Re: integrated login and folder permissions

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 10/17/05

Next message: Dominick Baier [DevelopMentor]: "Re: HttpContext.Current.User.Identity.IsAuthenticated"
Previous message: paul_at_domainscanners.com: "HttpContext.Current.User.Identity.IsAuthenticated"
In reply to: Paul Clement: "Re: integrated login and folder permissions"
Next in thread: Paul Clement: "Re: integrated login and folder permissions"
Reply: Paul Clement: "Re: integrated login and folder permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 17 Oct 2005 10:04:48 -0700

Hello Paul,

i am saying that impersonation does not make a difference, because the FileAuthorizationModule
always uses the impersonation (=client) token to check for resource access.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> On Thu, 13 Oct 2005 13:55:32 -0700, Dominick Baier [DevelopMentor]
> <dbaier@pleasepleasenospamdevelop.com> wrote:
>
> ¤ Hello Paul,
> ¤
> ¤ the FileAuthorizationModule which does the access checking for disk
> files
> ¤ (when <authentication mode="Windows" /> is set) uses the windows
> token that
> ¤ resulted in IIS integrated authentication. Turning impersonation on
> for this
> ¤ to work is NOT required.
> ¤
> ¤ the domain users need at least read privileges for the files that
> should
> ¤ be accessible to them.
> ¤
> ¤ another option is to set resource permissions in web.config by using
> a <authorization>
> ¤ element.
> ¤
> Hi Dominick,
>
> Are you saying there is no difference between accessing web
> application resources and resources accessed via code? My
> understanding was that the latter required that the web app process
> execute under an identity that had sufficient permissions to do so.
>
> Of course I may have assumed incorrectly that was what he was
> attempting to do.
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)

Next message: Dominick Baier [DevelopMentor]: "Re: HttpContext.Current.User.Identity.IsAuthenticated"
Previous message: paul_at_domainscanners.com: "HttpContext.Current.User.Identity.IsAuthenticated"
In reply to: Paul Clement: "Re: integrated login and folder permissions"
Next in thread: Paul Clement: "Re: integrated login and folder permissions"
Reply: Paul Clement: "Re: integrated login and folder permissions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: localhost vs. macinename in URL (access denied)
... Impersonation with Integrated Authentication will work if you are accessing ... a resource on the same machine. ... being delegated to allow delegation or change the computer account to allow ...
(microsoft.public.dotnet.security)
Re: Thread Unable to Impersonate (Workaround)
... "Note Impersonation is local to a particular thread. ... this resource has some bad news: ... If you make a call out to a random DLL, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Implementing impersonation ?
... which contains a great resource on every aspect of ASP.NET security. ... read this you will have a clear view of how and what with impersonation. ... > PS remove deletethis and removethis sections to get my email address ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: Application security query!!
... Try to use IMPERSONATION just before you want to access the resource on M2. ... Laszlo Elteto ... Rainbow Technologies, Inc. ...
(microsoft.public.platformsdk.security)
Re: How to improve resource file performance?
... I've noticed they followed the guid for bad design guidelines regarding ... typically each resource access throw an exception... ... wonder if it's not better to ship the resource as plain file outside the ...
(microsoft.public.dotnet.framework.compactframework)