Re: ASP.Net Security and SQL Server access
From: Nick Bishop (nick4soup_at_yahoo.com.au)
Date: 07/22/03
- Previous message: Victor Garcia Aprea [MVP]: "Re: httprequest.validateinput()"
- In reply to: Chris Jackson: "Re: ASP.Net Security and SQL Server access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Jul 2003 21:42:57 -0700
"Chris Jackson" <chrisj@mvps.org> wrote in message news:<e2H1a#ITDHA.1552@TK2MSFTNGP12.phx.gbl>...
> Your IIS application runs under one identity. This is configured in the IIS
> settings.
>
> ASP.NET runs under another identity, which you can configure in the
> machine.config. (By default, it's MACHINE\ASPNET.)
>
> If you want ASP.NET to use the Windows identity of the IIS application
> (which can be the authenticated user) then make sure your web.config has
> <identity impersonate="true">
More detail ...
In the Web.Config of the IIS application's directory, insert a line
like
<identity impersonate="true"/>
(in the System.Web xml node. If there is a line like
<authentication mode="Windows" />
in the file, put it next to that one)
Then do one of the following:
Preferred way
=============
Go into the IIS administration (Computer Management -> Services &
Applications -> Internet Information Services -> Default Web Site ->
GetCodedData (in my case).
Right-click, choose Properties. In the "Directory" tab, you may need
to press the Create button (depending on your circumstances).
After that, select the Directory Security tab and press Edit (under
the Anonymous access section), then tick Anonymous access, and press
the Edit button in that section.
In the dialog box that comes up, put in the username and password.
The other way (not recommended)
=============
Alter the line you are inserting so it looks like this
<identity impersonate="true" userName="IRAQ\saddam"
password="guns4us"/>
Nick Bishop
-----
Email replies ignored
-----
TRUE: In Australia, you can get matches under this brand: Dickhead
-oOo-
- Previous message: Victor Garcia Aprea [MVP]: "Re: httprequest.validateinput()"
- In reply to: Chris Jackson: "Re: ASP.Net Security and SQL Server access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
