Re: NTFS + Impersonation + Asp.Net

From: David Fanning (dfanning@europeancredit.com)
Date: 09/20/02 

From: "David Fanning" <dfanning@europeancredit.com>
Date: Fri, 20 Sep 2002 03:51:20 -0700

Sorry for the last reply, guess I didn't read your reply.

So are you saying that it's not possible to protect
framework recognised pages (aspx, etc.) with NTFS
permissions because you still have to give permissions to
the asp.net worker process to access the page?

I thought since I'm using impersonation and that the
worker process would take the identity of the NT User
account and so allow me to place permissions on files for
that user account.

Thanks

David

>-----Original Message-----
>What page are you talking about?
>Note that .aspx .asmx etc. pages are read by the worker
asp.net process BEFORE your code executes.
>
>Willy.
>
>"David Fanning" <dfanning@europeancredit.com> wrote in
message news:380e01c2608f$4426f9b0$2ae2c90a@phx.gbl...
>>
>> Ok, appologies I know Impersonation has been done to
death
>> however I couldn't find much help about NTFS file
>> permissions and Asp.Net.
>>
>> My problem is as follows;
>> I've deployed an Asp.Net app so it impersonates the user
>> logging in with a valid certificate (certificate
mapping).
>> I'm pretty sure the impersonation is working correctly,
>> I've check both the User.Identity.Name and the more
useful
>> System.Security.Principal.WindowsIdentity.GetCurrent
>> ().Name and both appeared to reflect the correct NT
>> Account.
>>
>> HOWEVER, as a test I set NTFS file permisions to refuse
>> access to a web page for this NT Account (TestUser).
Guess
>> what, the web page was still shown.
>>
>> What's going on here, I thought any 'Deny' NTFS
>> permissions take precendence over 'Grant'.
>>
>> Are there any good resources that explains, preferably
>> with an example exactly how to setup NTFS file security
>> with an Asp.Net app executing under a specific 'User' NT
>> account.
>>
>> Many Thanks
>>
>> David
>>
>>
>
>
>.
>

Relevant Pages

  • Re: VS.NET 2005 and the "allowDefinition=MachineToApplication" error
    ... Your description of impersonation is great. ... If you want to use the default configured account, eliminate that entry, or configure it as: ... The easiest way to assign correct permissions to all required directories is to run: ... I re-started IIS and tried to access my ASPX page again -- same ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: security exception within Microsoft Application Block ExceptionManager.vb
    ... If you set impersonation = true that you were impersonating IUSR account (If ... ASPNET account doesn't have permission to create EventLog's, ... Least privileged accounts have sufficient permissions to be able to write ... not have sufficient permissions to create new event sources. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Unable to start application to connect to Access database
    ... Make sure this user account has read/write permissions to the MDB file. ... Here's more info on impersonation: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: NTFS + Impersonation + Asp.Net
    ... I set impersonation to true in machine.config. ... I must be sure that he can't RevertToSelf and use the asp.net account. ... > permissions because you still have to give permissions to ... as a test I set NTFS file permisions to refuse ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • NTFS + Impersonation + Asp.Net
    ... appologies I know Impersonation has been done to death ... as a test I set NTFS file permisions to refuse ... access to a web page for this NT Account. ... permissions take precendence over 'Grant'. ...
    (microsoft.public.dotnet.framework.aspnet.security)