Re: Application Flow / security issues

From: Jesse Houwing <jesse.houwing@xxxxxxxxxxxxxxxx>
Date: Mon, 1 Oct 2007 21:10:53 +0000 (UTC)

Hello Justin,

im having some issues with application security and i was wondering if
anyone could point me in the direction of some good resources that
would explain the different levels of security.

the problem im currently having is im trying to make a web app that
will pull a file from the client (clients are on the lan and part of
the domain) and its giving me a denied access..

I have set IIS to not allow anon access (verified with
System.Security.Principal.WindowsIdentity.GetCurrent().Name) which
shows the username correctly.

I assume that whats happening now is its using the application pool
identity (set to Network Service by default) to go back to the client
instead of the logged in user creds. I tried messing with the identity
of the application pool with no luck

FileInfo fi1 = new FileInfo(path) <-- problem line

path resolves to something like \\ip\c$\folder\file.txt

I expect the users of my app to be local admins on the machine.

ASP.NET 2.0

You can set impersonation in the web.config. That should fix your problem.

http://msdn2.microsoft.com/en-us/library/aa292118(VS.71).aspx

--
Jesse Houwing
jesse.houwing at sogeti.nl

.

Follow-Ups:
- Re: Application Flow / security issues
  - From: Alexey Smirnov

References:
- Application Flow / security issues
  - From: Justin Rich

Prev by Date: Application Flow / security issues
Next by Date: Re: Application Flow / security issues
Previous by thread: Application Flow / security issues
Next by thread: Re: Application Flow / security issues
Index(es):
- Date
- Thread

Relevant Pages

Re: Limit number of COM+ sessions
... I changed the Max Pool size to 1 through the Component Services ... own (the client) process. ... You configure your component to run as Server or as Library by applying the ... Only Server types can be pooled, object pooling can be configured by ...
(microsoft.public.dotnet.languages.csharp)
Re: Thread info
... > client, now when I close the applet and open another one it creates the ... is common practice for a server to have a thread pool. ... a thread is selected from the pool to service that client. ... Is there a reason you need a continuous connection and that a request-based ...
(comp.lang.java.programmer)
Re: I cant create thread more than 256 on Redhat 9
... So you don't need one thread for each client, ... aren't any practical 'process pool' servers that use a pool of processes the ... same way a thread pool server uses a pool of threads. ... of sharing file descriptors but it's also the difficulty of managing client ...
(comp.os.linux.development.apps)
Re: COM+ object not being released back to the pool
... > are exposing the interface methods, ... > Now in my mc++ winform client, ... Now when the object reference gets released, ... If you want the object to get released to the pool deterministically, ...
(microsoft.public.dotnet.languages.csharp)
Re: Application Flow / security issues
... impersonation and makes it possible for the server process to access remote ... resources while acting as the client." ... because i assume the root of this problem is the application pool. ... You can set impersonation in the web.config. ...
(microsoft.public.dotnet.framework.aspnet.security)