Re: Application Flow / security issues
- From: jesse.houwing@xxxxxxxxx
- Date: Tue, 2 Oct 2007 13:05:02 +0000 (UTC)
Hello Alexey,
On Oct 1, 11:10 pm, Jesse Houwing <jesse.houw...@xxxxxxxxxxxxxxxx>
wrote:
Hello Justin,or try
im having some issues with application security and i was wonderingYou can set impersonation in the web.config. That should fix your
if anyone could point me in the direction of some good resources
that would explain the different levels of security.
the problem im currently having is im trying to make a web app that
will pull a file from the client (clients are on the lan and part of
the domain) and its giving me a denied access..
I have set IIS to not allow anon access (verified with
System.Security.Principal.WindowsIdentity.GetCurrent().Name) which
shows the username correctly.
I assume that whats happening now is its using the application pool
identity (set to Network Service by default) to go back to the
client instead of the logged in user creds. I tried messing with the
identity of the application pool with no luck
FileInfo fi1 = new FileInfo(path) <-- problem line
path resolves to something like \\ip\c$\folder\file.txt
I expect the users of my app to be local admins on the machine.
ASP.NET 2.0
problem.
http://msdn2.microsoft.com/en-us/library/aa292118(VS.71).aspx
--
Jesse Houwing
jesse.houwing at sogeti.nl- Hide quoted text -
- Show quoted text -
System.Security.Principal.WindowsImpersonationContext
impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.I
dentity).Impersonate();
FileInfo fi1 = new FileInfo(path)
...
impersonationContext.Undo();
if you're using an impersonationContext, you *must* also use either a try/catch/finally block or use a using statement to make sure the impersonation is undone.
WindowsImpersonationContext impersonationContext = null;
try
{
impersonationContext = ((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate();
// do stuff
}
catch
{
// Handle exceptions
}
finally
{
if (impersonationContext != null)
{
impersonationContext.Undo();
}
}
Or
Using (System.Security.Principal.WindowsImpersonationContext impersonationContext = ((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
{
// Do stuff.
}
--
Jesse Houwing
jesse.houwing at sogeti.nl
.
- Follow-Ups:
- Re: Application Flow / security issues
- From: Justin Rich
- Re: Application Flow / security issues
- References:
- Re: Application Flow / security issues
- From: Alexey Smirnov
- Re: Application Flow / security issues
- Prev by Date: Re: Application Flow / security issues
- Next by Date: Re: Application Flow / security issues
- Previous by thread: Re: Application Flow / security issues
- Next by thread: Re: Application Flow / security issues
- Index(es):
Relevant Pages
|
