Impersonate NT user from Anonymous login

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: ajamrozek (ajamrozek_at_msn.com)
Date: 02/03/05 

Date: 3 Feb 2005 11:07:51 -0800

I have an ASPX page that needs to display data from an Access DB that
resides on a network resource other than the running server. To access
the web page itself, I need IIS to have anonymous login set to true,
but to access the Access DB I need to pass an authenticated network
user. Not for the DB's sake but for the network directory that it
resides on.
Some more environment background: large company with tight server
control. I don't directly work for the IT dept., so I need to make
this as easy on IT as possible. Meaning, I can't do any server
configuration (IIS settings or machine.config) and can not store my
database on the server. Everything needs to be run from the .Net
project.
I've tried the following methods with no success:
1. <identity impersonate="true" userName="domain\Username"
password="password"/>
   fails because this user is not setup on the machine running IIS and
I won't be able too.
2. set the User name and password in IIS anonymous access config to
the authenticated user. will not work because I will not be able to
edit these values in production.
3. attempted to use API's from MS's KB
   failed because it uses tokens based on the current user, which
returned 0 for the token so the impersonation never executes.

thanks,
Alex Jamrozek

Relevant Pages

  • Re: Remote Web Workplace not working properly
    ... Another possibility is alterations to the IIS Application Pool ... take control of the server in the room right next to ... over the internet or from any one desktop within the network). ... back to the login window. ...
    (microsoft.public.windows.server.sbs)
  • AW: IIS6 on W2k3 DCs
    ... >network and you are running some n-tier system and you have a tight budget. ... So much for the Web server ... >that is not exposed (inside your private network). ... IIS & DC, DMZ, internal network ...
    (Focus-Microsoft)
  • Re: IIS / Web Services Security threats
    ... You will be surprised to know, due to a recent virus attack on the perimeter network, the common ports have been closed too. ... I also develop Java applications which runs on weblogic server. ... Since, the entire world knows about port 80 and 443, I thought opening a specific port with IP Sec configuration may make the network little secure. ... My security team thinks allowing communication between the two IIS ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Steps to setup app allowing offsite network access using IIS Authe
    ... The first paras imply you want them to be able to _run_ a web app on an IIS server? ... Regardless of all that, one problem to look out for is that they won't have Active Directory if it's in a DMZ, so Integrated Authentication won't work, nor will Impersonation, You'd need to use plain text with SSL, nasty, and you'd need to pass the passwords as plain text if you want them to be able to start a process, unless you can get Kerberos working in the DMZ and able to pass the tickets over two hops. ... DMZ, there will be several steps involved - from compiling the application with a strong name, to setting up IIS and finally access to the application which will need to run on a server from the DMZ for our partners. ... Can anyone outline each step required to set this up on an IIS server in the network or DMZ along with the assembly requirements of the application to run on this network? ...
    (microsoft.public.vsnet.general)
  • Re: Restricting IP Address
    ... I looked into hosting my own web site on my server that I have, ... would give IIS your Lan address and be sure to put "permit only" in IIS. ... Network Connection again and the click properties. ...
    (microsoft.public.dotnet.framework.aspnet.security)