Thanks for your posts guys.
Maybe Iâm misreading something?
Quote:
quote:Windows authentication without impersonation. This is the default setting. [u]ASP.NET performs operations and accesses resources by using your application's process identity</u>, which by default is the Network Service account on Windows Server 2003.
|
Source:
http://msdn2.microsoft.com/en-us/library/ms998358.aspx
The Network Service account has read & execute permissions on the folder and aspx page.
Yet, non-administrative users still receive the following error:
401.3: You do not have permission to view this directory or page using the credentials you supplied (access denied due to Access Control Lists)
I am using Windows Server 2003
The site is configured for âIntegrated Windows Authenticationâ only (in IIS).
The web.config file contains this lineâ¦
<authentication mode="Windows" />
See:
http://msdn2.microsoft.com/en-us/library/aa291347.aspx
The web.config file contains this lineâ¦
<identity impersonate="false" />
Which, I am assuming explicitly disables impersonation (even though that is the default behavior)
See:
http://msdn2.microsoft.com/en-us/lib...c5(VS.71).aspx
In the authorization section of the web.config I have this:
<authorization>
<allow users="*"/>
<deny users="?"/>
</authorization>
See:
http://msdn2.microsoft.com/en-us/lib...cd(VS.80).aspx
Quote:
quote:âA question mark (?) denies anonymous users and an asterisk (*) indicates that all user accounts are denied access.â
|
So, I am assuming by adding that I am allowing all AUTHENTICATED users but no anonymous, or âguestâ users.
Furthermore, I wrote code to output the current windows identity being used by the applicationâ¦
Code:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
When I run that code as an administrator, it returns the following value: âNT AUTHORITY\NETWORK SERVICEâ
So, why am I seeing behavior that contradicts what has been stated by Microsoft?