Re: NTFS rights not honored

From: Norman Rasmussen (nrasmussen_at_openboxsoftware.com)
Date: 12/17/03


Date: Wed, 17 Dec 2003 14:51:12 +0200


> Since I've got impersonation on in web.config I though the request would
be run as the actual logged in user, and not ASPNET.
Yes, I think is what is happening for you.

> The problem is that everyone can see every file and folder, even though
NTFS does not permit them
There is a difference between being able to _see_ the file in a directory
listing and actually being able to read it. Can if you can't read the file
you can see it! You will need to check whether you can actually read the
file before showing it in the list to the user.



Relevant Pages

  • RE: ASP.NET Anonymous Impersonation
    ... still run under ASPNET. ... But the code to handle current request will be ... executed under the impersonation user. ... Implementing Impersonation in an ASP.NET Application ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows authentication for web service client??
    ... > Dim Response As System.Net.HttpWebResponse ... > make my http WEBDAV request here ... ... CredentialCache.DefaultCredentials will return the credentials that ... I have try the same approach using implicity impersonation, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: net logon
    ... this is a problem with running ASPNet on a DC: ... : Description: An unhandled exception occurred during the execution of the ... granting access rights to the resource to the ASP.NET request identity. ... HttpContext context, String virtualPath, Boolean fApplicationFile) +111 ...
    (microsoft.public.inetserver.iis.security)
  • Re: Impersonate() & ASPNET worker threads. Bug or undocumented feature?
    ... > impersonation on in web.config. ... > In my oppinion ASPNET worker process even in one request scope switches ... > The anonymous access for application should be forbidden, ... that ASPNET worker might switch threads while executing ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: COM Component and Security
    ... Hi Lior, ... | Subject: Re: COM Component and Security ... | ASPNET user and not my NT user. ... |> information on the thread before impersonation began. ...
    (microsoft.public.dotnet.framework.aspnet.security)