Re: Remote file access while impersonating with NTLM
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 23:37:23 +0000 (UTC)
if you are impersonating, you are impersonating - you had to write code to do that - and you have to remove code to stop it - but maybe i am wrong....
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I'm not actually asking for delegation of the client's credentials.
I'm asking if it is possible to somehow adjust Windows security,
without changing code, and force the credentials of the service (not
the client) to be used to validate the file read. I thought we had
done this in testing, but can't reproduce it now (maybe it was a
dream?). This is an existing installation that the customer wants to
modify. Kerberos will be implemented in a future release.
"Narendra" wrote:
As specified "Everything is in a domain and the service runs as a
domain user account". Good point is to use delegation. Also it is a
good practise.
"Joe Kaplan (MVP - ADSI)" wrote:
If you don't impersonate the client, then the file should be read
with the service account's network credentials. If you do
impersonate and you need to delegate, then you need Kerberos
delegation.
Joe K.
.
- Prev by Date: Re: how to forcfully kill a running process by executable name with a .net application?
- Next by Date: Re: Restricting Dot Net Access on a hosted server
- Previous by thread: Re: Remote file access while impersonating with NTLM
- Next by thread: Exception of type System.OutOfMemoryException was thrown.
- Index(es):
Relevant Pages
|
