NTFS + Impersonation + Asp.Net

From: David Fanning (dfanning@europeancredit.com)
Date: 09/20/02

Next message: Willy Denoyette [MVP]: "Re: NTFS + Impersonation + Asp.Net"
Previous message: dirk diggler: "property access after Dispose()"
Next in thread: Willy Denoyette [MVP]: "Re: NTFS + Impersonation + Asp.Net"
Reply: Willy Denoyette [MVP]: "Re: NTFS + Impersonation + Asp.Net"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "David Fanning" <dfanning@europeancredit.com>
Date: Fri, 20 Sep 2002 03:19:55 -0700

Ok, appologies I know Impersonation has been done to death
however I couldn't find much help about NTFS file
permissions and Asp.Net.

My problem is as follows;
I've deployed an Asp.Net app so it impersonates the user
logging in with a valid certificate (certificate mapping).
I'm pretty sure the impersonation is working correctly,
I've check both the User.Identity.Name and the more useful
System.Security.Principal.WindowsIdentity.GetCurrent
().Name and both appeared to reflect the correct NT
Account.

HOWEVER, as a test I set NTFS file permisions to refuse
access to a web page for this NT Account (TestUser). Guess
what, the web page was still shown.

What's going on here, I thought any 'Deny' NTFS
permissions take precendence over 'Grant'.

Are there any good resources that explains, preferably
with an example exactly how to setup NTFS file security
with an Asp.Net app executing under a specific 'User' NT
account.

Many Thanks

David

Next message: Willy Denoyette [MVP]: "Re: NTFS + Impersonation + Asp.Net"
Previous message: dirk diggler: "property access after Dispose()"
Next in thread: Willy Denoyette [MVP]: "Re: NTFS + Impersonation + Asp.Net"
Reply: Willy Denoyette [MVP]: "Re: NTFS + Impersonation + Asp.Net"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: VS.NET 2005 and the "allowDefinition=MachineToApplication" error
... Your description of impersonation is great. ... If you want to use the default configured account, eliminate that entry, or configure it as: ... The easiest way to assign correct permissions to all required directories is to run: ... I re-started IIS and tried to access my ASPX page again -- same ...
(microsoft.public.dotnet.framework.aspnet)
Re: security exception within Microsoft Application Block ExceptionManager.vb
... If you set impersonation = true that you were impersonating IUSR account (If ... ASPNET account doesn't have permission to create EventLog's, ... Least privileged accounts have sufficient permissions to be able to write ... not have sufficient permissions to create new event sources. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Unable to start application to connect to Access database
... Make sure this user account has read/write permissions to the MDB file. ... Here's more info on impersonation: ...
(microsoft.public.dotnet.framework.aspnet)
Re: NTFS + Impersonation + Asp.Net
... I set impersonation to true in machine.config. ... I must be sure that he can't RevertToSelf and use the asp.net account. ... > permissions because you still have to give permissions to ... as a test I set NTFS file permisions to refuse ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: NTFS + Impersonation + Asp.Net
... permissions because you still have to give permissions to ... I thought since I'm using impersonation and that the ... that user account. ... as a test I set NTFS file permisions to refuse ...
(microsoft.public.dotnet.framework.aspnet.security)