RE: Looking for an article on identities used in IIS 6.0 web appli
From: Chris Cichocki (chris.cichocki_at_newsgroup.nospam)
Date: 10/21/05
- Previous message: Tom Kaminski [MVP]: "Re: IIS Log Files logs 401 HTTP Codes"
- In reply to: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web applicati"
- Next in thread: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web appli"
- Reply: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web appli"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Oct 2005 07:31:03 -0700
These are some good articles and I've saved them as bookmarks for reference.
However, what I'm really looking for is a step-by-step walkthrough of a
request that highlights when identities are used. For example, when the
worker process is initiated, it is started with the identity configured in
the Application Pool. But then at some point, the HTTPContext gets assigned
an identity and I'm not sure exactly where in the process that happens.
I know from testing that if I have the Network Service configured in the
application pool and the Internet Guest Account configured in the directory
security, I need to grant both of those Windows accounts Read permissions to
the files or I will get a security error. But why?
A step-by-step explanation of how pages are served that includes different
security configurations such as:
* Anonymous
* Windows authentication
* Basic authentication
* ASP.Net impersonation as configured through the web.config settings
An article on this would help me to get a clear understanding of how this
works, and make sure that I configure the minimum security required to get an
application to work.
Thanks,
Chris
"Wei-Dong XU [MSFT]" wrote:
> Hi Chris,
>
> Tom has suggested a very good article on this topic in ASP.net.
> Furthermore, I'd also suggest the article "Web Site Authentication" in IIS
> online help contains all the information about the IIS6 authentications.
>
> In addiation, some articles on the IIS authentication will also be helpful:
> 158229 INFO: Security Ramifications for IIS Applications
> http://support.microsoft.com/?id=158229
>
> 174775 How Windows NT Challenge/Response Works
> http://support.microsoft.com/?id=174775
>
> About Authentication
> http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2
> 000/en/server/iis/htm/core/iiabasc.htm
>
> Please feel free to let me know if you have any further question on this
> matter.
>
> Best Regards,
> Wei-Dong XU
> Microsoft Product Support Services
> This posting is provided "AS IS" with no warranties, and confers no rights.
> It is my pleasure to be of assistance.
>
>
- Previous message: Tom Kaminski [MVP]: "Re: IIS Log Files logs 401 HTTP Codes"
- In reply to: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web applicati"
- Next in thread: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web appli"
- Reply: Wei-Dong XU [MSFT]: "RE: Looking for an article on identities used in IIS 6.0 web appli"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
