Windows authentication and UNC shares
From: Andrew Kemp (andrew.kemp@dorsetsoftware.com)
Date: 08/28/02
- Next message: FOB: "Getting Appropriate Context????????????????"
- Previous message: Roberto Ortolano: "ASP.NET causing inetinfo to load at 100%"
- Next in thread: Andrew Kemp: "Re: Windows authentication and UNC shares"
- Reply: Andrew Kemp: "Re: Windows authentication and UNC shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: andrew.kemp@dorsetsoftware.com (Andrew Kemp) Date: 28 Aug 2002 10:07:34 -0700
I am trying to achieve the following in an ASP.NET web application:
1. The application resides on a UNC share
2. Users are identified using Windows authentication
3. The application connects to a SQL Server database on a
different computer using integrated security and the same
database server account for all users (i.e. I do *not* want
to logon to the database server with the remote user's
identity)
In order to achieve (3) I have the userName in Machine.config's
<processModel> element set to an account with the "log on locally"
privilege, and impersonation with a specific username and password
enabled in Web.config. This part works fine -- the application is able
to connect to the database server with integrated security under the
account specified in Web.config.
The problem seems to be the combination of (1) and (2). Examination of
the HTTP headers reveals that Windows authentication is certainly taking
place, but from the point of view of the application code the server
variables AUTH_USER, LOGON_USER, and REMOTE_USER as well as
Page.User.Identity.Name and Context.User.Identity.Name all give the name
of the account used to connect to the UNC share, not the name of the
authenticated user.
I found the bit in the developer's guide where it says that
"If an application is on a UNC share, ASP.NET will always
impersonate the token provided to IIS to access that share unless a
configured account is used. If an explicit configured account is
provided, ASP.NET will use that account in preference to the IIS UNC
token."
however surely that doesn't apply here since firstly I am using a
explicitly configured account (the one used to connect to the database),
and secondly it's not the impersonation that I am interested in but the
name of the authenticated user?
This is particularly irritating since a simple .ASP page gives the
expected value (the remote user name) for the server variables AUTH_USER
&c. Does this mean that ASP.NET is actively throwing away or hiding the
authenticated user name, and if so why?
Any assistance would be greatly appreciated -- I just seem to be going
round in circles with this.
-- drew
- Next message: FOB: "Getting Appropriate Context????????????????"
- Previous message: Roberto Ortolano: "ASP.NET causing inetinfo to load at 100%"
- Next in thread: Andrew Kemp: "Re: Windows authentication and UNC shares"
- Reply: Andrew Kemp: "Re: Windows authentication and UNC shares"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
