T
Ty Millwee
Microsoft Knowledge Base Article - 306158
[http://support.microsoft.com/default.aspx?scid=kb;en-
us;306158] shows a method to impersonate a specific user
in code via a web form.
The trouble is that the impersonation isn't being
persisted accost the web application. Once the user moves
onto the next page they are back in the NT
AUTHORITY\SYSTEM security context.
The desired scenario is:
1.) The user must enter there DOMAIN account username &
password into a WEB FORM (can't have the network logon
prompt popup).
2.) The application must run in this users security
context as long as they are 'IN' the application. So every
page the user accesses within the application runs under
their security context.
----------------------------------------------
Subject: RE: Domain Authentication via Web Form -
PERSISTANCE?
From: "Wei-Dong Xu [MSFT]" <[email protected]>
Sent: 8/7/2003 7:44:58 PM
Hi Ty,
In IIS6, if you choose the IIS6 worker process isolcation
mode(WPIM) to run
asp.net, the asp.net web application will run in a worker
process and the
application will decide how to impersonate the process. If
you select the
IIS5 isolation mode to execute the asp.net application,
the application
will run in aspnet process. The applicaiton will decide
his own entity as
well.
It appears that this is a ASP.net develop issue, not IIS.
To better serve
you, the Asp.net support team has created a aspnet
newsgroup for you. I
think these asp.net experts will help you a lot on this
issue. Please go to:
Microsoft.public.dotnet.framework.aspnet
Does this answer your question? Thank you for using
Microsoft NewsGroup!
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and
confers no rights."
----------------------------------------------
[http://support.microsoft.com/default.aspx?scid=kb;en-
us;306158] shows a method to impersonate a specific user
in code via a web form.
The trouble is that the impersonation isn't being
persisted accost the web application. Once the user moves
onto the next page they are back in the NT
AUTHORITY\SYSTEM security context.
The desired scenario is:
1.) The user must enter there DOMAIN account username &
password into a WEB FORM (can't have the network logon
prompt popup).
2.) The application must run in this users security
context as long as they are 'IN' the application. So every
page the user accesses within the application runs under
their security context.
----------------------------------------------
Subject: RE: Domain Authentication via Web Form -
PERSISTANCE?
From: "Wei-Dong Xu [MSFT]" <[email protected]>
Sent: 8/7/2003 7:44:58 PM
Hi Ty,
In IIS6, if you choose the IIS6 worker process isolcation
mode(WPIM) to run
asp.net, the asp.net web application will run in a worker
process and the
application will decide how to impersonate the process. If
you select the
IIS5 isolation mode to execute the asp.net application,
the application
will run in aspnet process. The applicaiton will decide
his own entity as
well.
It appears that this is a ASP.net develop issue, not IIS.
To better serve
you, the Asp.net support team has created a aspnet
newsgroup for you. I
think these asp.net experts will help you a lot on this
issue. Please go to:
Microsoft.public.dotnet.framework.aspnet
Does this answer your question? Thank you for using
Microsoft NewsGroup!
Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and
confers no rights."
----------------------------------------------