Re: Asp.net impersonate

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 08/29/04 

Date: Sun, 29 Aug 2004 14:59:39 -0500

For this you would usually do something like:

 <authorization>
     <allow roles="domain\groupname"/>
     <deny users="*"/>
 </authorization>

You can use multiple groups separated by commas in the allow list.

HTH,

Joe K.

"Patrick.O.Ige" <patrickige@acn.waw.pl> wrote in message
news:Oqj4gJcjEHA.3428@TK2MSFTNGP11.phx.gbl...
> Hi Joe,
> If i use this web config file:-
> <authorization>
> <deny users="?"/>
> <allow users="*"/>
> </authorization>
> Can i control the GROUPS the users would be able to validate against the
> Active Directory?For example if i allow only members in a security group
in
> the Active Directory to authenticate and deny the others.Would it work?
> Check this link at :-
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/act
> ive_directory_authentication_from_asp__net.asp
> Thanks
>
>
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:eW$kZLXjEHA.394e 4@tk2msftngp13.phx.gbl...
> > I don't think impersonation loads the user profile of the account being
> > impersonated. If you think about it, that would make impersonation very
> > slow.
> >
> > Do you need the user profile loaded for some reason?
> >
> > Joe K.
> >
> > "Frederik Vermeersch via .NET 247" <anonymous@dotnet247.com> wrote in
> > message news:%23$tKgsPjEHA.3148@TK2MSFTNGP10.phx.gbl...
> > > Hi,
> > >
> > > My global.asax contains:
> > > <authentication mode="Windows" />
> > > <identity impersonate="true"/>
> > >
> > > in my aspx page Environment.UserName returns the correct impersonated
> > username,
> > > but Environment.GetEnvironmentVariable("USERPROFILE") returns the
> > userprofile of the ASPNET user, being: C:\Documents and
> > Settings\COMPUTERNAME\ASPNET
> > > (Strange behaviour, but I asume that this is by design.)
> > > Is there no way to return the userprofile for the impersonated
account?
> > >
> > > Thanks,
> > > Frederik
> > >
> > > -----------------------
> > > Posted by a user from .NET 247 (http://www.dotnet247.com/)
> > >
> > > <Id>EUpSiezJAUCDSil1IuWbOg==</Id>
> >
> >
>
>

Relevant Pages

  • Re: Asp.net impersonate
    ... I don't think impersonation loads the user profile of the account being ... > Is there no way to return the userprofile for the impersonated account? ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Unlock acct permissions
    ... Joe is one of the best in the world. ... How do I get DSACLS to run on a specific account? ... The permissions in the security do not seem>>> to ... The correct permissions are on the security group, ...
    (microsoft.public.win2000.active_directory)
  • Re: Unlock acct permissions
    ... It may actually be the best of the bunch but it is very old now so it is mostly about those GOOD FUNDAMENTALS that one needs and which Joe referenced. ... >>>Overall you appear to be a very "green" admin and you should buy one or more>>>books and learn this stuff before you do too much more. ... >>>Joe Richards Microsoft MVP Windows Server Directory Services ... How do I get DSACLS to run on a specific account? ...
    (microsoft.public.win2000.active_directory)
  • Re: Service running as Local system account Unable to map drive on
    ... Hi Joe and Phillip ... account has full permissions on both the share and the file system itself. ... Security Eventlog: ...
    (microsoft.public.security)
  • Re: Password Expired Query
    ... issue their own LDAP query to do this. ... If you just want to get this done, Joe R's tool is very easy. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The problem is there isn't a flag saying the account is expired, ...
    (microsoft.public.windows.server.active_directory)