ASP and LogonUser
From: Andrew Goodale (agoodale@eroom.com)
Date: 04/24/03
- Next message: Egbert Nierop \(MVP for IIS\): "Re: ASP and LogonUser"
- Previous message: fang: "Database result Error"
- Next in thread: Egbert Nierop \(MVP for IIS\): "Re: ASP and LogonUser"
- Reply: Egbert Nierop \(MVP for IIS\): "Re: ASP and LogonUser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Apr 2003 13:01:36 -0400 From: Andrew Goodale <agoodale@eroom.com>
I am building a COM component which needs to impersonate a local user
account to access certain resources.
I would like the component to work for both in-process and
out-of-process ASP applications. However, I understand that to call
LogonUser(), the process needs the SE_TCB_NAME (Act as part of the
operating system) privilege.
For in-proc ASP apps, I can call RevertToSelf before calling LogonUser
because LocalSystem has that privilege. For out-of-proc apps,
RevertToSelf doesn't work because by default, the IWAM account doesn't
have the privilege.
My question is, since even out-of-process apps impersonate the IUSR
account to handle ASP requests, how does a process running under the
IWAM privilege get the impersonation token for IUSR? Is there a "super
secret" windows API that IIS uses? I would like to avoid having to tell
customers to enable the SE_TCB_NAME privilege for IWAM if I can.
Thanks,
Andrew Goodale
Developer, Choreographer
Documentum, Inc.
- Next message: Egbert Nierop \(MVP for IIS\): "Re: ASP and LogonUser"
- Previous message: fang: "Database result Error"
- Next in thread: Egbert Nierop \(MVP for IIS\): "Re: ASP and LogonUser"
- Reply: Egbert Nierop \(MVP for IIS\): "Re: ASP and LogonUser"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
