Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > impersonation and location element

Reply
Thread Tools

impersonation and location element

 
 
Brad
Guest
Posts: n/a
 
      11-03-2003
I have an asp.net app with one sub folder that requires windows
authentication. The IIS folder is set to require intergrated security and
the sub folder has its own web.config
with the following setting.
<identity impersonate="true" />
<authorization>
<allow users ="*" />
</authorization>
This works fine and WindowsIdentity.GetCurrent.Name yields the true users
identity.

But...if I remove the web.config from the sub folder and place the above
settings in a "location" element in the apps web.config (se below) then
impersonation seems to fail and the "WindowsIdentity.GetCurrent.Name
always equals "NT AUTHORITY\NETWORK SERVICE".

<location path="subfoldername/page.aspx">
<system.web>
<identity impersonate="true" />
<authorization>
<allow users ="*" /><!-- This allows access to all users -->
</authorization>
</system.web>
</location>

My question is: Why does setting the impersonate in the location element in
the apps web.config behave differently than setting it in the separate
web.config?


Brad


 
Reply With Quote
 
 
 
 
MSFT
Guest
Posts: n/a
 
      11-04-2003
Hi Brad,

I tested this situation but I got different result with you. When I open
the webform in sub folder, it give me correct user account instead of "NT
AUTHORITY\NETWORK SERVICE".

Therefore, I want confirm with you that if you also create a virtual
directory for the sub folder in IIS? When you open the page, did you use:

Http://localhost/WebApplication1/Sub1/page.aspx

or

Http://localhost/Sub1/page.aspx ?

In my test, I only have "WebApplication1" as a virtual directory and set
its securoty to "Integrated Windows Authentication"

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


 
Reply With Quote
 
 
 
 
Brad
Guest
Posts: n/a
 
      11-04-2003
Luke,
Using your example:
Sub1 is not a virtual directory. Anonymous access is enabled for WebApp1
but it is disabled for Sub1. The page must be accessed as
Http://localhost/WebApplication1/Sub1/page.aspx as it is part of the
WebApp1 compiled application.

I see the question coming: why not just use integrated auth for WebApp1?
WebApp1 actually uses forms authentication because some users can be
authenticated on our domain and others must login using a login page. With
integrated auth on Sub1 I can test users against folder and, if they can
access sub1/page.aspx, I set the forms auth using their windows identity
name otherwise they have to use the login page and I set the forms auth
using the login page info. It works quite well and I've been using for a
year now. I was just trying to eliminate multiple web configs in the same
app and ran into this little issue.

Brad


"MSFT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Brad,
>
> I tested this situation but I got different result with you. When I open
> the webform in sub folder, it give me correct user account instead of "NT
> AUTHORITY\NETWORK SERVICE".
>
> Therefore, I want confirm with you that if you also create a virtual
> directory for the sub folder in IIS? When you open the page, did you use:
>
> Http://localhost/WebApplication1/Sub1/page.aspx
>
> or
>
> Http://localhost/Sub1/page.aspx ?
>
> In my test, I only have "WebApplication1" as a virtual directory and set
> its securoty to "Integrated Windows Authentication"
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>



 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      11-06-2003
Hi Brad,

I tested "Sub1 is not a virtual directory. Anonymous access is enabled for
WebApp1 but it is disabled for Sub1. ", but I still get the correct result.
Here is my ASPX code behind:

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Response.Write(WindowsIdentity.GetCurrent.Name)
End Sub

And here is the configration section in web.config of webapp1:

<location path="sub1/webform5.aspx">
<system.web>
<identity impersonate="true" />
<authorization>
<allow users ="*" /><!-- This allows access to all users -->
</authorization>
</system.web>
</location>

Can you create a new web project to test this?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)


 
Reply With Quote
 
MSFT
Guest
Posts: n/a
 
      11-10-2003
Hello Bard, what is the result after you create a new web project for test?
any updates?

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

 
Reply With Quote
 
Brad
Guest
Posts: n/a
 
      11-10-2003
Bard?? Hmmm...I'm not so adept with word or pen as to be called a Bard
Anyway....it works now. I'm not sure why it didn't earlier though
assumption would be that I had a typo or left something out before.

Thanks for looking into this and the followup.

Brad



"MSFT" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello Bard, what is the result after you create a new web project for

test?
> any updates?
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adf java and <location></location> hehehe Javascript 1 07-06-2009 07:20 AM
how to Update/insert an xml element's text----> (<element>text</element>) HANM XML 2 01-29-2008 03:31 PM
Location, location, location =?Utf-8?B?VHJhY2V5?= Wireless Networking 2 02-17-2007 08:37 PM
NAT location and VPN termination location K.J. 44 Cisco 0 09-12-2006 02:17 PM
difference between location.href and window.location.href? saiho.yuen Javascript 3 09-14-2004 06:51 PM



Advertisments