Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > WEB FORM --> DOMAIN USER AUTHENTICATION

Reply
Thread Tools

WEB FORM --> DOMAIN USER AUTHENTICATION

 
 
Ty Millwee
Guest
Posts: n/a
 
      08-08-2003
Microsoft Knowledge Base Article - 306158
[http://support.microsoft.com/default.aspx?scid=kb;en-
us;306158] shows a method to impersonate a specific user
in code via a web form.

The trouble is that the impersonation isn't being
persisted accost the web application. Once the user moves
onto the next page they are back in the NT
AUTHORITY\SYSTEM security context.

The desired scenario is:
1.) The user must enter there DOMAIN account username &
password into a WEB FORM (can't have the network logon
prompt popup).

2.) The application must run in this users security
context as long as they are 'IN' the application. So every
page the user accesses within the application runs under
their security context.

----------------------------------------------
Subject: RE: Domain Authentication via Web Form -
PERSISTANCE?
From: "Wei-Dong Xu [MSFT]" <(E-Mail Removed)>
Sent: 8/7/2003 7:44:58 PM

Hi Ty,

In IIS6, if you choose the IIS6 worker process isolcation
mode(WPIM) to run
asp.net, the asp.net web application will run in a worker
process and the
application will decide how to impersonate the process. If
you select the
IIS5 isolation mode to execute the asp.net application,
the application
will run in aspnet process. The applicaiton will decide
his own entity as
well.

It appears that this is a ASP.net develop issue, not IIS.
To better serve
you, the Asp.net support team has created a aspnet
newsgroup for you. I
think these asp.net experts will help you a lot on this
issue. Please go to:
Microsoft.public.dotnet.framework.aspnet

Does this answer your question? Thank you for using
Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and
confers no rights."
----------------------------------------------

 
Reply With Quote
 
 
 
 
Yan-Hong Huang[MSFT]
Guest
Posts: n/a
 
      08-12-2003
Hello Ty,

Thanks for posting in the group.

The KB article that you mentioned introduces some methods for impersonation in asp.net. If we want to enable asp.net
impersonation in the whole web app, we need to set it in web.config file. Coding it in a web form only enables it in this web
page.

After reviewing your post, I think what you need is a login page and logout page and you want to associate uses with domain
users. If so, I think you need to use form authentication method in the web application. Please refer to:
"Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication"
http://msdn.microsoft.com/vcsharp/do...secnetht02.asp

Hope that helps.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Ty Millwee" <(E-Mail Removed)>
!Sender: "Ty Millwee" <(E-Mail Removed)>
!Subject: WEB FORM --> DOMAIN USER AUTHENTICATION
!Date: Fri, 8 Aug 2003 12:38:39 -0700
!Lines: 58
!Message-ID: <01e801c35de4$aa87a990$(E-Mail Removed)>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Thread-Index: AcNd5KqHAKRIhAGCQO+/UzVa2CgdIw==
!Newsgroups: microsoft.public.dotnet.framework.aspnet.security
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security: 6194
!NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
!
!Microsoft Knowledge Base Article - 306158
![http://support.microsoft.com/default.aspx?scid=kb;en-
!us;306158] shows a method to impersonate a specific user
!in code via a web form.
!
!The trouble is that the impersonation isn't being
!persisted accost the web application. Once the user moves
!onto the next page they are back in the NT
!AUTHORITY\SYSTEM security context.
!
!The desired scenario is:
!1.) The user must enter there DOMAIN account username &
!password into a WEB FORM (can't have the network logon
!prompt popup).
!
!2.) The application must run in this users security
!context as long as they are 'IN' the application. So every
!page the user accesses within the application runs under
!their security context.
!
!----------------------------------------------
! Subject: RE: Domain Authentication via Web Form -
!PERSISTANCE?
! From: "Wei-Dong Xu [MSFT]" <(E-Mail Removed)>
!Sent: 8/7/2003 7:44:58 PM
!
!Hi Ty,
!
!In IIS6, if you choose the IIS6 worker process isolcation
!mode(WPIM) to run
!asp.net, the asp.net web application will run in a worker
!process and the
!application will decide how to impersonate the process. If
!you select the
!IIS5 isolation mode to execute the asp.net application,
!the application
!will run in aspnet process. The applicaiton will decide
!his own entity as
!well.
!
!It appears that this is a ASP.net develop issue, not IIS.
!To better serve
!you, the Asp.net support team has created a aspnet
!newsgroup for you. I
!think these asp.net experts will help you a lot on this
!issue. Please go to:
!Microsoft.public.dotnet.framework.aspnet
!
!Does this answer your question? Thank you for using
!Microsoft NewsGroup!
!
!Wei-Dong Xu
!Microsoft Product Support Services
!Get Secure! - www.microsoft.com/security
!This posting is provided "AS IS" with no warranties, and
!confers no rights."
!----------------------------------------------
!
!


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Making a server on one domain the domain controller of a new domain Limited Wisdom MCSA 7 09-13-2006 02:18 AM



Advertisments