RE: ? - Database Query & Saving to Application Cache

From: Jonathan Ruckert (jruckert_AT_novaworks_DOT_com_DOT_au)
Date: 03/26/04

• Next message: Chris Rigg-Milner: "RegistryKey.DeleteValue fails with UnauthorizedAccessException"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: CAPICOM enveloped data interop question"
• In reply to: Raja: "? - Database Query & Saving to Application Cache"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 25 Mar 2004 21:01:05 -0800

The Application_Start event is fired by the worker process that runs under the MACHINENAME\ASPNET user account, and so this is not the best place to put the db code. Again the Session_Start event with impersonation is linked to the current thread and their identity, so will fire every time a new session is started etc.

If you wish to compromise this my suggestion - create a SQL Server User account on the DB and then login using this during the Application_Start event.

Cheers,
Jonathan Ruckert
-- www.novaworks.com.au
     
     ----- Raja wrote: -----
     
     I have an ASP.NET application that uses Windows authentication and impersonation. In my Global.asax file--the Application_Start event--I have code to access and query my database to store a dataset into Application Cache. However, I get a DB permissions error.
     
     The call to the database in the Global.asax file is using MACHINENAME\ASPNET (which doesn't have access to my database), not the authenticated user DOMAINNAME\USERNAME (which does have database access). So, it seems as though ASP.NET impersonation doesn't happen until after the Application_Start event has fired in Global.asax. Does this sound correct? Or, am I missing something else?
     
     Anyway, to the real question: Using Windows auth. with impersonation, where is the best place to query a database to store a dataset into Application Cache? And, how? Right now it works in Session_Start, but then every user that accesses the app. also queries the database.
     
     Thanks for you help

---

• Next message: Chris Rigg-Milner: "RegistryKey.DeleteValue fails with UnauthorizedAccessException"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: CAPICOM enveloped data interop question"
• In reply to: Raja: "? - Database Query & Saving to Application Cache"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Failed admin logins ... Understanding that my suggestion may not always be possible - pull the plug and ... communicating with that box with the logs of when the login occurs. ... > I have a machine that is trying to log in as the domain administrator ... (Security-Basics) A javascript problem,help! ... The problem is described below:(Use IE6) ... automatically.However,something perplexs me.When I login the computer ... Could ANYONE give suggestion about solving the problem?(the HTML cannot ... (comp.lang.javascript) Re: DotNet application security integration with NT login. ... I have the windows forms, ... your suggestion and help will be greatly appreciated. ... >you could do the login yourself which works just as well. ... >complex and require some privileges on behalf of the user ... (microsoft.public.dotnet.framework.aspnet.security) Open files while login, Pls help ... I have many files that open while login to the the system using Start-All ... This post is a suggestion for Microsoft, ... Agree" button in the message pane. ... (microsoft.public.excel.programming) windows 2000 blue screen after login ... login in windows 2000 sp4? ... I've tried the suggestion everyone made regarding ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-03