Prevent access to advapi32.dll RevertToSelf()
kevin.kenny_at_zygonia.net
Date: 09/27/05
- Next message: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Previous message: Nicole Calinoiu: "Re: enumerate runtime permissions"
- Next in thread: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Reply: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Reply: Dominick Baier [DevelopMentor]: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Sep 2005 06:06:58 -0700
Hi All,
Sorry to crosspost but it's a security and an ASP.NET problem I have.
We run each website site under it's own I_<user> account and ASP.NET is
configured to impersonate so requests run under the identity of the
I_<user> account.
In windows 2000 server how do I prevent a user from calling
RevertToSelf() in advapi32.dll and unwinding the impersonation? e.g.
[DllImport(@"C:\WINNT\system32\advapi32.dll")]
public static extern bool RevertToSelf();
void Page_Load(Object sender, EventArgs e) {
// at this point the request is running under impersonation as
I_<user>
RevertToSelf();
// afterwards it undoes the impersonation and the request is
now running as <MACHINE>\ASPNET
}
I've looked into building a .NET security policy to do this but I'm a
bit stuck.
Thanks in advance.
Kevin
- Next message: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Previous message: Nicole Calinoiu: "Re: enumerate runtime permissions"
- Next in thread: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Reply: kevin.kenny_at_zygonia.net: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Reply: Dominick Baier [DevelopMentor]: "Re: Prevent access to advapi32.dll RevertToSelf()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
