Re: Windows authentication and UNC shares

From: Andrew Kemp (ajwk@pell.uklinux.net)
Date: 08/28/02

• Next message: Marina: "Re: Getting Appropriate Context????????????????"
• Previous message: FOB: "Getting Appropriate Context????????????????"
• In reply to: Andrew Kemp: "Windows authentication and UNC shares"
• Next in thread: Willy Denoyette [MVP]: "Re: Windows authentication and UNC shares"
• Reply: Willy Denoyette [MVP]: "Re: Windows authentication and UNC shares"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Andrew Kemp <ajwk@pell.uklinux.net>
Date: Wed, 28 Aug 2002 20:33:16 BST

Andrew Kemp wrote:

> I am trying to achieve the following in an ASP.NET web application:

[...]

> 3. The application connects to a SQL Server database on a
> different computer using integrated security and the same
> database server account for all users

[...]

> In order to achieve (3) I have the userName in Machine.config's
><processModel> element set to an account with the "log on locally"
> privilege, and impersonation with a specific username and password
> enabled in Web.config.

Oops -- I meant the "act as part of the operating system"
privilege. Speaking of which...

Somewhere in the ASP.NET documentation it gives this as one of two ways
to enable impersonation of a specific account. It then goes on to say
that Microsoft do not recommend it, but doesn't explain why not. Why is
this a bad idea, and how is it different from the (presumably
recommended?) second way of doing it which was to use "SYSTEM" as the
userName in the <processModel> element?

Thanks,

-- 
drew

---

• Next message: Marina: "Re: Getting Appropriate Context????????????????"
• Previous message: FOB: "Getting Appropriate Context????????????????"
• In reply to: Andrew Kemp: "Windows authentication and UNC shares"
• Next in thread: Willy Denoyette [MVP]: "Re: Windows authentication and UNC shares"
• Reply: Willy Denoyette [MVP]: "Re: Windows authentication and UNC shares"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages AAA Privileges ... Group 2: adminsouth(member username is south) ... aaa authentication login default group tacacs+ local enable ... 1)No enable privileges 2) Max privilege level for any AAA client 3) ... (comp.security.firewalls) AAA Privileges ... Group 2: adminsouth(member username is south) ... aaa authentication login default group tacacs+ local enable ... 1)No enable privileges 2) Max privilege level for any AAA client 3) ... (comp.dcom.sys.cisco) Re: SQL Integrated Security in .NET1.1 ... unless you have a domain user called "username" you have your problem ... Impersonation where you want to impersonate the user logged in ... Get rid of the userName attribute ... > identity of the iisusr is changed to a domain account that ... (microsoft.public.dotnet.framework.aspnet.security) Impersonation and clicking links ... on the same server. ... page1.asp and to restrict the folder "Restricted" to only allow access to ... When I click the link on the page, I still get prompted for a username and ... null, but if that is the case, what is the point of impersonation? ... (microsoft.public.dotnet.framework.aspnet) RE: Access file on another computer with specific username / passw ... using the System.Management namespace allows me to create a scope ... with a specific username / password: ... ManagementScope scope = new ManagementScope; ... impersonation class. ... (microsoft.public.dotnet.framework)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2002-08