Re: How to assign a fixed identity to ASPNET process?

From: Tom Vogel (tvch@yahoo.com)
Date: 10/13/02 

From: "Tom Vogel" <tvch@yahoo.com>
Date: Sun, 13 Oct 2002 13:36:47 +0200

I specified the userName attribute in the form of "domain\userid".

And I tried with both 'Forms' and 'Windows' authentication in the config
file.

It doesn't make a difference. The same error message appears.

I tried this also on my own computer (Win2k Pro) with the administrator
account. Same result.

But running the entire ASP.NET application under a write-privileged account
is not a good solution anyway. I might try to programatically impersonate
and revert whenever the app needs to write to disk. The only difficulty with
that is to create an account token with the advapi32.dll. Does anybody have
a working sample for that?

"Jimco Add-ins" <jimco@nospam.jimcoaddins.com> wrote in message
news:#2VF0LgcCHA.1748@tkmsftngp12...
> What type of authentication are you using?
>
> --
>
> Jimco Add-ins
> -------------------------------------------------------------------
> http://www.jimcoaddins.com
> FREE Add-ins and Utilities for FrontPage
> -------------------------------------------------------------------
> Secure pages with ASP!
> Read our most recent edition of Insights
> -------------------------------------------------------------------
>
>
>
> "Tom Vogel" <tvch@yahoo.com> wrote in message
> news:uzQ8DJgcCHA.2324@tkmsftngp11...
> > The configuration setting <identity impersonate="true" /> prompts for
> > username password when the ASP.NET application attempts to write a file.
> >
> > Therefore I tried using the identity impersonation with a fixed username
> >
> > <identity impersonate="true" userName="myaccount"
password="mypassword"/>
> >
> > but I got the following error:
> >
> > Could not create Windows user token from the credentials specified in
the
> > config file. Error from the operating system 'A required privilege is
not
> > held by the client. '
> >
> > I used my FTP account which does allow me to write to the specified
> > location. Any ideas?
> >
> > Tom
> >
> > "Jimco Add-ins" <jimco@nospam.jimcoaddins.com> wrote in message
> > news:uATCt4ecCHA.1340@tkmsftngp10...
> > > Tom,
> > >
> > > All you have to do is change your web.config file. If you enable
> > > impersonation and deny unauthenticated users, you will be running
under
> > your
> > > own account. In other words, add the following:
> > >
> > > <identity impersonate="true" />
> > >
> > > Then you will need to change the <authorization> section as follows:
> > >
> > > <authorization>
> > >
> > > <deny users="?" />
> > >
> > > </ authorization>
> > >
> > > --
> > >
> > > Jimco Add-ins
> > > -------------------------------------------------------------------
> > > http://www.jimcoaddins.com
> > > FREE Add-ins and Utilities for FrontPage
> > > -------------------------------------------------------------------
> > > Secure pages with ASP!
> > > Read our most recent edition of Insights
> > > -------------------------------------------------------------------
> > >
> > >
> > >
> > > "Tom Vogel" <tvch@yahoo.com> wrote in message
> > > news:#HuEauecCHA.2520@tkmsftngp11...
> > > > The situation at my ASP.NET hosting provider is that,
> > > > - I have a virtual web server
> > > > - a Windows NT account and FTP access to my folder
> > > > - and ASP.NET running, I assume, under the ASPNET account
> > > >
> > > > The problem is, that the ASPNET account can read my pages but I have
> no
> > > > other privileges like writing to disk etc.
> > > >
> > > > Unfortunately Microsoft only lets you change the username in the
> > > > ProcessModel section of the machine.config file. This is not a
> suitable
> > at
> > > > all for a multi-site environment.
> > > >
> > > > What I'd like to do is have the ASP.NET process run under my account
> id.
> > > Is
> > > > this possible and how?
> > > >
> > > > Thanks for your help.
> > > >
> > > > Tom
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: Adding a virtual FTP folder to IIS
    ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ...
    (microsoft.public.dotnet.framework)
  • Re: Login automatically
    ... > is it possible to configure the system to log as a registered username (with ... stores passwords or has persistent login cookies, ... intruder could do whatever they wish from your account. ... learns are identification and authentication. ...
    (linux.redhat)
  • Re: Printer Permission Issue
    ... user's domain X account is a member of the local administrator's group? ... The user cannont print to a certain printer on domain Y w/o a username and ... Users computer cached the authentication of that printer ...
    (microsoft.public.win2000.networking)
  • Re: smarthosts with Verizon Hawaii DSL
    ... My Master Username/Password is: wjohndoe@mydomain.com/wjohndoe8. ... It is not the same account ... > both have required that outgoing authentication be enabled, ... >> account or the username and passwords for any accounts we have ...
    (microsoft.public.windows.server.sbs)
  • RE: cannot log on to user account following password change
    ... cannot log on to user account following password change ... I changed the username on the account in ... | on the sbs box. ...
    (microsoft.public.windows.server.sbs)