Re: identity impersonate=true masks the identity of the app pool for trusted sql connections

---

• From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 18 Mar 2007 03:21:29 +0000 (UTC)

---

What do you mean with AD id?? The username?

You get that from Context.User.Identity.Name - and no impersonation is required for that (nor for the token role provider - but i see no value in using that anyways).

Make sure windows auth is enabled in IIS - and anonymous is turned off..

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

I have my ASP.NET sites setup to connect to SQL Server using trusted
security and their application pool identities according to this
article: http://msdn2.microsoft.com/en-us/library/ms998292.aspx

Everything is working fine without trouble.

However, now I have a site which requires the identity
impersonate=true web config setting so that it knows the active
directory id of the web user. I have to have the impersonate flag
turned on because I use the AspNetWindowsTokenRoleProvider to
authorize my users.

The problem is that when impoersonate=true, the site no loner connects
to the database with the app pool identity. Instead, it uses either
the user's identity if basic authentication is enabled or some other
local machine account.

How can I accomplish both in the same web site? How can I have the
site use trusted security and connect to my SQL server under the
identity of the app pool AND have impoersonate=true so that I know the
AD id of the user?

Thanks for your help.

.

---

• Follow-Ups:
  • Re: identity impersonate=true masks the identity of the app pool for trusted sql connections
    • From: Popezilla

• References:
  • identity impersonate=true masks the identity of the app pool for trusted sql connections
    • From: Popezilla

• Prev by Date: identity impersonate=true masks the identity of the app pool for trusted sql connections
• Next by Date: Re: Impersonation of a specified account to archive to File Shares
• Previous by thread: identity impersonate=true masks the identity of the app pool for trusted sql connections
• Next by thread: Re: identity impersonate=true masks the identity of the app pool for trusted sql connections
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Application pool identity ... I think you need to get a little more clear on what impersonation is, ... namely that an execution context assumes a different identity for at ... App pools spin up as the app pool identity. ... you are thinking of the statements of the allowed authenticators. ... (microsoft.public.inetserver.iis.security) Re: azMan, Authorization Manger, FileLoadException error on open ... impersonation and set the app pool to run as an account and falling ... (microsoft.public.windows.server.active_directory) Re: Impersonation and Performance ... you should use a app pool with the domain account you need. ... Since ASP.NET runs as a local account on the IIS servers, I have to use impersonation to perform any operations on the data that resides on the UNC share. ... I am hard-coding the impersonation credentials in the web.config files of only the apps that need them. ... (microsoft.public.dotnet.framework.aspnet)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-03