ASP.Net Impersonation

Discussion in 'ASP .Net Security' started by Mark Miller, Dec 30, 2004.

  1. Mark Miller

    Mark Miller Guest

    I am trying to understand Impersonation in the ASP.Net context. Here's what
    I DO understand:
    -Using Windows Authentication with impersonation="true" means that the
    aspnet_wp will try and access the resource with the authenticated user's
    credentials (token). If access is denied I get an IIS access denied message.
    -I can set NTFS permissions on a file/folder and control access w/o using
    code simply by assigning rights by user or group.
    -setting impersonation="false" still authorizes the user using NTFS
    permissions, but instead it is the aspnet_wp account that accesses the file
    and checks the permissions. Then if access is denied ASP.Net throws an
    exception.
    Here's what I DON'T understand:
    -What's the difference then between Windows Authentication with
    impersonation turned on, and windows impersonation turned off? Other than
    where the authorization takes place (ie. aspnet_wp or NTFS).
    -When would I want to use one over the other?

    Thanks in advance,
    Mark Miller
     
    Mark Miller, Dec 30, 2004
    #1
    1. Advertising

  2. You also need to remember that IIS authentication is performed BEFORE
    ASP.Net gets a chance to do anything with it. IIS determines which identity
    or user context is passed to ASP.Net for which it can then do impersonation
    if required.

    It basically comes down to what user context you want your code to run in,
    either the ASPNET/NEtwork Service user, the IUSR_..... user, or the
    authenticated user from a domain

    --

    - Paul Glavich
    ASP.NET MVP
    ASPInsider (www.aspinsiders.com)


    "Mark Miller" <> wrote in message
    news:...
    > I am trying to understand Impersonation in the ASP.Net context. Here's

    what
    > I DO understand:
    > -Using Windows Authentication with impersonation="true" means that the
    > aspnet_wp will try and access the resource with the authenticated user's
    > credentials (token). If access is denied I get an IIS access denied

    message.
    > -I can set NTFS permissions on a file/folder and control access w/o using
    > code simply by assigning rights by user or group.
    > -setting impersonation="false" still authorizes the user using NTFS
    > permissions, but instead it is the aspnet_wp account that accesses the

    file
    > and checks the permissions. Then if access is denied ASP.Net throws an
    > exception.
    > Here's what I DON'T understand:
    > -What's the difference then between Windows Authentication with
    > impersonation turned on, and windows impersonation turned off? Other than
    > where the authorization takes place (ie. aspnet_wp or NTFS).
    > -When would I want to use one over the other?
    >
    > Thanks in advance,
    > Mark Miller
    >
    >
     
    Paul Glavich [MVP ASP.NET], Jan 2, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raymond Basque

    Re: ASP.NET Fails after SP4 with Impersonation

    Raymond Basque, Jun 27, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    550
  2. Bassel Tabbara [MSFT]

    RE: ASP.NET Fails after SP4 with Impersonation

    Bassel Tabbara [MSFT], Jun 27, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    526
    Michael Kennedy [UB]
    Jun 28, 2003
  3. Hidulf
    Replies:
    1
    Views:
    474
    Michael Kennedy [UB]
    Jun 30, 2003
  4. Bjoern Wolfgardt

    Re: Impersonation in ASP.Net

    Bjoern Wolfgardt, Jul 21, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    369
    Sanjay Poojari
    Jul 21, 2003
  5. Bjoern Wolfgardt

    Re: Impersonation in ASP.Net

    Bjoern Wolfgardt, Jul 21, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    385
    Jerry
    Aug 8, 2003
Loading...

Share This Page