Re: Why won't WindowsPrincipal show as IUSR_<machine> ?

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/25/04

  • Next message: rasta: "app lease/licensing" 
    Date: Fri, 25 Jun 2004 13:25:13 -0500

    It will be IUSER_MACHINE if you leave anonymous turned on in IIS AND enable
    impersonation in your web.config.

    Joe K.

    "Odie" <Odie@discussions.microsoft.com> wrote in message
    news:0256388A-CFC3-4929-9D88-4AA8B0CE72BD@microsoft.com...
    > I have a test harness set up to explore some .Net security stuff.
    > I have an .aspx page w/ .cs code-behind that gets the current Windows
    identity of the asp.net thread:
    > -=-=
    > WindowsIdentity MyIdentity = WindowsIdentity.GetCurrent();
    > WindowsPrincipal MyPrincipal = new WindowsPrincipal(MyIdentity);
    > string Name = MyPrincipal.Identity.Name;
    > string Type = MyPrincipal.Identity.AuthenticationType;
    > string Auth = MyPrincipal.Identity.IsAuthenticated.ToString();
    > //Identity values.
    > string IdentName = MyIdentity.Name;
    > string IdentType = MyIdentity.AuthenticationType;
    > string IdentIsAuth = MyIdentity.IsAuthenticated.ToString();
    > string ISAnon = MyIdentity.IsAnonymous.ToString();
    > -=-=
    >
    > When I have IIS Security set to [anon + integrated security], my test page
    printed out:
    > Principal Name: MYMACHINE\ASPNET
    > Principal Type: NTLM
    > Principal IsAuthenticated: True
    > Identity IsAnonymous: False
    > Identity IsGuest: False
    > Identity IsSystem: False
    >
    > This is good.
    > But when I removed integrated security from IIS Security tab my test page
    still prints out exactly the same thing! Then I remembered asp.net has it's
    own stuff in web.config, so I changed:
    > <authentication mode="Windows" />
    > to
    > <authentication mode="None" />
    >
    > I still get exactly the same output from my test page! Just in case
    there's some weird caching going on here, I shut down my web server and ran
    IISRESET - still to no avail.
    >
    > I can sort of understand the PrincipalName=ASPNET (even though I would
    expect it to be IUSR_MYMACHINE). But I don't understand why it insists on
    having IsAuthenticated=True and IsAnonymous=False.
    >
    > ??
    >

  • Next message: rasta: "app lease/licensing"

    Relevant Pages

    • Re: Mac Server Hacked In Less Than 6 Hours
      ... Windows has RAS, and for it is built in since NT 3.1 ... | A typical IIS box and this Mac are not the same thing so the comparison ... IIS has been subject to quite a few bugs and so have ... Security isn't a proprietary attribute. ...
      (sci.crypt)
    • Re: DCOM calls fails - access denied
      ... That's exactly how I understood the ASP.NET security. ... But why does one configuration work but not the other? ... should get the token from IIS. ... If you set there a domain account, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: How to secure IIS?
      ... XP as well, because even if you don't install IIS, there are still a number ... If you think Windows 98 is secure, ... easy to attack, if there's no firewall... ... IIS security checklists] 3) install firewall and antivirus, ...
      (microsoft.public.inetserver.iis.security)
    • RE: .pdf security using ASP.NET security...
      ... I am wondering if using the aspnet_isapi.dll to handle PDF files security ... IIS has a list of Application Mappings which dictate whether a particular ... entries that tell aspnet_isapi.dll what to do with various file types. ... Files that do have app mappings require all the same steps, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: impact of mapping .??? to ASP.NET ISAPI???
      ... security issue, either from ASP.NET or IIS (this is something that my ISP ... > entries that tell aspnet_isapi.dll what to do with various file types. ... > process the request. ...
      (microsoft.public.dotnet.framework.aspnet.security)