Re: Impersonating user
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Sep 2007 17:51:19 +0000 (UTC)
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx
Have a look at this article
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Dominick,
We want to overcome the window authentication dialog, what you said
make me feel something intresting. Could you tell me the browser
setting and other factors that I need consider for windows
authentication not to come up.
thanks,
Kedar.
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:8e6a913a15f238c9c376e9660580@xxxxxxxxxxxxxxxxxxxxx
as Joe says - you need to auth the user to impersonate him.
Depending on browser settings and other factors you can do that using
windows authentication (without showing the logon dialog box).
what's your scenario?
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
How would you know who the user is to impersonate if you did not
authenticate them somehow?
Joe K.
.
- References:
- Re: Impersonating user
- From: kedar
- Re: Impersonating user
- Prev by Date: Re: Role Provider Security Trimming Issue
- Next by Date: RE: Best Practices and script/executable directories
- Previous by thread: Re: Impersonating user
- Next by thread: Role Provider Security Trimming Issue
- Index(es):
Relevant Pages
|
|
