Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > asp.net 2.0 security question

Reply
Thread Tools

asp.net 2.0 security question

 
 
ireallyneedtoknow2007@yahoo.com
Guest
Posts: n/a
 
      12-20-2007
I am using the following code to provide security to a web page

SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

I then account.ToString().
This works fine in development - I get domain\user as expected.
After publishing the website and accessing the page I get - machinename
\ASPNET

I have also tried

WindowsPrincipal winPrincipal =
(WindowsPrincipal)HttpContext.Current.User;
account = winPrincipal.Identity.Name;
Again, the dev display works as expected - domain\user ,
but the published website doesn't display anything.

web.config has <allow users="*"/> and
<authentication mode="Windows"> </authentication> I have also tried
"None"
but that gives me
"Unable to cast object of type
'System.Security.Principal.GenericPrincipal'
to type 'System.Security.Principal.WindowsPrincipal'. "

I have also tried checking/unchecking Anonymous Access and
Integrated Windows Authentication in IIS with no luck.

Can anyone tell me why I get the result I am getting. Thanks
 
Reply With Quote
 
 
 
 
Alexey Smirnov
Guest
Posts: n/a
 
      12-20-2007
On Dec 20, 3:54 pm, (E-Mail Removed) wrote:
> I am using the following code to provide security to a web page
>
> SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
> NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));
>
> I then account.ToString().
> This works fine in development - I get domain\user as expected.
> After publishing the website and accessing the page I get - machinename
> \ASPNET
>
> I have also tried
>
> WindowsPrincipal winPrincipal =
> (WindowsPrincipal)HttpContext.Current.User;
> account = winPrincipal.Identity.Name;
> Again, the dev display works as expected - domain\user ,
> but the published website doesn't display anything.
>
> web.config has <allow users="*"/> and
> <authentication mode="Windows"> </authentication> I have also tried
> "None"
> but that gives me
> "Unable to cast object of type
> 'System.Security.Principal.GenericPrincipal'
> to type 'System.Security.Principal.WindowsPrincipal'. "
>
> I have also tried checking/unchecking Anonymous Access and
> Integrated Windows Authentication in IIS with no luck.
>
> Can anyone tell me why I get the result I am getting. Thanks


Read about impersonation. To get your own username on a server you
need to run the application in the context of your user. By default,
impersonation is disabled and you get machinename\ASPNET on Win2000,
or Network Service on Win2003 (default accounts on IIS). The easiest
way to turn it on is to add <identity impersonate="true"/> in the
web.config file.

http://msdn2.microsoft.com/en-us/library/xh507fc5.aspx
http://msdn2.microsoft.com/en-us/library/ms998351.aspx
 
Reply With Quote
 
 
 
 
ireallyneedtoknow2007@yahoo.com
Guest
Posts: n/a
 
      12-21-2007
thank you, impersonation solved the problem!
 
Reply With Quote
 
Jim Wyatt
Guest
Posts: n/a
 
      12-23-2007
Impersonation makes it more difficult to manage security at a domain level.
I would suggest you change the application pool identity to make the
privalleges more transparent.


<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> thank you, impersonation solved the problem!
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing higher security level from higher security level nderose@gmail.com Cisco 0 07-11-2005 10:20 PM
Going from higher security level interface to lower security interface- HELP!!! - AM Cisco 4 12-28-2004 09:52 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM
How secure is the security from my security form? Aaron Java 1 08-04-2003 06:16 PM
MCSA: Security MCSE: Security question Rick Sears MCSE 0 07-29-2003 08:02 PM



Advertisments