Re: NTFS + Impersonation + Asp.Net
From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 09/20/02
- Next message: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Previous message: Felix Wu [MS]: "RE: Obtain User Login Name?"
- In reply to: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Next in thread: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Reply: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Reply: Ricardo Augusto: "Re: NTFS + Impersonation + Asp.Net"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be> Date: Fri, 20 Sep 2002 13:29:26 +0200
No, the worker process runs as "aspnet" or any other principal as configured in your machine.config file, note that the process is
shared by all asp.net applications and that process must be able to touch/compile all pages, your code actualy never touches a page.
Your request will be handled by a "worker process" thread from the thread pool, and only this thread will run with the
impersonation access token, when your code loads a new page/assembly or calls a not yet JITTED method, a thread switch will occur
and the loader or Jitter will run using the "aspnet" process token.
Willy.
"David Fanning" <dfanning@europeancredit.com> wrote in message news:3f8701c26093$a7b08e20$35ef2ecf@TKMSFTNGXA11...
> Sorry for the last reply, guess I didn't read your reply.
>
> So are you saying that it's not possible to protect
> framework recognised pages (aspx, etc.) with NTFS
> permissions because you still have to give permissions to
> the asp.net worker process to access the page?
>
> I thought since I'm using impersonation and that the
> worker process would take the identity of the NT User
> account and so allow me to place permissions on files for
> that user account.
>
> Thanks
>
> David
>
>
> >-----Original Message-----
> >What page are you talking about?
> >Note that .aspx .asmx etc. pages are read by the worker
> asp.net process BEFORE your code executes.
> >
> >Willy.
> >
> >"David Fanning" <dfanning@europeancredit.com> wrote in
> message news:380e01c2608f$4426f9b0$2ae2c90a@phx.gbl...
> >>
> >> Ok, appologies I know Impersonation has been done to
> death
> >> however I couldn't find much help about NTFS file
> >> permissions and Asp.Net.
> >>
> >> My problem is as follows;
> >> I've deployed an Asp.Net app so it impersonates the user
> >> logging in with a valid certificate (certificate
> mapping).
> >> I'm pretty sure the impersonation is working correctly,
> >> I've check both the User.Identity.Name and the more
> useful
> >> System.Security.Principal.WindowsIdentity.GetCurrent
> >> ().Name and both appeared to reflect the correct NT
> >> Account.
> >>
> >> HOWEVER, as a test I set NTFS file permisions to refuse
> >> access to a web page for this NT Account (TestUser).
> Guess
> >> what, the web page was still shown.
> >>
> >> What's going on here, I thought any 'Deny' NTFS
> >> permissions take precendence over 'Grant'.
> >>
> >> Are there any good resources that explains, preferably
> >> with an example exactly how to setup NTFS file security
> >> with an Asp.Net app executing under a specific 'User' NT
> >> account.
> >>
> >> Many Thanks
> >>
> >> David
> >>
> >>
> >
> >
> >.
> >
- Next message: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Previous message: Felix Wu [MS]: "RE: Obtain User Login Name?"
- In reply to: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Next in thread: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Reply: David Fanning: "Re: NTFS + Impersonation + Asp.Net"
- Reply: Ricardo Augusto: "Re: NTFS + Impersonation + Asp.Net"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
