ASP.NET/IIS Authentication and Impersonation

Discussion in 'ASP .Net Security' started by Michael A. Jensen, Jun 7, 2005.

  1. We have a web application that is configured to run using impersonation. A
    Windows Group is created during the application installation which user
    accounts get added to in order to access the app (defaults to Authenticated
    Users global group which seems to work fine for all user access). The
    Windows Group is configured to have the same privileges that ASP.NET process
    account would have (and does) if we were not using impersonation (taken
    directly from Microsoft's privilege matrix on ASP.NET Security). The
    application as a whole works fine however, we are noticing some strange
    performance issues when running over the network versus locally. When
    running the application locally on a standalone computer (2003/2000/XP Pro),
    regardless of the user account type (regular user or administrator) the
    application and page (ASP.NET) response times are excellent. However, when
    the application is installed on a remote (2003/2000/XP Pro) server and users
    access over the network (regardless of browser) there is a noticable
    difference in response times between user accounts with administrative
    privileges and regular users accounts. The application still works without
    error, its just that page response times for regular users run about 20-30
    seconds slower than for administrative accounts. We have ruled out
    application code as being the problem pretty much by the fact that the
    response times when running locally are the same for admin and user
    accounts. We have tried modify the local system policy to grant rights that
    the Administrator group has but have not seen any differences. By all
    accounts it appear to be some sort of rights/authentication issue but we
    have pretty much run out of ideas. Any thoughts or insights anyone can shed
    on the subject would be much appreciated.

    Regards,

    Michael Jensen

    Michael A. Jensen, Jun 7, 2005
    #1
    1. Advertising

  2. Hello Michael,

    how many groups (including nesting) are your normal users member of.

    have you tried to inspect network traffic using a tools like ethereal (www.ethereal.com)
    ??

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > We have a web application that is configured to run using
    > impersonation. A Windows Group is created during the application
    > installation which user accounts get added to in order to access the
    > app (defaults to Authenticated Users global group which seems to work
    > fine for all user access). The Windows Group is configured to have
    > the same privileges that ASP.NET process account would have (and does)
    > if we were not using impersonation (taken directly from Microsoft's
    > privilege matrix on ASP.NET Security). The application as a whole
    > works fine however, we are noticing some strange performance issues
    > when running over the network versus locally. When running the
    > application locally on a standalone computer (2003/2000/XP Pro),
    > regardless of the user account type (regular user or administrator)
    > the application and page (ASP.NET) response times are excellent.
    > However, when the application is installed on a remote (2003/2000/XP
    > Pro) server and users access over the network (regardless of browser)
    > there is a noticable difference in response times between user
    > accounts with administrative privileges and regular users accounts.
    > The application still works without error, its just that page response
    > times for regular users run about 20-30 seconds slower than for
    > administrative accounts. We have ruled out application code as being
    > the problem pretty much by the fact that the response times when
    > running locally are the same for admin and user accounts. We have
    > tried modify the local system policy to grant rights that the
    > Administrator group has but have not seen any differences. By all
    > accounts it appear to be some sort of rights/authentication issue but
    > we have pretty much run out of ideas. Any thoughts or insights anyone
    > can shed on the subject would be much appreciated.
    >
    > Regards,
    >
    > Michael Jensen
    >
    >
    >
    Dominick Baier [DevelopMentor], Jun 7, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shikari Shambu

    ASP.NET Authentication / Impersonation issues

    Shikari Shambu, Aug 17, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    491
    Shikari Shambu
    Aug 17, 2004
  2. Jon Davis
    Replies:
    3
    Views:
    564
    Jon Davis
    Jun 21, 2007
  3. Mick Walker

    IIS Management and ASP.Net Impersonation

    Mick Walker, Oct 23, 2007, in forum: ASP .Net
    Replies:
    5
    Views:
    19,162
    Kamal Reddy
    Jan 2, 2012
  4. serre

    ASP.NET Impersonation fails on IIS

    serre, Feb 7, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    121
    Paul Clement
    Feb 7, 2005
  5. Ram

    IIS/ASP.NET impersonation probelm

    Ram, Jun 7, 2006, in forum: ASP .Net Security
    Replies:
    3
    Views:
    186
    Dominick Baier [DevelopMentor]
    Jun 8, 2006
Loading...

Share This Page