Authentication IIS / ASP.NET - Problem

A

aaapaul

1) I have an intranet .
<Directory>Intranet
with <Subdirctory>admin
and <Subdirctory>database with an accessdatabase (data.mdb)

I have 2 NT-Groups
a) NT-Group "read" can read data in all directories
b) NT-Group "change" can read and write data in all directories

Only the group "change" should be allowed to change data in data.mdb
The files for changing data are in the <subdirctory>admin

2) I am only using Windows-Authentication in IIS
3) In ASP.NET I use authentication mode="Windows"

This is my web.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnectionString1"
value="Provider=Microsoft.Jet.OLEDB.4.0;" />
<add key="ConnectionString2" value="_datenbank/daten.mdb" />
</appSettings>
<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="Off" />
<authentication mode="Windows" />
</system.web>
</configuration>

With this configuration I thought only the group "change" can change
date in the Access-database, but other users from the group "read" can
change Data too !

Why? Do you have any solution ?

Thanks
aaapaul


P.S.: Is it a problem with the user ASPNET ? Does he access the
database - Had I to change the connectionstring ? - Integrated
Security = sspi etc. ?
 
A

AlKa

This is probably because of ASP.NET impersonation.
The code which reads/writes data is actually run by aspnet_wp.exe which is
running as "ASPNET" or "SYSTEM" user. If impersonation is disabled (that is
the deafult and probably your case), the process will use its own
credentials to obtain access to the needed resources.
If impersonation is enabled, aspnet_wp uses the credentials of the user
which is impersonating to access resources.

To enable/disable impersonation, you only need to add an <identity /> tag
within the <system.web> tag of your web.config file. There are three
possible solutions:
1) <identity impersonate="false" > : the default
2) <identity impersonate="true" > : in this case the impersonated identity
is that of the logged remote user
3) <identity impersonate="true" userName="domain\goofy" password="minnie">:
in this case the impersonated identity is Goofy's!

So, try to use 2 and it shoul work fine.

Hi, Alessandro.

P.S: I hope my english will work ..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ASP.NET Forms Authentication with Oracle Integrated Security 2
Help figuring out a directory permission change problem 1
IIS authentication and IE 2
form authentication with AD 1
Configuring Windows-based Authentication and UrlAuthorization 19
Forms authentication credentials fail 5
IIS 7 and WindowsIdentity 13
Prob: Connecting to MSSQL using windows authentication 7

Members online

No members online now.
Total: 17 (members: 0, guests: 17)
Robots: 470

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top