Re: asp.net impersonation

From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 17 Mar 2008 19:02:13 +0000 (UTC)

the deny entry should be the last in the authorization element.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

When a Web Service is configured to use windows authentication with no
impersonation the client can successfully assess the web service.

web.config that works:
<system.web>
<authentication mode="Windows"/>
<authorization>
</authorization>
</system.web>
When I turn on impersonation and add authorization for user domain
\web1 I get the error "The request failed with HTTP status 401:
Unauthorized". User domain\web1 as full access to the web site
directories.

web.config that does not work:
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="*" />
<allow users="domain\web1" />
</authorization>
</system.web>
What do I need to do to get impersonation to work?

References:
- asp.net impersonation
  - From: Steve

Prev by Date: Re: asp.net + c# -> HttpContext.Current.User + directoryentry
Next by Date: RE: anonymous access for one page
Previous by thread: asp.net impersonation
Next by thread: RE: Reconnect to a session and authenticate.
Index(es):
- Date
- Thread

Relevant Pages

Re: Problem with authentication using DefaultCredentials
... you do not actually need any impersonation within ... you will be given the ASPNET proccess account instead of your account. ... to perform the authorization against those. ... The credentials are forward as part of your web service call ...
(microsoft.public.dotnet.framework.aspnet.security)
asp.net impersonation
... When a Web Service is configured to use windows authentication with no ... When I turn on impersonation and add authorization for user domain ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: question
... what would happen if I set ther username and password under: ... I guess you don't need it :-) With impersonation ASP.NET Web ... Maybe this is the reason of a login prompt. ...
(microsoft.public.dotnet.framework.aspnet)
Re: question
... Okay, I guess you don't need it :-) With impersonation ASP.NET Web ... Set up an access rule for specific group (your user must be a member ...
(microsoft.public.dotnet.framework.aspnet)
PrintToPrinter from ASP.Net
... I am using impersonation to ensure Crystal Reports has rights to print to ... This section sets the authorization policies of the application. ...
(microsoft.public.vb.crystal)