Windows Authentication

[Michael Weier]

Hello all-

We've been having some issues with Visual Studio .Net
when using Windows authentication.

Essentially, we have done three steps.

1.) Set the ACLs on the folder containing the project
allowing members of an NT group full control of the
folder.
2.) Set the authentication mode in the web.config
file to be 'windows', and set impersonate equal to true.
3.) Removed anonymous access from the .Net virtual
directory, and set Windows authentication within IIS.

When I run my .Net application with this configuration
via one of the users in the group, I receive an error
message stating that I do not have access to the
requested resource. Adding ASPNET to the ACLs on the
folder enables the project to load and execute without
any problems.

I don't understand why this project is still running
under the ASPNET user. Shouldn't the impersonation
combined with the IIS settings cause this application to
run in the context of the calling user?

Thanks for your help. I appreciate it.

Michael Weier
Team Lead Menlo Worldwide I*Net application development

 

[Jacob Yang [MSFT]]

Hi Michael,

Based on my research and experience, I would like to share the following
information with you.

Enabling Integrated Windows authentication requires restarting of IIS. In
addition, the identity of the process that impersonates a specific user on
a thread must have the "Act as part of the operating system" privilege. By
default, the Aspnet_wp.exe process runs under a computer account named
ASPNET. On windows XP box, this step is no necessary.

INFO: Implementing impersonation in an ASP.NET
http://support.microsoft.com/?id=306158

Best regards,

Jacob Yang
Microsoft Online Partner Support
Get Secure! ¨C www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.