Re: Confusion about authentication and impersonation.

From: Arild Bakken (arildb_@hotmail.com)
Date: 11/21/02

• Next message: Tester: "Error during impersonation in web.config"
• Previous message: kaze: "Confusion about authentication and impersonation."
• In reply to: kaze: "Confusion about authentication and impersonation."
• Next in thread: kaze: "Re: Confusion about authentication and impersonation."
• Reply: kaze: "Re: Confusion about authentication and impersonation."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Arild Bakken" <arildb_@hotmail.com>
Date: Thu, 21 Nov 2002 14:35:41 +0100

kaze wrote:
> I have some confusion about authentication and impersonation in
> ASP.NET.
>
> If I use windows authentication, what is the effect of the
> impersonation if I set the impersonate of the identity element to
> true or false in the web.config file ?
>
> Under which authentication method and impersonation setting will the
> ASP.NET working process run under the ASPNET account ?
>
> Thank you.

Well.. the ASPNET working process will run under localsystem or aspnet
account depending on the setting in machine.config. Impersonation does NOT
change the account under which the PROCESS runs, only the executing thread.

When you use "windows" authentication in the web.config file and turn on
impersonation, the executing thread will impersonate the authenticated user
if the site is set to Basic, Digest or Integrated security. If the site is
set to anonymous, the executing thread will run as the IUSR_machine account
(unless you changed that in the site/app configuration.)

Just beware though, that any component used in an ASPNET application may
call the RevertToSelf() method in order to change the impersonation of the
running thread back to the localsystem or ASPNET account when run on IIS5 -
this will change in IIS6 where you can separate ASPNET applications into
application pools.

Arild

• Next message: Tester: "Error during impersonation in web.config"
• Previous message: kaze: "Confusion about authentication and impersonation."
• In reply to: kaze: "Confusion about authentication and impersonation."
• Next in thread: kaze: "Re: Confusion about authentication and impersonation."
• Reply: kaze: "Re: Confusion about authentication and impersonation."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Remote control of windows service with windows 2003 server ... Impersonation is more difficult in forms authentication. ... you are passing the username and password for a windows account. ... (microsoft.public.dotnet.framework.aspnet) Re: impersonating a user ... > authentication is what determines the context of the thread. ... > applications, IIS will read the HTTP, and when anonymous is selected IIS ... > Local System account (which is the default account for Services that are ... > impersonation and authentication very clearly. ... (microsoft.public.inetserver.iis.security) Re: Active Directory and asp.net.... ... Actualy if you enable impersonation on forms authentication, ... impersonates IIS account. ... > LogonUser api to change the current user from the default asp account to ... (microsoft.public.dotnet.framework.aspnet.security) Re: Disable account in Active Directory from .NET using DirectoryEntry ... The account impersonated depends upon the authentication mechanism you are using ... As I previously mentioned, if impersonation is not enabled, then the ASPNET ... (microsoft.public.dotnet.framework.aspnet.security) Re: Configuration Differences ... I don't see how that would make a difference unless the web sites are ... >> Authentication enabled? ... >> to a Windows account). ... >> When impersonation is enabled, ASP.NET will impersonate the account that ... (microsoft.public.dotnet.framework.aspnet.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint