Re: Basic security question

From: Arnaud Debaene (adebaene_at_club-internet.fr)
Date: 06/18/04

  • Next message: John Banes [MS]: "Re: SSL cache and strong"
    Date: Fri, 18 Jun 2004 19:41:46 +0200
    
    

    Rob Bolton wrote:
    > Hi there. I'm very familiar with the basic Windows security model in
    > general, but can someone set me straight on what account is used to
    > process a (non-COM) call to a remote machine? For instance, if I call
    > any given API function that takes a machine name argument, such as
    > "RegConnectRegistry()" or "OpenSCManager()" among others, what
    > account does this processing actually occur under on that machine?

    It depends of the actual service you request on the remote machine, but most
    often, the remote service that handles your request use impersonation, which
    means it endorses your identity and credentials while working for you. This
    way, all the escurity checks are made against your account.

    See ImpersonnateLoggedOnUser, ImpersonnateNamedPipeClient,
    RPCImpersonnateClient, RevertToSelf and related functions in MSDN for
    details.

    Arnaud
    MVP - VC


  • Next message: John Banes [MS]: "Re: SSL cache and strong"

    Relevant Pages

    • Re: System.UnauthorizedAccessException: Access is denied
      ... domain account. ... Granting permission to the ASPNET account may not bring any ... You can also trun the impersonation to true at all time but it ... > granting access rights to the resource to the ASP.NET request identity. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Actually youre confused but thats normal given how poorly this stuff is
      ... remote machine which serves as a FTP server in my current project. ... "Administrator" account on your own machine with the same password as on the ... also pass credentials to the remote machine to authenticate which sounds like ... "The .net guide to developing windows security" which actually is available ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: LogonUser to remote machine fails with error 1326
      ... enable the guest account or have administrator accounts with matching ... also pass credentials to the remote machine to authenticate which sounds ... note that every user account in Windows is either created on the ...
      (microsoft.public.dotnet.languages.csharp)
    • File Find Error Opening File
      ... I'm trying to access a DB on a remote machine. ... following code that uses an ODBC to access the DB: ... OdbcConnection objConnection = new OdbcConnection ... >>under ASPNET account. ...
      (microsoft.public.dotnet.security)
    • RE: Impersonate a user
      ... send another request for the new page, all the previous state, including your ... > aspx pages to run on this new account (ACL on files is only for this ... > But after the first page when I impersonate it and I redirect to another ... > How can I do to maintain impersonation but in code not in web.config. ...
      (microsoft.public.dotnet.languages.csharp)