Re: Best Practices for Impersonation and File Upload?
From: Jed (Jed_at_discussions.microsoft.com)
Date: 07/14/04
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Utter madness!"
- Previous message: Paul Mason: "Re: Utter madness!"
- In reply to: Raterus: "Re: Best Practices for Impersonation and File Upload?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Best Practices for Impersonation and File Upload?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Jul 2004 08:26:40 -0700
The site is configured for anonymous access, because the forms which post files are open to the public who are requesting software demos which requires including sample files.
So I guess the answer is hope for the best, and see if I can get the files out of the browseable web.
Thanks
"Raterus" wrote:
> How is your current security set up on your application, anonymous access, or some type of windows authentication/basic authentication?
>
> If it is anonymous, you will need to just give permissions to the aspnet user, and hope for the best, but if you really want to secure this application, get the authorized users windows accounts, and either get their credentials from basic/digest/integrated authentication and use the first method in that article, or use forms authentication/authenticate against active directory and use the second method in that article, That way you can set NTFS permissions on the folder with these user accounts, rather than ASPNET.
>
> --Michael
>
> P.S. Joe K is my ADSI Hero :-)
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Utter madness!"
- Previous message: Paul Mason: "Re: Utter madness!"
- In reply to: Raterus: "Re: Best Practices for Impersonation and File Upload?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Best Practices for Impersonation and File Upload?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
