How do I run using Windows Identity (Windows 2003)

Discussion in 'ASP .Net Security' started by David Thielen, Dec 31, 2006.

  1. Hi;

    This appears to be working but I want to make sure I am doing it right.

    I want to be able to run where it passes my Windows Identity to my ASP.NET
    app. But I want the ASP.NET app running as whatever user is the default for
    that - NOT as the client user.

    What do I set?

    In IIS Authentication Methods I turned Enable anon off and I checked
    Integrated Windows Authentication.

    My web.config is:
    <authentication mode="Windows"/>
    <identity impersonate="false"/>
    <authorization>
    <allow roles="THIELEN\Windward Administrators, THIELEN\Windward Users"/>
    <deny users="*"/>
    </authorization>
    <roleManager enabled="true"
    defaultProvider="AspNetWindowsTokenRoleProvider"/>

    This shows me running as NT AUTHORITY\NETWORK SERVICE and automatically
    authenticates me. The thing is, I can't find NETWORK SERVICE as a user (or
    group) in either the users/groups on the machine I install to. I know it's a
    built-in account but shouldn't it be listed?

    And how does this relate to the user ASPNET and the group IIS_WPG?

    --
    thanks - dave
    david_at_windward_dot_net
    http://www.windwardreports.com

    Cubicle Wars - http://www.windwardreports.com/film.htm
     
    David Thielen, Dec 31, 2006
    #1
    1. Advertising

  2. Yep - looks good.

    NETWORK SERVICE is builtin and not listed - if you want to grant access (e.g.
    in SQL SERVER) - use that name:

    NT AUTHORITY\NETWORK SERVICE

    The AspNetTokenRoleProvider is not needed - haven't found any advantages
    using it (besides that you get a RolePrincipal instead of a WindowsPrincipal
    which is confusing IMO)





    -----
    Dominick Baier (http://www.leastprivilege.com)

    > Hi;
    >
    > This appears to be working but I want to make sure I am doing it
    > right.
    >
    > I want to be able to run where it passes my Windows Identity to my
    > ASP.NET app. But I want the ASP.NET app running as whatever user is
    > the default for that - NOT as the client user.
    >
    > What do I set?
    >
    > In IIS Authentication Methods I turned Enable anon off and I checked
    > Integrated Windows Authentication.
    >
    > My web.config is:
    > <authentication mode="Windows"/>
    > <identity impersonate="false"/>
    > <authorization>
    > <allow roles="THIELEN\Windward Administrators, THIELEN\Windward
    > Users"/>
    > <deny users="*"/>
    > </authorization>
    > <roleManager enabled="true"
    > defaultProvider="AspNetWindowsTokenRoleProvider"/>
    > This shows me running as NT AUTHORITY\NETWORK SERVICE and
    > automatically authenticates me. The thing is, I can't find NETWORK
    > SERVICE as a user (or group) in either the users/groups on the machine
    > I install to. I know it's a built-in account but shouldn't it be
    > listed?
    >
    > And how does this relate to the user ASPNET and the group IIS_WPG?
    >
    > Cubicle Wars - http://www.windwardreports.com/film.htm
    >
     
    Dominick Baier, Dec 31, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    651
    Giovanni Bassi
    Oct 20, 2003
  2. nalbayo
    Replies:
    2
    Views:
    5,512
    Bruce Barker
    Nov 11, 2005
  3. JimLad
    Replies:
    0
    Views:
    453
    JimLad
    Jan 16, 2009
  4. Frederick D'hont
    Replies:
    0
    Views:
    314
    Frederick D'hont
    Jul 25, 2005
  5. Replies:
    6
    Views:
    456
Loading...

Share This Page