SetPrincipalPolicy in ASP.NET

Discussion in 'ASP .Net Security' started by richlm, Mar 12, 2008.

  1. richlm

    richlm Guest

    Just curious really, I want to use a trusted subsystem approach in ASP.NET.
    There are various ways to achieve it in config, e.g. impersonating the
    anonymous user, but I observed that the following works too:

    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal).

    This results in Thread.CurrentPrincipal being set to the process identity
    i.e. IIS worker process account.
    Is this acceptable practice or could it cause problems in a web app?

    (I had always associated the method with Winforms apps).
     
    richlm, Mar 12, 2008
    #1
    1. Advertising

  2. richlm

    Steven Cheng Guest

    Hi Richlm,

    From your description, you're wantting to build a trusted sub-system for
    your ASP.NET application and wonder what's the proper way to configure
    ASP.NET security settings, correct?

    Based on my experience, the "AppDomain.CurrentDomain.SetPrincipalPolicy" is
    seldom used in ASP.NET application. ASP.NET application has its own
    security settings:

    ** the authentication (in IIS and ASP.NET side)

    ** the impersonate

    the authentication will control whether the IIS will forward security
    credential of client to ASP.NET and whether ASP.NET will populate it in
    current Thread's principal. The impersonate will control whether the
    ASP.NET will change the current worker thread's security account(either the
    one you set in web.config or the account forwarded from IIS/CLIENT).

    For your scenario, a typical trusted sub-system mainly require a powerful
    process account. That means you can change the process account to a custom
    account which will have sufficient permission to access any resource your
    application requires. And you'll no longer need to do impersonate(to run
    thread under client authenticated account or account set in web.config).

    Here are some reference about ASP.NET security settings:

    #Authentication in ASP.NET: .NET Security Guidance
    http://msdn2.microsoft.com/en-us/library/ms978378.aspx

    #Impersonation with ASP.NET 2.0
    http://www.c-sharpcorner.com/UploadFile/manishkdwivedi/impersonation10092007
    065217AM/impersonation.aspx

    #How To: Use Impersonation and Delegation in ASP.NET 2.0
    http://msdn2.microsoft.com/en-us/library/ms998351.aspx

    #Configuring Process Identity for ASP.NET (IIS 6.0)
    http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1
    34d11d5-7676-4f59-936b-a59e7bca8515.mspx?mfr=true

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "richlm" <>
    >Subject: SetPrincipalPolicy in ASP.NET
    >Date: Wed, 12 Mar 2008 13:12:11 +0100
    >
    >Just curious really, I want to use a trusted subsystem approach in ASP.NET.
    >There are various ways to achieve it in config, e.g. impersonating the
    >anonymous user, but I observed that the following works too:
    >
    >AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal

    ).
    >
    >This results in Thread.CurrentPrincipal being set to the process identity
    >i.e. IIS worker process account.
    >Is this acceptable practice or could it cause problems in a web app?
    >
    >(I had always associated the method with Winforms apps).
    >
    >
    >
     
    Steven Cheng, Mar 13, 2008
    #2
    1. Advertising

  3. richlm

    Steven Cheng Guest

    Hi Richlm,

    Have you got progress on this or does the information in my last reply help
    you some?

    Steven Cheng
    Microsoft MSDN Online Support Lead

    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: ("Steven Cheng")
    >Organization: Microsoft
    >Date: Thu, 13 Mar 2008 01:32:37 GMT
    >Subject: RE: SetPrincipalPolicy in ASP.NET


    >
    >Hi Richlm,
    >
    >From your description, you're wantting to build a trusted sub-system for
    >your ASP.NET application and wonder what's the proper way to configure
    >ASP.NET security settings, correct?
    >
    >Based on my experience, the "AppDomain.CurrentDomain.SetPrincipalPolicy"

    is
    >seldom used in ASP.NET application. ASP.NET application has its own
    >security settings:
    >
    >** the authentication (in IIS and ASP.NET side)
    >
    >** the impersonate
    >
    >the authentication will control whether the IIS will forward security
    >credential of client to ASP.NET and whether ASP.NET will populate it in
    >current Thread's principal. The impersonate will control whether the
    >ASP.NET will change the current worker thread's security account(either

    the
    >one you set in web.config or the account forwarded from IIS/CLIENT).
    >
    >For your scenario, a typical trusted sub-system mainly require a powerful
    >process account. That means you can change the process account to a custom
    >account which will have sufficient permission to access any resource your
    >application requires. And you'll no longer need to do impersonate(to run
    >thread under client authenticated account or account set in web.config).
    >
    >Here are some reference about ASP.NET security settings:
    >
    >#Authentication in ASP.NET: .NET Security Guidance
    >http://msdn2.microsoft.com/en-us/library/ms978378.aspx
    >
    >#Impersonation with ASP.NET 2.0
    >http://www.c-sharpcorner.com/UploadFile/manishkdwivedi/impersonation1009200

    7
    >065217AM/impersonation.aspx
    >
    >#How To: Use Impersonation and Delegation in ASP.NET 2.0
    >http://msdn2.microsoft.com/en-us/library/ms998351.aspx
    >
    >#Configuring Process Identity for ASP.NET (IIS 6.0)
    >http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/

    1
    >34d11d5-7676-4f59-936b-a59e7bca8515.mspx?mfr=true
    >
    >Sincerely,
    >
    >Steven Cheng
    >
    >Microsoft MSDN Online Support Lead
    >
    >
    >Delighting our customers is our #1 priority. We welcome your comments and
    >suggestions about how we can improve the support we provide to you. Please
    >feel free to let my manager know what you think of the level of service
    >provided. You can send feedback directly to my manager at:
    >.
    >
    >==================================================
    >Get notification to my posts through email? Please refer to
    >http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#noti

    f
    >ications.
    >
    >Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    >where an initial response from the community or a Microsoft Support
    >Engineer within 1 business day is acceptable. Please note that each follow
    >up response may take approximately 2 business days as the support
    >professional working with you may need further investigation to reach the
    >most efficient resolution. The offering is not appropriate for situations
    >that require urgent, real-time or phone-based interactions or complex
    >project analysis and dump analysis issues. Issues of this nature are best
    >handled working with a dedicated Microsoft Support Engineer by contacting
    >Microsoft Customer Support Services (CSS) at
    >http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >==================================================
    >This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >--------------------
    >>From: "richlm" <>
    >>Subject: SetPrincipalPolicy in ASP.NET
    >>Date: Wed, 12 Mar 2008 13:12:11 +0100
    >>
    >>Just curious really, I want to use a trusted subsystem approach in

    ASP.NET.
    >>There are various ways to achieve it in config, e.g. impersonating the
    >>anonymous user, but I observed that the following works too:
    >>
    >>AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipa

    l
    >).
    >>
    >>This results in Thread.CurrentPrincipal being set to the process identity
    >>i.e. IIS worker process account.
    >>Is this acceptable practice or could it cause problems in a web app?
    >>
    >>(I had always associated the method with Winforms apps).
    >>
    >>
    >>

    >
    >
     
    Steven Cheng, Mar 17, 2008
    #3
  4. What has this to do with trusted subsystem?

    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > Just curious really, I want to use a trusted subsystem approach in
    > ASP.NET. There are various ways to achieve it in config, e.g.
    > impersonating the anonymous user, but I observed that the following
    > works too:
    >
    > AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrin
    > cipal).
    >
    > This results in Thread.CurrentPrincipal being set to the process
    > identity
    > i.e. IIS worker process account.
    > Is this acceptable practice or could it cause problems in a web app?
    > (I had always associated the method with Winforms apps).
    >
     
    Dominick Baier, Mar 17, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andy Elmhorst
    Replies:
    2
    Views:
    501
    Bassel Tabbara [MSFT]
    Jul 8, 2003
  2. Ben
    Replies:
    3
    Views:
    1,167
  3. Luis Esteban Valencia

    AppDomain.CurrentDomain.SetPrincipalPolicy

    Luis Esteban Valencia, Jan 11, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    1,389
    Luis Esteban Valencia
    Jan 11, 2005
  4. Andrea Raimondi
    Replies:
    1
    Views:
    490
  5. Amelyan
    Replies:
    2
    Views:
    166
    Amelyan
    Apr 25, 2005
Loading...

Share This Page