asp.net 2.0 security question

Discussion in 'ASP .Net Security' started by ireallyneedtoknow2007@yahoo.com, Dec 20, 2007.

  1. Guest

    I am using the following code to provide security to a web page

    SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
    NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

    I then account.ToString().
    This works fine in development - I get domain\user as expected.
    After publishing the website and accessing the page I get - machinename
    \ASPNET

    I have also tried

    WindowsPrincipal winPrincipal =
    (WindowsPrincipal)HttpContext.Current.User;
    account = winPrincipal.Identity.Name;
    Again, the dev display works as expected - domain\user ,
    but the published website doesn't display anything.

    web.config has <allow users="*"/> and
    <authentication mode="Windows"> </authentication> I have also tried
    "None"
    but that gives me
    "Unable to cast object of type
    'System.Security.Principal.GenericPrincipal'
    to type 'System.Security.Principal.WindowsPrincipal'. "

    I have also tried checking/unchecking Anonymous Access and
    Integrated Windows Authentication in IIS with no luck.

    Can anyone tell me why I get the result I am getting. Thanks
    , Dec 20, 2007
    #1
    1. Advertising

  2. On Dec 20, 3:54 pm, wrote:
    > I am using the following code to provide security to a web page
    >
    > SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
    > NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));
    >
    > I then account.ToString().
    > This works fine in development - I get domain\user as expected.
    > After publishing the website and accessing the page I get - machinename
    > \ASPNET
    >
    > I have also tried
    >
    > WindowsPrincipal winPrincipal =
    > (WindowsPrincipal)HttpContext.Current.User;
    > account = winPrincipal.Identity.Name;
    > Again, the dev display works as expected - domain\user ,
    > but the published website doesn't display anything.
    >
    > web.config has <allow users="*"/> and
    > <authentication mode="Windows"> </authentication> I have also tried
    > "None"
    > but that gives me
    > "Unable to cast object of type
    > 'System.Security.Principal.GenericPrincipal'
    > to type 'System.Security.Principal.WindowsPrincipal'. "
    >
    > I have also tried checking/unchecking Anonymous Access and
    > Integrated Windows Authentication in IIS with no luck.
    >
    > Can anyone tell me why I get the result I am getting. Thanks


    Read about impersonation. To get your own username on a server you
    need to run the application in the context of your user. By default,
    impersonation is disabled and you get machinename\ASPNET on Win2000,
    or Network Service on Win2003 (default accounts on IIS). The easiest
    way to turn it on is to add <identity impersonate="true"/> in the
    web.config file.

    http://msdn2.microsoft.com/en-us/library/xh507fc5.aspx
    http://msdn2.microsoft.com/en-us/library/ms998351.aspx
    Alexey Smirnov, Dec 20, 2007
    #2
    1. Advertising

  3. Guest

    thank you, impersonation solved the problem!
    , Dec 21, 2007
    #3
  4. Jim Wyatt Guest

    Impersonation makes it more difficult to manage security at a domain level.
    I would suggest you change the application pool identity to make the
    privalleges more transparent.


    <> wrote in message
    news:...
    > thank you, impersonation solved the problem!
    >
    Jim Wyatt, Dec 23, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Patrick
    Replies:
    2
    Views:
    641
    Steven Cheng[MSFT]
    Oct 1, 2004
  2. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    129
    Dinis Cruz
    Oct 11, 2003
  3. Dinis Cruz
    Replies:
    1
    Views:
    116
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
    Oct 17, 2003
  4. Michael Randrup
    Replies:
    3
    Views:
    290
    Henning Krause [MVP]
    Mar 27, 2006
  5. Kursat
    Replies:
    1
    Views:
    302
    Dominick Baier
    May 7, 2007
Loading...

Share This Page