Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
- From: Victag <miketaggart@xxxxxxxxx>
- Date: Fri, 7 Nov 2008 10:54:33 -0800 (PST)
On Nov 7, 10:37 am, Victag <miketagg...@xxxxxxxxx> wrote:
On Nov 7, 9:53 am, DaveMo <david.mow...@xxxxxxxxx> wrote:
On Nov 6, 11:27 pm, Victag <miketagg...@xxxxxxxxx> wrote:
Can anyone clarify for me how the different permissions come into play
when an ASP page is executed in IIS? My goal is to have an intranet
site that requires a user to enter their domain account to access the
pages, but I would like the pages themselves to run using the
credentials of another account that has access to perform the tasks in
the ASP script code (access a database, run local cmd.exe commands).
So far I have made it work by creating a new application pool that
uses Local System and allowing anonymous access to the pages, which is
granted using a domain account that has access to the DB and is a
local admin. Unfortunately this allows anyone access to the page. If
I change the page to require the user to logon, the query to the
remote database works fine, but users get access denied errors when
code runs to execute the wscript.shell objects .run method on the
local IIS server unless I also make their account a local admin on the
IIS server. Obviously IIS is using thier credentials instead of the
ones provided for anonymous access.
In your web.config, impersonate=false should do the trick. But like
David Wang suggests, you will still have to do some authorization
based on the user identity, correct? Setting up the VDIR to require
authentication is good, but that will let anyone in. You can use
asp.net roles to protect each page based on a role and most people
find this solution satisfactory.
BTW, why do you want intranet users to have to enter their account?
You should use Windows Integrated Auth and allow the authentication to
be seemless unless you have some kind of kiosk scenario.
Another BTW, you should use Network Service instead of Local System
for your app pool identity.
HTH,
Dave- Hide quoted text -
- Show quoted text -
Thanks for the responses. I had taken a look at the website suggested
but still was not quite understanding. I am finding that if I do not
set the app pool to local system, the .exe that the ASP is running
does not have permission to perform the tasks and hangs. If I use
Integrated Authentication for the page, I find that the .exe runs
under the user credentials instead of Local System which does not
work, since the purpose of this app was to provide a mechanism to
allow users to run the .exe without giving them permission to run it
outside of the ASP. I have set Anonymous to use an account that has
the ability to run the .exe, but if I add Integrated Auth then it
decides to use the users credentials instead.- Hide quoted text -
- Show quoted text -
I also find that if I disable Anonymous and leave just the Integrated,
the DB query portion of the ASP fails and says "Logon failed for NT
AUTHORITY\ANONYMOUS LOGON which I do not understand since anonymous is
disabled. Why is it trying to use the Anonymous access for the remote
DB query but then uses the Users credentials to execute the .exe?
Since the .exe uses the app pool identity, I expected the ASP itself
to use that as well?
.
- Follow-Ups:
- References:
- Prev by Date: Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
- Next by Date: Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
- Previous by thread: Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
- Next by thread: Re: ASP Authentication on IIS 6.0 Windows 2003 Server 32bit help please
- Index(es):
Relevant Pages
|
