RE: ASP.NET Security
- From: wawang@xxxxxxxxxxxxxxxxxxxx (Walter Wang [MSFT])
- Date: Thu, 07 Sep 2006 15:03:51 GMT
Hi James,
You are right that the problem is caused by: when running your web service
under IIS5, it's running under a local service account ASPNET which by
default don't have required privilege to access your network resource. When
using debug mode, the web service is running under your current domain user
account and it can correctly access the network resource.
What you needed is Impersonation under ASP.NET 2.0. Based on your
requirement (what network resource you are accessing in your web service,
does it only needs temporarily access or does it needs frequent access),
you may choose to use configured impersonation in your web.config or use
LogonUser to temporarily impersonate an account to use the network resource.
You can use following two articles as a reference to get yourself familiar
with some related concept first:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch08.asp?frame=t
rue#secnetch08_accessingnetworkresources
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html
/paght000023.asp
My colleague Steven Cheng has answered several questions about
Impersonation in this the .aspnet and .aspnet.security newsgroups, you can
also search for them for more information; I think using some real-world
scenario can also help you understand that.
Please feel free to post here if you need some code to help you get going.
Sincerely,
Walter Wang (wawang@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Re: ASP.NET Security
- From: James Wong
- Re: ASP.NET Security
- References:
- ASP.NET Security
- From: James Wong
- ASP.NET Security
- Prev by Date: File access denied
- Next by Date: Re: ASP.NET Security
- Previous by thread: ASP.NET Security
- Next by thread: Re: ASP.NET Security
- Index(es):
Relevant Pages
|
|
