser.
>
> HTH
>
> -- Aaron
>
>
> "Dave" <DaveAtHome_spam@nc.rr.com> wrote in message
> news:#L#Gcc0KCHA.1008@tkmsftngp10...
> > I added <identity impersonate="true"> to my web.config file and was
> > expecting to have to add "Act as part of the OS" to the local machine's
> > security policy for the ASPNET user as was posted various places but in
> fact
> > did NOT have to do this for the impersonation to work. Is that not a
> > required action? I'm running on Windows 2000 and not Windows XP where my
> > understanding was that policy for ASPNET would not need to be set. There
> are
> > no users explicity added with that security right on my machine. Thanks,
> > Dave
> >
> >
>
>
- Next message: Stephen Barrett: "Forms based security without cookies?"
- Previous message: David Thom: "Re: Understanding application security in .NET"
- In reply to: Aaron Margosis [MS]: "Re: <identity impersonate="true"> question"
- Next in thread: Aaron Margosis [MS]: "Re: <identity impersonate="true"> question"
- Reply: Aaron Margosis [MS]: "Re: <identity impersonate="true"> question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
