Re: How to run as in a deamon
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 Aug 2006 16:28:44 +0000 (UTC)
LOL :)
---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com
Thank you Joe/Steven/Mike. Boy security is a pain!!!
Cubicle Wars - http://www.windwardreports.com/film.htm
"Joe Kaplan" wrote:
What would be the conceptual difference between running the scheduled
task as the user your need vs. storing their credentials so you could
create a token for them and impersonate them? Basically, that just
means it is your problem to store the credentials vs. the operating
system's.
If the process ran as SYSTEM, the server was 2K3 and the AD domain
was 2K3 native, you could create an impersonation token for a user
based solely on their user principal name via S4U/protocol
transition. I'm not sure if that really helps you though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:9BDFE2D9-B9C7-45EC-91B7-E4C6A1CE7002@xxxxxxxxxxxxxxxx
The problem is that this runs on the server (ASP.NET) and most
user's
don't
have (and shouldn't have) login rights on the server.
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
"Joe Kaplan" wrote:
Have them set up the scheduled task to run as the required user.
That's
the
most straightforward way to solve this.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:525C4CDD-F65C-4C82-8F63-EE93FDE4D091@xxxxxxxxxxxxxxxx
Hi;
We have this web app that handles security great. For everything
we do
we
run as the client so we do not have to store any credentials
ourselves
and
it
handles Sql Server access, reading files from the server,
everything.
But... we have a deamon program where users can schedule these
same
actions.
The problem is, when these deamon programs run, we don't have the
client
user
attached and therefore cannot get their credentials.
Do we need to get their uname/pw and store it to be able to runAs
them -
like services in Windows when running under a user? I hate to
store
that
info
because that is the keys to the kingdom.
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
Cubicle Wars - http://www.windwardreports.com/film.htm
.
- References:
- Re: How to run as in a deamon
- From: David Thielen
- Re: How to run as in a deamon
- Prev by Date: AzMan Still the way to go?
- Next by Date: Re: Are AuthTickets Secure?
- Previous by thread: Re: How to run as in a deamon
- Next by thread: Re: How to run as in a deamon
- Index(es):
Relevant Pages
|
|
