Re: Impersonation in threads in web application

From: Svein Terje Gaup (stgaup_at_broadpark.no.spam)
Date: 05/17/04

• Next message: .NetDave: "MessageQueuePermission Problem"
• Previous message: Eugene V. Bobukh [MS]: "Re: SecurityException on InvokeMember with StrongNameIdentityPermission"
• In reply to: Vadim Parn: "Impersonation in threads in web application"
• Next in thread: Vadim Parn: "Re: Impersonation in threads in web application"
• Reply: Vadim Parn: "Re: Impersonation in threads in web application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 17 May 2004 22:51:20 +0200

Perhaps you could try to change the user that aspnet uses to SYSTEM. I'm
guessing you are running under the MACHINE user. You can change this in
machine.config in the processModel key.

Sincerely
Svein Terje Gaup

"Vadim Parn" <vax@previo.ee> wrote in message
news:eSHi1DCPEHA.3348@TK2MSFTNGP09.phx.gbl...
> Hello, All!
>
> Could someone answer to my stupid question:
>
> I have web application. Web.config contains correct entries
> <authentication mode="Windows" />
> <identity impersonate="true"
> userName="registry:HKLM\Software\...\AppIdentity,user"
> password="registry:HKLM\Software\...\AppIdentity,pwd" />
>
> And all pages work correctly under correct user. But when I create new
> thread - it is created under ASPNET user and when I try to impersonate it
> the WindowsIdentity.Impersonate() generates SecurityException (Unable to
> impersonate user). What I'm doing wrong? How can I correctly do
> impersonation in a newly created thread?
>
> Thanks,
> Vadim Parn.
>
>

---

• Next message: .NetDave: "MessageQueuePermission Problem"
• Previous message: Eugene V. Bobukh [MS]: "Re: SecurityException on InvokeMember with StrongNameIdentityPermission"
• In reply to: Vadim Parn: "Impersonation in threads in web application"
• Next in thread: Vadim Parn: "Re: Impersonation in threads in web application"
• Reply: Vadim Parn: "Re: Impersonation in threads in web application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages IUSR_machinename vs ASPNET ... privileges, between the Internet Guest User Account (IUSR_machinename, ... where machinename is the name of your computer) vs. the ASPNET user ... (ASP.NET machine account). ... One of the things you can do is set the impersonate ... (microsoft.public.dotnet.general) Re: <identity impersonate="true"> question ... The default setup used to be to run the ASPNET worker ... Does your app actually need to create categories? ... Windows authentication, and impersonate the authenticating user? ... (microsoft.public.dotnet.framework.aspnet.security) Re: impersonation in a sub thread ... A COM+ server runs outside the ASPNET context and can assume any identity ... > security context of the parent process. ... > E.g. when a webapplication that is set to impersonate ... > After giving that privilege to ASPNET, ... (microsoft.public.dotnet.framework.aspnet.security) Re: IUSR_machinename vs ASPNET ... "Andrew J Fortune" ... > where machinename is the name of your computer) vs. the ASPNET user ... > visiting user can impersonate that specific account. ... (microsoft.public.dotnet.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)