Authentication IIS / ASP.NET - Problem

Discussion in 'ASP .Net Security' started by aaapaul, Oct 31, 2003.

  1. aaapaul

    aaapaul Guest

    1) I have an intranet .
    <Directory>Intranet
    with <Subdirctory>admin
    and <Subdirctory>database with an accessdatabase (data.mdb)

    I have 2 NT-Groups
    a) NT-Group "read" can read data in all directories
    b) NT-Group "change" can read and write data in all directories

    Only the group "change" should be allowed to change data in data.mdb
    The files for changing data are in the <subdirctory>admin

    2) I am only using Windows-Authentication in IIS
    3) In ASP.NET I use authentication mode="Windows"

    This is my web.config:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <appSettings>
    <add key="ConnectionString1"
    value="Provider=Microsoft.Jet.OLEDB.4.0;" />
    <add key="ConnectionString2" value="_datenbank/daten.mdb" />
    </appSettings>
    <system.web>
    <compilation defaultLanguage="vb" debug="true" />
    <customErrors mode="Off" />
    <authentication mode="Windows" />
    </system.web>
    </configuration>

    With this configuration I thought only the group "change" can change
    date in the Access-database, but other users from the group "read" can
    change Data too !

    Why? Do you have any solution ?

    Thanks
    aaapaul


    P.S.: Is it a problem with the user ASPNET ? Does he access the
    database - Had I to change the connectionstring ? - Integrated
    Security = sspi etc. ?
     
    aaapaul, Oct 31, 2003
    #1
    1. Advertising

  2. aaapaul

    AlKa Guest

    This is probably because of ASP.NET impersonation.
    The code which reads/writes data is actually run by aspnet_wp.exe which is
    running as "ASPNET" or "SYSTEM" user. If impersonation is disabled (that is
    the deafult and probably your case), the process will use its own
    credentials to obtain access to the needed resources.
    If impersonation is enabled, aspnet_wp uses the credentials of the user
    which is impersonating to access resources.

    To enable/disable impersonation, you only need to add an <identity /> tag
    within the <system.web> tag of your web.config file. There are three
    possible solutions:
    1) <identity impersonate="false" > : the default
    2) <identity impersonate="true" > : in this case the impersonated identity
    is that of the logged remote user
    3) <identity impersonate="true" userName="domain\goofy" password="minnie">:
    in this case the impersonated identity is Goofy's!

    So, try to use 2 and it shoul work fine.

    Hi, Alessandro.

    P.S: I hope my english will work ..

    "aaapaul" <> ha scritto nel messaggio
    news:...
    > 1) I have an intranet .
    > <Directory>Intranet
    > with <Subdirctory>admin
    > and <Subdirctory>database with an accessdatabase (data.mdb)

    .....
    > P.S.: Is it a problem with the user ASPNET ? Does he access the
    > database - Had I to change the connectionstring ? - Integrated
    > Security = sspi etc. ?
     
    AlKa, Nov 8, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matthew Louden
    Replies:
    3
    Views:
    6,004
    Sherif ElMetainy
    Nov 7, 2003
  2. JMaelstrom

    IIS 6 vs IIS 5 ASP.NET Performance Issues

    JMaelstrom, Dec 9, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    4,714
    shan420
    Apr 30, 2010
  3. keithb
    Replies:
    0
    Views:
    372
    keithb
    Mar 22, 2006
  4. Jon Davis
    Replies:
    3
    Views:
    645
    Jon Davis
    Jun 21, 2007
  5. Nick Gilbert
    Replies:
    2
    Views:
    247
    Nick Gilbert
    Oct 7, 2003
Loading...

Share This Page