ASP.Net Impersonation

M

Mark Miller

I am trying to understand Impersonation in the ASP.Net context. Here's what
I DO understand:
-Using Windows Authentication with impersonation="true" means that the
aspnet_wp will try and access the resource with the authenticated user's
credentials (token). If access is denied I get an IIS access denied message.
-I can set NTFS permissions on a file/folder and control access w/o using
code simply by assigning rights by user or group.
-setting impersonation="false" still authorizes the user using NTFS
permissions, but instead it is the aspnet_wp account that accesses the file
and checks the permissions. Then if access is denied ASP.Net throws an
exception.
Here's what I DON'T understand:
-What's the difference then between Windows Authentication with
impersonation turned on, and windows impersonation turned off? Other than
where the authorization takes place (ie. aspnet_wp or NTFS).
-When would I want to use one over the other?

Thanks in advance,
Mark Miller
 
P

Paul Glavich [MVP ASP.NET]

You also need to remember that IIS authentication is performed BEFORE
ASP.Net gets a chance to do anything with it. IIS determines which identity
or user context is passed to ASP.Net for which it can then do impersonation
if required.

It basically comes down to what user context you want your code to run in,
either the ASPNET/NEtwork Service user, the IUSR_..... user, or the
authenticated user from a domain
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top