Re: ASP.NET Security

hi,

how can i change the user "ASPNET" to another domain user? Thanks!

James


"Walter Wang [MSFT]" <wawang@xxxxxxxxxxxxxxxxxxxx> ¼¶¼g©ó¶l¥ó·s»D:itptc7o0GHA.4280@xxxxxxxxxxxxxxxxxxxxxxxx
Hi James,

You are right that the problem is caused by: when running your web service
under IIS5, it's running under a local service account ASPNET which by
default don't have required privilege to access your network resource.
When
using debug mode, the web service is running under your current domain
user
account and it can correctly access the network resource.

What you needed is Impersonation under ASP.NET 2.0. Based on your
requirement (what network resource you are accessing in your web service,
does it only needs temporarily access or does it needs frequent access),
you may choose to use configured impersonation in your web.config or use
LogonUser to temporarily impersonate an account to use the network
resource.

You can use following two articles as a reference to get yourself familiar
with some related concept first:

http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch08.asp?frame=t
rue#secnetch08_accessingnetworkresources

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html
/paght000023.asp

My colleague Steven Cheng has answered several questions about
Impersonation in this the .aspnet and .aspnet.security newsgroups, you can
also search for them for more information; I think using some real-world
scenario can also help you understand that.

Please feel free to post here if you need some code to help you get going.

Sincerely,
Walter Wang (wawang@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages

  • Problem solved
    ... am not using a beta of WSE 3; the file does already exist in my web service. ... I have no problems when I do this on a new simple web service project. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Problems with namespaces
    ... \par Microsoft MSDN Online Support Lead ... \par where an initial response from the community or a Microsoft Support ... Than I have web service, that also uses the same classes (I ... \par Simon ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: How to alias 2 classes in c#
    ... For ASP.NET webservice's client proxy, if you use "Add WebReference" to ... the type sharing support is still limited. ... where an initial response from the community or a Microsoft Support ... having 2 versions of a web service with a total compatibility ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Why VS2005.IDE adds app.config to C# Class Library projects?
    ... URL for the web service in this case. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... project analysis and dump analysis issues. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Call OneWay Web Service
    ... web service from your own .net client application other than from BizTalk ... and so other newsgroup users who regularly read the ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.biztalk.general)