Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Windows integrated

Reply
Thread Tools

Windows integrated

 
 
J-T
Guest
Posts: n/a
 
      07-13-2005
We have an asp.net application with <identity impersonate="true"/> and
<authentication mode="Windows" /> in our web config and we are using Windows
integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account in its
application pool. I create an object in Global.asax which monitors a folder
for upcoming files.What is the security context of the object since there is
no user (Domain\Username) requesting this object.Is it running under the
security context of AUTHORITY\NETWORK SERVICE account ?

Thanks in advance


 
Reply With Quote
 
 
 
 
Paul Clement
Guest
Posts: n/a
 
      07-13-2005
On Wed, 13 Jul 2005 11:35:14 -0700, "J-T" <(E-Mail Removed)> wrote:

We have an asp.net application with <identity impersonate="true"/> and
<authentication mode="Windows" /> in our web config and we are using Windows
integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account in its
application pool. I create an object in Global.asax which monitors a folder
for upcoming files.What is the security context of the object since there is
no user (Domain\Username) requesting this object.Is it running under the
security context of AUTHORITY\NETWORK SERVICE account ?

If I understand your scenario correctly the HTTPContext, WindowsIdentity and thread is operating
under the security context of the impersonated user, which would be the domain user that is logged
on to browser client.


Paul
~~~~
Microsoft MVP (Visual Basic)
 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      07-13-2005
Hello J-T,

you can easily find out by logging the current identity.

WindowsIdentity.GetCurrent().Name holds this information

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> We have an asp.net application with <identity impersonate="true"/> and
> <authentication mode="Windows" /> in our web config and we are using
> Windows integrated in IIS and also NT AUTHORITY\NETWORK SERVICE
> account in its application pool. I create an object in Global.asax
> which monitors a folder for upcoming files.What is the security
> context of the object since there is no user (Domain\Username)
> requesting this object.Is it running under the security context of
> AUTHORITY\NETWORK SERVICE account ?
>
> Thanks in advance
>




 
Reply With Quote
 
Paul Glavich [MVP ASP.NET]
Guest
Posts: n/a
 
      07-14-2005
As long as Anonymous auth is turned off, it should be the domain user (else
a logon prompt will show for the user). If Anonynous auth is enabled (in
addition to Integrated), then it will probably be the IUSR_{machinename}
user or whoever you have defined as the anonymous user in IIS.

--
- Paul Glavich
MVP ASP.NET
http://weblogs.asp.net/pglavich
ASPInsiders member - http://www.aspinsiders.com


"J-T" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> We have an asp.net application with <identity impersonate="true"/> and
> <authentication mode="Windows" /> in our web config and we are using
> Windows integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account
> in its application pool. I create an object in Global.asax which monitors
> a folder for upcoming files.What is the security context of the object
> since there is no user (Domain\Username) requesting this object.Is it
> running under the security context of AUTHORITY\NETWORK SERVICE account ?
>
> Thanks in advance
>



 
Reply With Quote
 
J-T
Guest
Posts: n/a
 
      07-14-2005
but which user is that????? no boday has authenticated with my system yet!!
"Paul Glavich [MVP ASP.NET]" <(E-Mail Removed)-NOSPAM> wrote in message
news:(E-Mail Removed)...
> As long as Anonymous auth is turned off, it should be the domain user
> (else a logon prompt will show for the user). If Anonynous auth is enabled
> (in addition to Integrated), then it will probably be the
> IUSR_{machinename} user or whoever you have defined as the anonymous user
> in IIS.
>
> --
> - Paul Glavich
> MVP ASP.NET
> http://weblogs.asp.net/pglavich
> ASPInsiders member - http://www.aspinsiders.com
>
>
> "J-T" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> We have an asp.net application with <identity impersonate="true"/> and
>> <authentication mode="Windows" /> in our web config and we are using
>> Windows integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account
>> in its application pool. I create an object in Global.asax which monitors
>> a folder for upcoming files.What is the security context of the object
>> since there is no user (Domain\Username) requesting this object.Is it
>> running under the security context of AUTHORITY\NETWORK SERVICE account ?
>>
>> Thanks in advance
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Intranet and Integrated Windows Authentication Andrew ASP .Net 4 06-22-2004 11:22 PM
Question about windows integrated security NWx ASP .Net 4 01-31-2004 06:18 AM
Basic Authentication v. Integrated Windows Authentication w/ Delegation Mark ASP .Net 0 01-20-2004 03:13 PM
HttpHandler and Windows Integrated Security Carlos Fersura ASP .Net 0 10-29-2003 08:17 PM
Windows Integrated Security and wireless STom ASP .Net 0 10-08-2003 06:36 PM



Advertisments