Forms Authentication and Impersonation
From: Mike (mikeschall@hotmail.com)
Date: 11/15/02
- Next message: Karl Levinson [x y] mvp: "Re: Forms Authentication and Impersonation"
- Previous message: Jeff Cochran: "Re: IIS vs. Apache Security"
- Next in thread: Karl Levinson [x y] mvp: "Re: Forms Authentication and Impersonation"
- Reply: Karl Levinson [x y] mvp: "Re: Forms Authentication and Impersonation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mike" <mikeschall@hotmail.com> Date: Fri, 15 Nov 2002 05:52:33 -0800
I am trying to use impersonation for part of my site. I
have files that I don't want to be able to be downloaded
directly. Only authenticated users should be able to
download them.
My current direction is to have an aspx file that will
pick the bytes off the disk and binary write them down to
the client. The anonymous user will not have rights to the
directory with the files. I would like the aspx page to
impersonate another user to get the file.
The major problem is that the directory with the files
will be a virtual directory stored on another machine.
The steps I have taken so for is to change my
machine.config to use the system account. I wasn't able to
use impersonation without this. Is the correct? I would
like to leave the machine config alone if possible.
I can get access to the files if I set the <identity>
section of the web.config to impersonate and give a domain
username and password. This works, but fails my goal
because now the files are available to the anonymous user
again.
Any ideas would be great. Thanks for your time.
Mike
- Next message: Karl Levinson [x y] mvp: "Re: Forms Authentication and Impersonation"
- Previous message: Jeff Cochran: "Re: IIS vs. Apache Security"
- Next in thread: Karl Levinson [x y] mvp: "Re: Forms Authentication and Impersonation"
- Reply: Karl Levinson [x y] mvp: "Re: Forms Authentication and Impersonation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
