Impersonation question regarding a microsoft article

Discussion in 'ASP .Net Security' started by Brian Newtz, Dec 23, 2003.

  1. Brian Newtz

    Brian Newtz Guest

    Hello everyone!

    I recently read "ASP.NET Impersonation" from the .NET
    Framework Developer's Guide
    (http://msdn.microsoft.com/library/default.asp?
    url=/library/en-
    us/cpguide/html/cpconaspnetimpersonation.asp) and it says
    the following:

    "Only application code is impersonated; compilation and
    configuration are read as the process token. The result
    of the compilation is put in the "Temporary ASP.NET
    files" directory. The account that is being impersonated
    needs to have read/write access to this directory."

    So, this is basically telling me that every authenticated
    user has to have access to my 'Temporary ASP.NET files'
    directory in order to view the pages??? I've verified
    that this is definitely not the case, as my 'Temporary
    ASP.NET files' directory has only the following security
    permissions(my computer name is BNEWTZ):

    Administrators (BNEWTZ\Administrators)
    aspnet ()
    CREATOR OWNER
    LOCAL SERVICE
    NETWORK SERVICE
    Power Users (BNEWTZ\Administrators)
    SYSTEM
    Users (BNEWTZ\Users)

    With these permissions (which are the default, except
    that I've added the domain aspnet account which I use in
    the processmodel section of machine.config) any domain
    user can get to the website just fine. So is the article
    incorrect in that statement?

    Thanks!
    -Brian
    Brian Newtz, Dec 23, 2003
    #1
    1. Advertising

  2. Brian,

    That documentation is incorrect. The process account has to have full
    control on that folder, but the impersonated account does not in the case
    of first-time JIT compile.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.


    --------------------
    >Content-Class: urn:content-classes:message
    >From: "Brian Newtz" <>
    >Sender: "Brian Newtz" <>
    >Subject: Impersonation question regarding a microsoft article
    >Date: Tue, 23 Dec 2003 08:17:43 -0800
    >Lines: 40
    >Message-ID: <09b201c3c970$4b509c00$>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Thread-Index: AcPJcEtQodKge0h2Sd+UR2DdUFfdag==
    >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Path: cpmsftngxa07.phx.gbl
    >Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:8036
    >NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >Hello everyone!
    >
    >I recently read "ASP.NET Impersonation" from the .NET
    >Framework Developer's Guide
    >(http://msdn.microsoft.com/library/default.asp?
    >url=/library/en-
    >us/cpguide/html/cpconaspnetimpersonation.asp) and it says
    >the following:
    >
    >"Only application code is impersonated; compilation and
    >configuration are read as the process token. The result
    >of the compilation is put in the "Temporary ASP.NET
    >files" directory. The account that is being impersonated
    >needs to have read/write access to this directory."
    >
    >So, this is basically telling me that every authenticated
    >user has to have access to my 'Temporary ASP.NET files'
    >directory in order to view the pages??? I've verified
    >that this is definitely not the case, as my 'Temporary
    >ASP.NET files' directory has only the following security
    >permissions(my computer name is BNEWTZ):
    >
    >Administrators (BNEWTZ\Administrators)
    >aspnet ()
    >CREATOR OWNER
    >LOCAL SERVICE
    >NETWORK SERVICE
    >Power Users (BNEWTZ\Administrators)
    >SYSTEM
    >Users (BNEWTZ\Users)
    >
    >With these permissions (which are the default, except
    >that I've added the domain aspnet account which I use in
    >the processmodel section of machine.config) any domain
    >user can get to the website just fine. So is the article
    >incorrect in that statement?
    >
    >Thanks!
    >-Brian
    >
    >
    Jim Cheshire [MSFT], Dec 23, 2003
    #2
    1. Advertising

  3. Brian Newtz

    Brian Newtz Guest

    Jim,

    Thanks!

    -Brian


    >-----Original Message-----
    >Brian,
    >
    >That documentation is incorrect. The process account

    has to have full
    >control on that folder, but the impersonated account

    does not in the case
    >of first-time JIT compile.
    >
    >Jim Cheshire, MCSE, MCSD [MSFT]
    >Developer Support
    >ASP.NET
    >
    >
    >This post is provided as-is with no warranties and

    confers no rights.
    >
    >
    >--------------------
    >>Content-Class: urn:content-classes:message
    >>From: "Brian Newtz"

    <>
    >>Sender: "Brian Newtz"

    <>
    >>Subject: Impersonation question regarding a microsoft

    article
    >>Date: Tue, 23 Dec 2003 08:17:43 -0800
    >>Lines: 40
    >>Message-ID: <09b201c3c970$4b509c00$>
    >>MIME-Version: 1.0
    >>Content-Type: text/plain;
    >> charset="iso-8859-1"
    >>Content-Transfer-Encoding: 7bit
    >>X-Newsreader: Microsoft CDO for Windows 2000
    >>Thread-Index: AcPJcEtQodKge0h2Sd+UR2DdUFfdag==
    >>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >>Newsgroups:

    microsoft.public.dotnet.framework.aspnet.security
    >>Path: cpmsftngxa07.phx.gbl
    >>Xref: cpmsftngxa07.phx.gbl

    >microsoft.public.dotnet.framework.aspnet.security:8036
    >>NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
    >>X-Tomcat-NG:

    microsoft.public.dotnet.framework.aspnet.security
    >>
    >>Hello everyone!
    >>
    >>I recently read "ASP.NET Impersonation" from the .NET
    >>Framework Developer's Guide
    >>(http://msdn.microsoft.com/library/default.asp?
    >>url=/library/en-
    >>us/cpguide/html/cpconaspnetimpersonation.asp) and it

    says
    >>the following:
    >>
    >>"Only application code is impersonated; compilation and
    >>configuration are read as the process token. The result
    >>of the compilation is put in the "Temporary ASP.NET
    >>files" directory. The account that is being

    impersonated
    >>needs to have read/write access to this directory."
    >>
    >>So, this is basically telling me that every

    authenticated
    >>user has to have access to my 'Temporary ASP.NET files'
    >>directory in order to view the pages??? I've verified
    >>that this is definitely not the case, as my 'Temporary
    >>ASP.NET files' directory has only the following

    security
    >>permissions(my computer name is BNEWTZ):
    >>
    >>Administrators (BNEWTZ\Administrators)
    >>aspnet ()
    >>CREATOR OWNER
    >>LOCAL SERVICE
    >>NETWORK SERVICE
    >>Power Users (BNEWTZ\Administrators)
    >>SYSTEM
    >>Users (BNEWTZ\Users)
    >>
    >>With these permissions (which are the default, except
    >>that I've added the domain aspnet account which I use

    in
    >>the processmodel section of machine.config) any domain
    >>user can get to the website just fine. So is the

    article
    >>incorrect in that statement?
    >>
    >>Thanks!
    >>-Brian
    >>
    >>

    >
    >.
    >
    Brian Newtz, Dec 24, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charles A. Lackman
    Replies:
    1
    Views:
    1,340
    smith
    Dec 8, 2004
  2. SpamProof
    Replies:
    0
    Views:
    546
    SpamProof
    Oct 21, 2003
  3. Hasani \(remove nospam from address\)

    Question about Microsoft Knowledge Base Article - 312112

    Hasani \(remove nospam from address\), Jul 30, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    345
    Hasani \(remove nospam from address\)
    Jul 30, 2004
  4. Siegfried Heintze
    Replies:
    6
    Views:
    7,105
    kenducharme
    May 5, 2007
  5. Christopher Baus

    question regarding Guido's main article

    Christopher Baus, Jun 3, 2004, in forum: Python
    Replies:
    2
    Views:
    294
    =?UTF-8?B?0JTQsNC80ZjQsNC9INCT0LXQvtGA0LPQuNC10LLR
    Jun 10, 2004
Loading...

Share This Page