F
Frederick D'hont
Hi all
First of all I will start with explaining the situation:
1) In the web config impersonation is configured as the following:
<identity impersonate="true" userName="registry:HKLM\Software\myASP.NET\Identity\ASPNET_SETREG,userName" password="registry:HKLM\Software\myASP.NET\Identity\ASPNET_SETREG,password" />
This method of impersonation is described on the next page : http://support.microsoft.com/default.aspx?scid=kb;en-us;329290
2) Somewere else in the web config the applications connection string is configured as follows
<add key="connectionString" value="server=localhost;Integrated Security=SSPI;database=somedatabase;" />
3) In the application there exists a page which contains 2 Iframes which in their turn contain 2 pages which are part of the same web application.
problem
These 2 other pages that run in those iframes both click of Session_Start in the Global.asax whenever they are called. In the Session_start there is a check on application security. The only user aloud to access the database is the one configured in the web.config impersonation. The strange behaviour that I encounter is that one of both pages uses the "MACHINE\ASPNET" account as trusted connection account to the sql server and the other uses the configured one in the web.config. Which of pages that generates the error is completely random. And on some occasions the error doesn't occur.
Generaly using Iframes isn't they way you want to build a solid application, but sometimes time limits and sudden customer requirments does not allow refactoring. The story of our lives
Anyone who has any idea how to fix this issue.
First of all I will start with explaining the situation:
1) In the web config impersonation is configured as the following:
<identity impersonate="true" userName="registry:HKLM\Software\myASP.NET\Identity\ASPNET_SETREG,userName" password="registry:HKLM\Software\myASP.NET\Identity\ASPNET_SETREG,password" />
This method of impersonation is described on the next page : http://support.microsoft.com/default.aspx?scid=kb;en-us;329290
2) Somewere else in the web config the applications connection string is configured as follows
<add key="connectionString" value="server=localhost;Integrated Security=SSPI;database=somedatabase;" />
3) In the application there exists a page which contains 2 Iframes which in their turn contain 2 pages which are part of the same web application.
problem
These 2 other pages that run in those iframes both click of Session_Start in the Global.asax whenever they are called. In the Session_start there is a check on application security. The only user aloud to access the database is the one configured in the web.config impersonation. The strange behaviour that I encounter is that one of both pages uses the "MACHINE\ASPNET" account as trusted connection account to the sql server and the other uses the configured one in the web.config. Which of pages that generates the error is completely random. And on some occasions the error doesn't occur.
Generaly using Iframes isn't they way you want to build a solid application, but sometimes time limits and sudden customer requirments does not allow refactoring. The story of our lives
Anyone who has any idea how to fix this issue.