Security question.

Discussion in 'ASP .Net' started by J-T, Jul 13, 2005.

  1. J-T

    J-T Guest

    We have an asp.net application with <identity impersonate="true"/> and
    <authentication mode="Windows" /> in our web config and we are using Windows
    integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account in its
    application pool. I create an object in Global.asax which monitors a folder
    for upcoming files.What is the security context of the object since there is
    no user (Domain\Username) requesting this object.Is it running under the
    security context of AUTHORITY\NETWORK SERVICE account ?

    Thanks in advance
     
    J-T, Jul 13, 2005
    #1
    1. Advertising

  2. J-T

    Bruce Barker Guest

    objects don't have a security context, only threads do. if you access the
    the object in global.asax before authentication, then you run under the app
    pool account. if you call the object after the authentication event, then
    you will run under the impersonated account

    -- bruce (sqlwork.com)


    "J-T" <> wrote in message
    news:...
    > We have an asp.net application with <identity impersonate="true"/> and
    > <authentication mode="Windows" /> in our web config and we are using
    > Windows integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account
    > in its application pool. I create an object in Global.asax which monitors
    > a folder for upcoming files.What is the security context of the object
    > since there is no user (Domain\Username) requesting this object.Is it
    > running under the security context of AUTHORITY\NETWORK SERVICE account ?
    >
    > Thanks in advance
    >
     
    Bruce Barker, Jul 13, 2005
    #2
    1. Advertising

  3. J-T

    J-T Guest

    In that object I'd like to gain access to the file system of a windows 200
    which is not in our domain,so I was thinking to set up our application pool
    to run under a local aacount and then duplicate that account in windows 2000
    server and give it right NTFS permission sets then for our database access I
    create a sql server acount with the same name and password and I use this
    connection string in my web.config

    <add key="Main.ConnectionString"
    value="Server=db-d;Database=vcad;Min Pool Size=5;Trusted_Connection=True"/>
    OR
    <add key="Main.ConnectionString" value="Data Source=db-d;Min
    Pool Size=5;Initial Catalog=vcad;Integrated Security=SSPI;"/>

    and also this:

    identity impersonate="true" username="MyUser" password="123"/>
    <authentication mode="Windows" />


    Note: MyUser is a local account to each server and is the one which my
    application pool is setup under.

    Thanks a lot

    "Bruce Barker" <> wrote in message
    news:O7HQRf%...
    > objects don't have a security context, only threads do. if you access the
    > the object in global.asax before authentication, then you run under the
    > app pool account. if you call the object after the authentication event,
    > then you will run under the impersonated account
    >
    > -- bruce (sqlwork.com)
    >
    >
    > "J-T" <> wrote in message
    > news:...
    >> We have an asp.net application with <identity impersonate="true"/> and
    >> <authentication mode="Windows" /> in our web config and we are using
    >> Windows integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account
    >> in its application pool. I create an object in Global.asax which monitors
    >> a folder for upcoming files.What is the security context of the object
    >> since there is no user (Domain\Username) requesting this object.Is it
    >> running under the security context of AUTHORITY\NETWORK SERVICE account ?
    >>
    >> Thanks in advance
    >>

    >
    >
     
    J-T, Jul 13, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    361
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,424
    Roedy Green
    Jan 28, 2006
  3. Akram Baig
    Replies:
    0
    Views:
    334
    Akram Baig
    Apr 7, 2011
  4. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    159
    Dinis Cruz
    Oct 11, 2003
  5. Michael Randrup
    Replies:
    3
    Views:
    311
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page