RE: Impersonation question regarding a microsoft article
From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 12/23/03
- Next message: John: "Re: How to do this?"
- Previous message: Chris Marchal[MSFT]: "RE: Using subfolder"
- In reply to: Brian Newtz: "Impersonation question regarding a microsoft article"
- Next in thread: Brian Newtz: "RE: Impersonation question regarding a microsoft article"
- Reply: Brian Newtz: "RE: Impersonation question regarding a microsoft article"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Dec 2003 18:01:23 GMT
Brian,
That documentation is incorrect. The process account has to have full
control on that folder, but the impersonated account does not in the case
of first-time JIT compile.
Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------
>Content-Class: urn:content-classes:message
>From: "Brian Newtz" <anonymous@discussions.microsoft.com>
>Sender: "Brian Newtz" <anonymous@discussions.microsoft.com>
>Subject: Impersonation question regarding a microsoft article
>Date: Tue, 23 Dec 2003 08:17:43 -0800
>Lines: 40
>Message-ID: <09b201c3c970$4b509c00$a601280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Thread-Index: AcPJcEtQodKge0h2Sd+UR2DdUFfdag==
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa07.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:8036
>NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hello everyone!
>
>I recently read "ASP.NET Impersonation" from the .NET
>Framework Developer's Guide
>(http://msdn.microsoft.com/library/default.asp?
>url=/library/en-
>us/cpguide/html/cpconaspnetimpersonation.asp) and it says
>the following:
>
>"Only application code is impersonated; compilation and
>configuration are read as the process token. The result
>of the compilation is put in the "Temporary ASP.NET
>files" directory. The account that is being impersonated
>needs to have read/write access to this directory."
>
>So, this is basically telling me that every authenticated
>user has to have access to my 'Temporary ASP.NET files'
>directory in order to view the pages??? I've verified
>that this is definitely not the case, as my 'Temporary
>ASP.NET files' directory has only the following security
>permissions(my computer name is BNEWTZ):
>
>Administrators (BNEWTZ\Administrators)
>aspnet (aspnet@mycompanysdomain.local)
>CREATOR OWNER
>LOCAL SERVICE
>NETWORK SERVICE
>Power Users (BNEWTZ\Administrators)
>SYSTEM
>Users (BNEWTZ\Users)
>
>With these permissions (which are the default, except
>that I've added the domain aspnet account which I use in
>the processmodel section of machine.config) any domain
>user can get to the website just fine. So is the article
>incorrect in that statement?
>
>Thanks!
>-Brian
>
>
- Next message: John: "Re: How to do this?"
- Previous message: Chris Marchal[MSFT]: "RE: Using subfolder"
- In reply to: Brian Newtz: "Impersonation question regarding a microsoft article"
- Next in thread: Brian Newtz: "RE: Impersonation question regarding a microsoft article"
- Reply: Brian Newtz: "RE: Impersonation question regarding a microsoft article"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
