Re: Remote control of windows service with windows 2003 server
From: Scott Allen (bitmask_at_[nospam)
Date: 11/15/04
- Next message: Dave: "Re: Master / details grid"
- Previous message: Mike Moore: "RE: Unable to see datasets on forms"
- In reply to: pberna: "Re: Remote control of windows service with windows 2003 server"
- Next in thread: pberna: "Re: Remote control of windows service with windows 2003 server"
- Reply: pberna: "Re: Remote control of windows service with windows 2003 server"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 15 Nov 2004 11:10:34 -0500
Hi pberna:
Impersonation is more difficult in forms authentication. If you use
the username and password attributes of the <identity> tag then yes,
you are passing the username and password for a windows account. Every
local resource ASP.NET touches will be done with the credentials
specified in the <identity> tag, for example, file access, service
control, connecting to a database with a trusted connection.
Is the web application soley for the purpose of controlling the
service? Is it exposed to the Internet?
-- Scott http://www.OdeToCode.com/blogs/scott/ On Mon, 15 Nov 2004 07:10:03 -0800, pberna <pberna@discussions.microsoft.com> wrote: >Dear Scott, > >Thanks for your indications >I red the article, but I'm not sure if impersonation is applicable to the >Forms >authentication mode. What do you think ? Am I wrong ? > >1) If impersonation is also active using the Forms authentication mode, >should the user name related to the token "userName" > ><identity impersonate="true" userName="contoso\Jane" password="pass"/> > >be equal to a Windows User name ? > >2) Are there any relationship between Windows password of a Windows User and >the password of the same User indicated in the web.config file ? > >3) If the ASPNET impersonate a user using the Forms authentication mode,it >means that the .NET application can access to all resource available for that >user ? > >Thank you >Paolo > >"Scott Allen" wrote: > >> Hi pberna: >> >> It's generally a bad idea to run ASP.NET under an administrator >> account, as it makes it easier for a malicious user to have admin >> rights on a machine. Have you investigated impersonation? >> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetimpersonation.asp >> >> As for the NETWORK SERVICE account, there are two types of accounts on >> the machine: user accounts and built in security principals. The built >> in security principals do not appear in the list of users. You can >> still add them to a group if you go to My computer -> Manage -> >> Groups. You can right click a group and select Properties, then click >> Add. You can type in the name you need, or click Advanced and Find Now >> to select the principal from a list - you'll notice at the top of the >> dialog under Object Types the dialog will search for both user objects >> and built in security principal objects. >> >> In any case, a best practice is to avoid elevating the privileges of >> any of these built in accounts. Impersonation is a safer approach. >> >> -- >> Scott >> http://www.OdeToCode.com/blogs/scott/ >> >> On Sat, 13 Nov 2004 19:36:21 GMT, "pberna" <xxx@iol.it> wrote: >> >> >Dear all, >> > >> >I built a Web Form application to start and stop a Windows Service remotely. >> >I successful tested the application on Windows 2000 server + IIS. I must >> >include the ASPNET user >> >to the Administration group (on server side) to have the necessary >> >authorization to start a Windows Service (I don't understand why "Power >> >User" rights are not enough to do the same thing) >> > >> >Although I'm able to start a service using windows 2000 server platform, I'm >> >not able to do the same things in the Windows 2003 server edition where the >> >same Web Form application has been installed (.NET framework has been >> >installed by default during Windows server installation process). I know >> >that in Windows 2003 server the default account for a ASPNET applications is >> >NETWORK SERVICE, but I don't find any user with this name in the user >> >list/group. If I try to create this user and error message tell me that the >> >NETWORK SERVICE user is already defined. The problem is that it doesn't >> >appear in the user list (My computer-> Manage > user) >> > >> >Any idea ? >> > >> >Thank you >> >Best Regards >> > >> >>
- Next message: Dave: "Re: Master / details grid"
- Previous message: Mike Moore: "RE: Unable to see datasets on forms"
- In reply to: pberna: "Re: Remote control of windows service with windows 2003 server"
- Next in thread: pberna: "Re: Remote control of windows service with windows 2003 server"
- Reply: pberna: "Re: Remote control of windows service with windows 2003 server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
