asp.net 2.0 security question

  • Thread starter ireallyneedtoknow2007
  • Start date
I

ireallyneedtoknow2007

I am using the following code to provide security to a web page

SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

I then account.ToString().
This works fine in development - I get domain\user as expected.
After publishing the website and accessing the page I get - machinename
\ASPNET

I have also tried

WindowsPrincipal winPrincipal =
(WindowsPrincipal)HttpContext.Current.User;
account = winPrincipal.Identity.Name;
Again, the dev display works as expected - domain\user ,
but the published website doesn't display anything.

web.config has <allow users="*"/> and
<authentication mode="Windows"> </authentication> I have also tried
"None"
but that gives me
"Unable to cast object of type
'System.Security.Principal.GenericPrincipal'
to type 'System.Security.Principal.WindowsPrincipal'. "

I have also tried checking/unchecking Anonymous Access and
Integrated Windows Authentication in IIS with no luck.

Can anyone tell me why I get the result I am getting. Thanks
 
G

Guest

I am using the following code to provide security to a web page

SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

I then account.ToString().
This works fine in development - I get domain\user as expected.
After publishing the website and accessing the page I get - machinename
\ASPNET

I have also tried

WindowsPrincipal winPrincipal =
(WindowsPrincipal)HttpContext.Current.User;
account = winPrincipal.Identity.Name;
Again, the dev display works as expected - domain\user ,
but the published website doesn't display anything.

web.config has <allow users="*"/> and
<authentication mode="Windows"> </authentication> I have also tried
"None"
but that gives me
"Unable to cast object of type
'System.Security.Principal.GenericPrincipal'
to type 'System.Security.Principal.WindowsPrincipal'. "

I have also tried checking/unchecking Anonymous Access and
Integrated Windows Authentication in IIS with no luck.

Can anyone tell me why I get the result I am getting. Thanks

Read about impersonation. To get your own username on a server you
need to run the application in the context of your user. By default,
impersonation is disabled and you get machinename\ASPNET on Win2000,
or Network Service on Win2003 (default accounts on IIS). The easiest
way to turn it on is to add <identity impersonate="true"/> in the
web.config file.

http://msdn2.microsoft.com/en-us/library/xh507fc5.aspx
http://msdn2.microsoft.com/en-us/library/ms998351.aspx
 
J

Jim Wyatt

Impersonation makes it more difficult to manage security at a domain level.
I would suggest you change the application pool identity to make the
privalleges more transparent.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top