Re: Configuration Differences

From: Matt (Matt_at_discussions.microsoft.com)
Date: 11/22/04 

Date: Mon, 22 Nov 2004 11:25:04 -0800

Thanks for your response. I am still trying to isolate the exact lines
responsible for this difference. However, copying one system's
security.config to the other and restarting IIS seems to have addressed the
problem I am having. I believe there was just a lower level difference in
permissions granted to the Intrenet_Zone code group.

Thanks again for your help.

"Joe Kaplan (MVP - ADSI)" wrote:

> Are you certain the second site doesn't have Windows Integrated
> Authentication enabled? The results you got indicate that someone was
> authenticated by IIS (unless some special code ran that changed Context.User
> to a Windows account).
>
> When impersonation is enabled, ASP.NET will impersonate the account that was
> authenticated by IIS. If anonymous access was enabled, then the anonymous
> user account is impersonated. This is assuming that you haven't specified
> the user and password attributes in that tag.
>
> Joe K.
>
> "Matt" <Matt@discussions.microsoft.com> wrote in message
> news:03FCAD6B-DA13-42AB-962D-2450554CCBBA@microsoft.com...
> >I checked both sites. Both have Anon access enabled via IIS Mgr. Both
> >sites
> > are using a domain-level account and the web.config on both is set to
> > impersonate. The behaviors on each are still different. Are there other
> > things I can check? Also, when the impersonation is enabled in
> > web.config,
> > is it the user specified in the "Enable Anon Access" dialog that is
> > impersonated? Are there other settings in the machine.config and
> > security.config that may impact this?
> >
> > "Paul Glavich [MVP - ASP.NET]" wrote:
> >
> >> I think Joe is spot on. The only thing to add is that impersonation is
> >> enabled in both web.config files as well.
> >>
> >> --
> >> - Paul Glavich
> >> Microsoft MVP - ASP.NET
> >>
> >>
> >> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
> >> wrote
> >> in message news:ur$6x8pzEHA.2568@TK2MSFTNGP10.phx.gbl...
> >> > My guess is that anonymous access is enabled in IIS on server 1 and is
> >> > not
> >> > on server 2.
> >> >
> >> > Joe K.
> >> >
> >> > "Matt" <Matt@discussions.microsoft.com> wrote in message
> >> > news:69AEF6B7-159E-4739-96E9-7E8A9F24C05A@microsoft.com...
> >> > >I have two sites on separate servers configured. When I query a page
> >> that
> >> > > returns information on security/user context, I get two different
> >> replies.
> >> > >
> >> > > On Server 1:
> >> > > HttpContext.Current.User.Identity
> >> > > Name
> >> > > IsAuthenticated False
> >> > > AuthenticationType
> >> > >
> >> > > WindowsIdentity.GetCurrent()
> >> > > Name MACHINENAME\IUSR_MACHINENAME1
> >> > > IsAuthenticated True
> >> > > AuthenticationType NTLM
> >> > >
> >> > > Thread.CurrentPrincipal.Identity
> >> > > Name
> >> > > IsAuthenticated False
> >> > > AuthenticationType
> >> > >
> >> > >
> >> > > On Server 2:
> >> > > HttpContext.Current.User.Identity
> >> > > Name DOMAIN\USER
> >> > > IsAuthenticated True
> >> > > AuthenticationType Negotiate
> >> > >
> >> > > WindowsIdentity.GetCurrent()
> >> > > Name DOMAIN\USER
> >> > > IsAuthenticated True
> >> > > AuthenticationType NTLM
> >> > >
> >> > > Thread.CurrentPrincipal.Identity
> >> > > Name DOMAIN\USER
> >> > > IsAuthenticated True
> >> > > AuthenticationType Negotiate
> >> > >
> >> > > --
> >> > >
> >> > > My question is what is the likely configuration that is created these
> >> > > differing scenarios. I have not been able to locate the entries in
> >> > > machine.config,web.config or system.config that would be causing this
> >> > > since
> >> > > most of these files have the default configuration. Also, which of
> >> > > the
> >> > > above
> >> > > could I expect to see as a default configuration on a web in IIS?
> >> >
> >> >
> >>
> >>
> >>
>
>
>

Relevant Pages

  • Re: VS.NET 2005 and the "allowDefinition=MachineToApplication" error
    ... Your description of impersonation is great. ... If you want to use the default configured account, eliminate that entry, or configure it as: ... The easiest way to assign correct permissions to all required directories is to run: ... I re-started IIS and tried to access my ASPX page again -- same ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: WCF and ASP.Net wsHTTPBinding Access Denied
    ... Just turning on impersonation i.e. ... "Same" IIS server, ... rights of the ASP.Net worker process? ... The Web.config section defines what identity (Windows account) to ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: impersonating a user
    ... > authentication is what determines the context of the thread. ... > applications, IIS will read the HTTP, and when anonymous is selected IIS ... > Local System account (which is the default account for Services that are ... > impersonation and authentication very clearly. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Impersonation
    ... I hear a lot about WSE and I try to use ... so I thought that I could use impersonation for trusted SPPI ... impersonate my account more late:(, ... Request come to IIS and then ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • ASP.NET wont work with my machine.config?
    ... My IIS won't even render a test.aspx which contains: ... > workerprocess's execute account. ... > when accessing serverside resources. ... > Below are some references on ASP.NET impersonation; ...
    (microsoft.public.dotnet.framework.aspnet)