Re: How to change user account properties by ASP.NET?

From: Scott Allen (bitmask_at_[nospam)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 16:32:38 -0500

Hi Evgeny:

>I know about impersonation possibility, but it requires to type clear
>Administrators username and password in code-behind class that will be
>published on target server.

If you use
 <identity impersonate="true"/>
in the web.config file, than you are impersonating the client without
using an explicit username / password. This is probably the safest
approach, because only local admins would be able to change the
passwords for the local users.

You can put username and password attributes in the <indentity>
element and have the password encrypted in the registry. This is
described in the remarks section of the following:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfidentitysection.asp

Note however, that all users will then have a request impersonating an
admin, so it's a dangerous approach. 

--
Scott
http://www.OdeToCode.com/blogs/scott/

Relevant Pages

  • Re: USFCL Armchair supporters
    ... For the second, and hopefully final time, i am NOT impersonating you, this ... is MY username on usenet, i am not borrowing it from you, it is mine to ... but as usenet have no set rules regarding whos username belongs to ...
    (uk.sport.football.clubs.liverpool)
  • Re: DirectoryEntry - enum users/groups...
    ... Joe, Thank You for pointing me in the right direction. ... My apps now captures the user's password with a text box ... No impersonating. ... No hardcoding of any user's password or username. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: getting info from active directory
    ... user name of the client that the thread is impersonating. ... The following function will work if you want to fetch the username of the ... : Dim cn As String ... : Dim res As Long ...
    (microsoft.public.vb.general.discussion)
  • Re: How to change user account properties by ASP.NET?
    ... than you are impersonating the client without ... using an explicit username / password. ... because only local admins would be able to change the ... passwords for the local users. ...
    (microsoft.public.de.inetserver.iis.asp)
  • Re: How to change user account properties by ASP.NET?
    ... than you are impersonating the client without ... using an explicit username / password. ... because only local admins would be able to change the ... passwords for the local users. ...
    (microsoft.public.de.german.entwickler.dotnet.asp)