K
kevin.kenny
Hi All,
Sorry to crosspost but it's a security and an ASP.NET problem I have.
We run each website site under it's own I_<user> account and ASP.NET is
configured to impersonate so requests run under the identity of the
I_<user> account.
In windows 2000 server how do I prevent a user from calling
RevertToSelf() in advapi32.dll and unwinding the impersonation? e.g.
[DllImport(@"C:\WINNT\system32\advapi32.dll")]
public static extern bool RevertToSelf();
void Page_Load(Object sender, EventArgs e) {
// at this point the request is running under impersonation as
I_<user>
RevertToSelf();
// afterwards it undoes the impersonation and the request is
now running as <MACHINE>\ASPNET
}
I've looked into building a .NET security policy to do this but I'm a
bit stuck.
Thanks in advance.
Kevin
Sorry to crosspost but it's a security and an ASP.NET problem I have.
We run each website site under it's own I_<user> account and ASP.NET is
configured to impersonate so requests run under the identity of the
I_<user> account.
In windows 2000 server how do I prevent a user from calling
RevertToSelf() in advapi32.dll and unwinding the impersonation? e.g.
[DllImport(@"C:\WINNT\system32\advapi32.dll")]
public static extern bool RevertToSelf();
void Page_Load(Object sender, EventArgs e) {
// at this point the request is running under impersonation as
I_<user>
RevertToSelf();
// afterwards it undoes the impersonation and the request is
now running as <MACHINE>\ASPNET
}
I've looked into building a .NET security policy to do this but I'm a
bit stuck.
Thanks in advance.
Kevin