Windows Authentication

Discussion in 'ASP .Net Security' started by Michael Weier, Oct 1, 2003.

  1. Hello all-

    We've been having some issues with Visual Studio .Net
    when using Windows authentication.

    Essentially, we have done three steps.

    1.) Set the ACLs on the folder containing the project
    allowing members of an NT group full control of the
    folder.
    2.) Set the authentication mode in the web.config
    file to be 'windows', and set impersonate equal to true.
    3.) Removed anonymous access from the .Net virtual
    directory, and set Windows authentication within IIS.

    When I run my .Net application with this configuration
    via one of the users in the group, I receive an error
    message stating that I do not have access to the
    requested resource. Adding ASPNET to the ACLs on the
    folder enables the project to load and execute without
    any problems.

    I don't understand why this project is still running
    under the ASPNET user. Shouldn't the impersonation
    combined with the IIS settings cause this application to
    run in the context of the calling user?

    Thanks for your help. I appreciate it.

    Michael Weier
    Team Lead Menlo Worldwide I*Net application development
    Michael Weier, Oct 1, 2003
    #1
    1. Advertising

  2. Hi Michael,

    Based on my research and experience, I would like to share the following
    information with you.

    Enabling Integrated Windows authentication requires restarting of IIS. In
    addition, the identity of the process that impersonates a specific user on
    a thread must have the "Act as part of the operating system" privilege. By
    default, the Aspnet_wp.exe process runs under a computer account named
    ASPNET. On windows XP box, this step is no necessary.

    INFO: Implementing impersonation in an ASP.NET
    http://support.microsoft.com/?id=306158

    Best regards,

    Jacob Yang
    Microsoft Online Partner Support
    Get Secure! ┬ĘC www.microsoft.com/security
    This posting is provided "as is" with no warranties and confers no rights.
    Jacob Yang [MSFT], Oct 2, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    667
  2. Will
    Replies:
    5
    Views:
    2,602
  3. Dadi
    Replies:
    2
    Views:
    177
    Scott Scott
    Sep 16, 2003
  4. Fabio Gouw

    ASP.NET Authentication and Windows Authentication

    Fabio Gouw, Nov 15, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    139
    Ken Schaefer
    Nov 16, 2004
  5. jfer
    Replies:
    3
    Views:
    545
    Dominick Baier [DevelopMentor]
    Sep 16, 2005
Loading...

Share This Page