Re: Who am I impersonating?
From: Gary Bagen (garbage400_at_hotmail.com)
Date: 02/27/04
- Previous message: John Stemper: "Re: Security Exception on ASP.Net app"
- In reply to: Aaron Margosis [MS]: "Re: Who am I impersonating?"
- Next in thread: Tim Thacker: "Re: Who am I impersonating?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Feb 2004 12:17:27 -0800
Hi Aaron,
I understand what you are describing, but I have done a poor job of
asking the right question.
For production, what we plan on doing is using the ProcessModel
element of Machine.Config on the web servers to point to a registry
location for username/password attributes which will use aspnetreg.exe
for encryption.
We want to test this out before making a final recommendation. So,
with my ASP.NET temporary test app, I just wanted to display the name
of the user the ASP.NET app will use to try and access network
resources.
Then I can show depending on how machine.config, web.config, IIS
Anonymous and IIS Windows Authentication settings determine who will
try and use network resources from the ASP.NET app. This is not
something we will be doing in production.
Thanks,
Gar
"Aaron Margosis [MS]" <aaron.margosis.ms@online.microsoft.com> wrote in message news:<#AwlUNQ$DHA.2012@TK2MSFTNGP11.phx.gbl>...
> If the question is, "can I impersonate the caller in such a way that I can
> access network resources as that caller", then:
>
> If you are using integrated Windows authentication at the IIS level, the
> answer is "no", unless:
> * You enable Kerberos delegation for the account and the machines involved
> in the delegation, or
> * Your web browser is on the same machine as the web server.
>
> If you are using Basic authentication at the IIS level, the answer is "yes"
> if Basic auth is configured to use "interactive" logon. This is the default
> for IIS5. (I'm blanking all of a sudden as to whether it is the default for
> IIS6, but I think it isn't.)
>
> -- Aaron
>
> "Gary Bagen" <garbage400@hotmail.com> wrote in message
> news:8b702e36.0402261607.41a8b185@posting.google.com...
> > Is there a way I can get the user of the identity I will be
> > impersonating to get network resources?
> >
> > I know WindowsIdentity.GetCurrent().Name for the person coming into
> > the ASP.NET app but I want to do some testing of different
> > combinations of impersonating based on Anon, Windows Auth, and
> > impersonate = true in web.config. So I am looking for the identity
> > that will be used for the ASP.NET app to go to a network resource.
> >
> > thanks,
> > Gar
- Previous message: John Stemper: "Re: Security Exception on ASP.Net app"
- In reply to: Aaron Margosis [MS]: "Re: Who am I impersonating?"
- Next in thread: Tim Thacker: "Re: Who am I impersonating?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
