Prevent access to advapi32.dll RevertToSelf()

K

kevin.kenny

Hi All,

Sorry to crosspost but it's a security and an ASP.NET problem I have.

We run each website site under it's own I_<user> account and ASP.NET is
configured to impersonate so requests run under the identity of the
I_<user> account.

In windows 2000 server how do I prevent a user from calling
RevertToSelf() in advapi32.dll and unwinding the impersonation? e.g.

[DllImport(@"C:\WINNT\system32\advapi32.dll")]
public static extern bool RevertToSelf();

void Page_Load(Object sender, EventArgs e) {
// at this point the request is running under impersonation as
I_<user>
RevertToSelf();
// afterwards it undoes the impersonation and the request is
now running as <MACHINE>\ASPNET
}

I've looked into building a .NET security policy to do this but I'm a
bit stuck.

Thanks in advance.
Kevin
 
J

Joe Kaplan \(MVP - ADSI\)

In addition to what Dominick said, under 2003, I suggest running each app in
its own AppPool, setting the process identity to the identity you want to
use and disabling impersonation via web.config. Then, it is a non-issue.

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top