p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

proasp_codeclinic thread: ASP and File Transfers


Message #1 by "Susan Henesy" <susan.henesy@u...> on Tue, 12 Nov 2002 17:25:50
The stuff below is ASP.Net, not ASP.

Also, running ASP.Net under an "Administrator" context is a huge security
no-no...if someone is able to compromise the machine they'd have
Admintrative privelages on the machine...(they could drop a trojan into the
/startup/ folder of any of the user profiles on the machine (eg a Domain
Admin profile), and as soon as the domain admin logged on your entire
network is down the toilet...

Cheers
Ken

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Susan Henesy" <susan.henesy@u...>
Subject: [proasp_codeclinic] Re: ASP and File Transfers


: Thank you, Ken!
:
: But, before I could get your response off to my friend -- naturally! -- he
: wrote and told me he'd found an answer to his problem.
:
: I've pasted in his solution below.  Would like to hear your feedback on
: it, if any -- I'd have never thought to touch a web config file.  I'd
: asked my friend to check his settings in his DIRECTORY SECURITY IIS
: properties, to see if Anonymous Access or Integrated Windows
: Authentication was selected on his site (per "Professional ASP 3.0", pages
: 923-925).
:
: Thanks again for responding to this plea for help so quickly, Ken!  Always
: good to hear from the guru :).
:
: Susan
:
:
: ***********************************************************************
: SOLUTION FOUND!
: ***********************************************************************
: Just out of dumb luck I found the solution (after 2 weeks of hunting)!!
No
: username or password required, I just had to put this in the web config
: file:
:
: <identity impersonate="true" userName=""
: password="" />
:
: I can't take full credit--several days ago I picked this off a developers
: site:
:
: =======================================================================
: "Edit the line in your web.config account as below.
:
: <system.web>
: <identity impersonate="true" userName="mydomain\myusername"
: password="mypassword" />
:
: If you are using Win2K you may also have to allow the ASPNET to act as
part
: of the operating system (Windows XP and .NET server don't require this
: setting). Select Start/Programs/Administrative Tools/Local Security
Policy.
: Then select Local Policies/User Rights Assignment/Act as part of the
: operating system. Add the local ASPNET account and everything should work
: OK.
: =======================================================================
:
: Thanks for the fix. I found that I had to make the name/password a
: member of the Administrator group. I am finding out that dot.net makes
: things easier if one knows the secret password, etc.
: ***********************************************************************
:
:
:


  Return to Index