Re: Identity Impersonation question.

From: Paul Glavich [MVP - ASP.NET] (glav_at_aspalliance.com-NOSPAM)
Date: 05/02/04 

Date: Sun, 2 May 2004 22:32:02 +1000

I am not sure I fully understand your requirements but I think you can
either NOT set the impersonation via machine.config and do it only for
individual webs (I know you mentioned you dont want to allow singular webs
to override this) or you could disable anonymous auth in IIS and use Window
Integrated only. If the users are not a member of a domain, then setup
user(s) on the local machine and use that for authentication/authorisation. 

--
- Paul Glavich
Microsoft MVP - ASP.NET
"Peter Johansen" <peterJohan13384SPAMSUCKS@hotmail.com> wrote in message
news:X_Xkc.359102$2oI1.268019@twister01.bloor.is.net.cable.rogers.com...
> Hi,
>
> I have a server that I use for shared hosting. For security reasons, I set
> <identity impersonate="true" /> in my machine.config file, and set
> allowOverRide="false" to prevent individual webs from impersonating
anything
> other than the IIS anonymous account.
>
> The problem now is that I would actually like to impersonate a
non-anonymous
> user for one specific web application. This web application will allow
users
> to change their passwords so it can not be run under an anonymous
identity.
> I know I can change the the IIS anonymous user to an admin user, but I
don't
> really want to do that either.
>
> Basically, all I need to do then is to find a way to prevent impersonation
> for all web applications EXCEPT for this one web application.
>
> Is this possible through machine.config or some other way?
>
> Thanks - Peter
>
>

Relevant Pages

  • Re: System.Security.Principal.WindowsImpersonation
    ... MessageBox.Show("The user is a member of ... something with impersonation that wasn't allowed. ... >> WindowsIdentity class to ... >> dwFlags As Integer, ByRef ...
    (microsoft.public.dotnet.security)
  • RE: check if user belong to a domain against active directory without
    ... "Any one who has never made a mistake has never tried anything new" - Einstein ... > I just get stuck on how to check if a user is a member of network. ... > is a member of the domain account against Global Catalog. ... Changing WindonIdentity with impersonation at run time is ...
    (microsoft.public.dotnet.framework.aspnet)
  • Web Part referencing other assemblies throws security exception
    ... member of, who are the members of this group on that server etc.). ... It seems the impersonation code doesn't event run, and a security exception ... and therefore the security exception is thrown even before the code gets to ... how can I allow this impersonation to take place? ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Active Directory and SQL Server Connection
    ... > Hi Sahil, ... > If we use impersonation, don't I have to add every user/group to the SQL ... > It appears to me that we should setup a generic user in the Active ... I have it working by adding a user to the SQL Server ...
    (microsoft.public.dotnet.framework.adonet)
  • check if user belong to a domain against active directory without impersonation
    ... I just get stuck on how to check if a user is a member of network. ... I am building an internal tracking system with ASP.Net with Form ... Changing WindonIdentity with impersonation at run time is ...
    (microsoft.public.dotnet.framework.aspnet)
Quantcast