Re: Prevent access to advapi32.dll RevertToSelf()
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/27/05
- Next message: mike: "Getting password from Basic authenticated site"
- Previous message: Dur: "Problem while decrypting the digitalsignature"
- In reply to: kevin.kenny_at_zygonia.net: "Prevent access to advapi32.dll RevertToSelf()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Sep 2005 07:28:06 -0700
Hello kevin.kenny@zygonia.net,
the only way to prevent someone from calling into unmanaged code is to run
under partial trust.
add a <trust level="Medium /> to your web.config - and see if it affects
your application.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hi All,
>
> Sorry to crosspost but it's a security and an ASP.NET problem I have.
>
> We run each website site under it's own I_<user> account and ASP.NET
> is configured to impersonate so requests run under the identity of the
> I_<user> account.
>
> In windows 2000 server how do I prevent a user from calling
> RevertToSelf() in advapi32.dll and unwinding the impersonation? e.g.
>
> [DllImport(@"C:\WINNT\system32\advapi32.dll")]
> public static extern bool RevertToSelf();
> void Page_Load(Object sender, EventArgs e) {
> // at this point the request is running under impersonation as
> I_<user>
> RevertToSelf();
> // afterwards it undoes the impersonation and the request is
> now running as <MACHINE>\ASPNET
> }
>
> I've looked into building a .NET security policy to do this but I'm a
> bit stuck.
>
> Thanks in advance.
> Kevin
- Next message: mike: "Getting password from Basic authenticated site"
- Previous message: Dur: "Problem while decrypting the digitalsignature"
- In reply to: kevin.kenny_at_zygonia.net: "Prevent access to advapi32.dll RevertToSelf()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
