Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470391847
Jumping from ASP to ASP.NET
Cover image for product 0470286652
ASP.NET AJAX Control Development with Visual Studio 2008 and .NET 3.5 Framework
Wrox Blox
  Return to Index  

aspx_professional thread: impersonation problem

Message #1 by "Lynn Curtner" <lynn.curtner@p...> on Mon, 20 May 2002 18:29:44
Give it a try...

Install IIS Lockdown (available freely from microsoft.com)
This will make two windows groups, web anonymous users and web application
(or something similar)

Now make a user, and make it member of web anonymous user (This will ensure
that if your web application has ASP part, it will keep working)

Grant Read/Execute access to web anonymous user to your
winnt\microsoft.net\%version%\ folder
Grant Full permission to winnt\microsoft.net\%version%\temp asp folder (or
something similar name folder)
Grant Full permission to operating system's temp folder (right click my
computer, properties, advance, environment settings...might be little
different on 2000 box)
Grant permission on your web folder and other network resources according to
the requirement

Enable impersonation in machine.config (its in
winnt\microsoft.net\%version%\config) or in your web.config...
Dont give any user/password, just enable impersonation, as giving passwords
in plain text is not a good choice....

Now
In IIS settings of your web, go for directory security and then anonymous
user, give your user there..you will need to give password if its your local
user and you want to access some network resources, else let IIS control
password....

Thats it....your web application will be running under this user, your
asp.net process will be impersonating using this user...and you will
hopefully have no problems...

Regards


----- Original Message -----
From: "Feduke Cntr Charles R" <FedukeCR@m...>
To: "ASPX_Professional" <aspx_professional@p...>
Sent: Monday, May 20, 2002 11:20 PM
Subject: [aspx_professional] RE: impersonation problem


> Lynn,
>
> I wish I knew.  I've ran into three occasions myself where I've
> followed the MSDN documentation exactly on my home server, and
consistantly
> ran into security access problems.  Changing from "MACHINE" to "SYSTEM"
> fixes the problem, but grants the aspnet_wp.exe system administrator
rights
> to the local box (only, fortunately).  Why this affects the machine's
> ability to generate NT authentication tokens and request access is beyond
me
> (guessing that the "MACHINE" user doesn't have access to the service or
> library that generates tokens).  I had assumed it was just me because my
> Active Directory was fragged when my server suffered a head crash, but it
> appears this is not so.
>
> I would almost guess that if you can figure out what makes a
> authentication token (DLL, EXE, or NT Service?) and figure out what user
> "MACHINE" maps to ("MACHINE" and "SYSTEM" imply the same user to me,
> IUSR_machine_name) and set the rights properly you might be able to revert
> your machine.config back with success.  I can figure out what creates the
> authentication token if you're implementing a Windows 2000 network with
> Active Directory if you can't find anything tonight.
>
> Good luck,
> - Chuck
>
>

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy