Re: ASP.NET Process Identity???

From: Roberto López (rlopez_at_eurosistemas.net)
Date: 08/01/03 

Date: Fri, 1 Aug 2003 11:46:44 +0200

I have Added "SYSTEM" to machine.config because if not do this my app
doesn´t runs properly, i have readed something
about this is something with SQLServer but I don´t know what.
In my IIS i have only Windows Security activated, not allow anonymous users.
To impersonate a user I used this code:
Public Class Personificacion

Private LOGON32_LOGON_INTERACTIVE As Integer = 2

Private LOGON32_PROVIDER_DEFAULT As Integer = 0

Private ImpersonationContext As WindowsImpersonationContext

*************************************************************

Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As
String, _

ByVal lpszDomain As String, _

ByVal lpszPassword As String, _

ByVal dwLogonType As Integer, _

ByVal dwLogonProvider As Integer, _

ByRef phToken As IntPtr) As Integer

'***************************************************************************
**

Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal
ExistingTokenHandle As IntPtr, _

ByVal ImpersonationLevel As Integer, _

ByRef DuplicateTokenHandle As IntPtr) As Integer

'***************************************************************************
**

Public Function Personificar() As Boolean

Dim tempWindowsIdentity As WindowsIdentity

Dim Token As IntPtr

Dim TokenDuplicado As IntPtr

If LogonUser(_Usuario, _Dominio, _Password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, Token) <> 0 Then

If DuplicateToken(Token, 2, TokenDuplicado) <> 0 Then

tempWindowsIdentity = New WindowsIdentity(TokenDuplicado)

ImpersonationContext = tempWindowsIdentity.Impersonate()

If ImpersonationContext Is Nothing Then

Personificar = False

Else

Personificar = True

End If

Else

Personificar = False

End If

Else

Personificar = False

End If

End Function

'****************************************************************

Public Sub DesPersonificar()

impersonationContext.Undo()

End Sub

End Class

There is a good article in MSDN that reviews in depth the process of
impersonation in ASP.NET.
I don´t have the url, sorry.

"Chris Jackson" <chrisj@mvps.org> escribió en el mensaje
news:eZTP3v5VDHA.2100@TK2MSFTNGP11.phx.gbl...
> > In my machine.config file i have writed "SYSTEM" as user for
> > ASP.NET (into the process model section). For security reasons
> > the directories where users upload and download files are protected
> > whit NTFS permssions that allows access only for Administrators.
>
> This is a very bad idea. You don't want your ASP.NET code to run with
system
> privileges. That is why they created the low-privilege ASPNET account - to
> get out of the mindset of giving every service unmitigated permissions. I
> would switch back to the ASPNET account. Your ASP.NET process should be
> running with just enough permissions to do what it has to do, and no more.
>
> > I planned to use a function to impersonate an administrator user when
> > I upload and download files, buy I encountered that it is not neccesary
> > and I don´t know why.
>
> What code are you using for this? If it is being handled by IIS rather
than
> ASP.NET, then you'll want to follow the credentials path of the IIS
process
> to see if it would be authorized to do so.
>
> --
> Chris Jackson
> Software Engineer
> Microsoft MVP - Windows XP
> Windows XP Associate Expert
> --
>
>

Relevant Pages

  • send Outlook Task programmatically from ASP.NET page
    ... Dim LOGON32_LOGON_INTERACTIVE As Integer = 2 ... Dim impersonationContext As WindowsImpersonationContext ... ByRef phToken As IntPtr) As Integer ... Declare Auto Function RevertToSelf Lib "advapi32.dll" As Long ...
    (microsoft.public.dotnet.languages.vb)
  • Re: ASP.NET Process Identity???
    ... Under Windows 2000, a thread need to have the "Act As Part of the Operating ... > Private ImpersonationContext As WindowsImpersonationContext ... > ByRef phToken As IntPtr) As Integer ... > Public Function Personificar() As Boolean ...
    (microsoft.public.dotnet.security)
Quantcast