Re: Want to Reboot server from ASPX page

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Chris Botha (chris_s_botha_at_AT_h.o.t.m.a.i.l.com)
Date: 04/18/04 

Date: Sun, 18 Apr 2004 18:43:42 -0400

I don't think impersonation works with forms authentication, but I may be
wrong, always some surprise somewhere (it works with Integrated Widows auth,
as well as Basic Auth).
To switch anonymous access off, run IIS Service Manager, find your Web App
under the Default Web Site, right click on it, properties, then Directory
Security, then hit the top edit button and uncheck the anonymous access.
After doing this, hitting the page with IE, if you are not an authenticated
user, you will be prompted to sign in (if you are authenticated, it won't
prompt you), and that will be the user impersonated (unless you specified a
username/password on the impersonate line in the web.config file).

Second solution, I'm not sure if it will work, but it may, write an ActiveX
dll, install it in COM+ specifying the credentials it should run under, and
call it from your aspx page. Beware that if it works, anyone hitting the
page can re-boot the computer.

I don't know what setting the "user='SYSTEM'" in the machine.config does.

"Terry" <anonymous@discussions.microsoft.com> wrote in message
news:7C3AB4EA-79F3-4465-9A5E-DD8379D164D3@microsoft.com...
> OK, I have verified that the shutdown related code is working fine from
> a regular app.
>
> How do I switch off anonymous access to the virtual directory?
> Are you talking about adding a statement like <deny user="?">
> in my web.config file or are you talking about a setting in
> the IIS Service Mgr.
>
> I am using a simple application based 'Forms' authentication.
> In this case if I use <identity impersonate="true" /> who would
> it be impersonating ... or in this case because I am using Forms
> authentication would I have to spell all that out like
> <identity impersonate="true" userName="abc" password="def">
>
> I am still a little puzzled by all this impersonate stuff ... if you do
> impersonation what is the point of setting the user='SYSTEM' in
> the machine.config file?
>
> Thanks,
>
> Terry
>
> ----- Chris Botha wrote: -----
>
> Terry, first get the code to run in a normal Windows App, so you know
that
> it works.
> After that, it should be a security issue, and impersonation should
work,
> but you also have to switch off anonymous access to the virtual
directory
> for impersonation to work.
> To ensure that your impersonation is set up correctly, add a test
call
> somewhere in a form, returning the current user, and check that it is
what
> you expect (not the anonymous, or ASP.NET user, etc). To get the
current
> user, call
> System.Security.Principal.WindowsIdentity.GetCurrent().Name
>
> "Terry" <anonymous@discussions.microsoft.com> wrote in message
> news:27B39478-93C0-42AE-9ECE-A49E9EC01AE7@microsoft.com...
> > I am developing a asp.net web based service application for our
product.
> > I am trying to trigger a reboot of the server based on a user
request.
> > I believe I have all the appropriate code for AdjustingTokens etc
and
> > all those calls seem to succeed, however, the final call to
ExitWindowsEx
> > is failing with 'Access Denied'.
> >> In my machine.config, I have already set the userName to 'System'
as I
> > seem to require this for some other functionality I implemented. I
also
> tried
> > to impersonate a local user account with admin priviledges via my
> applications
> > web.config file but that failed as well with the same 'Access
Denied' (by
> the
> > way what exactly does 'impersonate' in the web.config do when the
> machine.config
> > file already lets me specify the user as 'SYSTEM'?)
> >> I expect there is some other security thing that I need to twiddle
... any
> ideas greatly
> > appreciated (with as much detail as possible, I am very new to this
whole
> web security
> > stuff).
> >> Thanks,
> >> Terry
> >

Relevant Pages

  • Re: Problems with writing to a file on IIS 6.0
    ... Windows Authentication means that the end user must supply Windows credentials to *authenticate*. ... Anonymous access means that a preconfigured user account is used. ... Impersonation is something completely different to authentication. ... will use Network Service ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to use WindowsPrincipal properly??
    ... the administrators in the computer e.g. win2k ... I am basically confused with the role base authentication and the ... impersonation, not sure what exactly is the difference. ... > string ONLY returns the string "Administrator", ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: System.IO.Directoryinfo throwing exception
    ... With basic authentication and impersonation you need to ... use a domain account which can delegate and you can check how to mark your ... ASP.NET MVP ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Access denied ( From one site to another, that is in another server)
    ... server. ... you can implement impersonation through code and revert ... This posting is provided "AS IS", with no warranties, and confers no rights. ... | Integrated Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: localhost vs. macinename in URL (access denied)
    ... Impersonation with Integrated Authentication will work if you are accessing ... a resource on the same machine. ... being delegated to allow delegation or change the computer account to allow ...
    (microsoft.public.dotnet.security)