Re: Impersonation and Performance

From: bruce barker <nospam@xxxxxxxxxx>
Date: Fri, 24 Aug 2007 15:33:01 -0700

instead of web.config, you should use a app pool with the domain account you need.

there will be a minor hit with impersonation, but the credentials should cache. you could expose the dynamic data as an anonymous web site instead of unc.

-- bruce (sqlwork.com)

KittyHawk wrote:

I am in the process of migrating an II6 environment from a single server to a network load balanced system. Thus, I am using a virtual directory on a UNC share to house the dynamic data that the web farm will access.

Since ASP.NET runs as a local account on the IIS servers, I have to use impersonation to perform any operations on the data that resides on the UNC share. I am hard-coding the impersonation credentials in the web.config files of only the apps that need them. Is this going to have performance implications versus not using impersonation? I have read where you shouldn’t use “per request impersonation” which is what is prompting this question.

Prev by Date: Re: Moving existing application from using Session State InProc to SQL
Next by Date: Re: Moving existing application from using Session State InProc to SQL
Previous by thread: elements not loaded before RegisterStartupScript
Next by thread: Doubt publishing site
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows authentication for web service client??
... > Dim Response As System.Net.HttpWebResponse ... > make my http WEBDAV request here ... ... CredentialCache.DefaultCredentials will return the credentials that ... I have try the same approach using implicity impersonation, ...
(microsoft.public.dotnet.framework.aspnet.webservices)
Re: AD Login failure when using ActiveDirectoryMembershipProvider
... The AD membership provider disables impersonation when it does its DS ... default credentials, you need to change the credentials in your processModel ... in machine.config to a domain account for testing purposes. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: SetPassword access denied
... That said, I think one thing worth pointing out is that in both cases here, your code is supplying credentials to the DirectoryEntry constructor. ... the identity of the current thread (established either via impersonation or using the process token without impersonation) is NOT the account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
Re: Windows authentication for web service client??
... >> Dim Response As System.Net.HttpWebResponse ... >> make my http WEBDAV request here ... ... CredentialCache.DefaultCredentials will return the credentials that ... > I have try the same approach using implicity impersonation, ...
(microsoft.public.dotnet.framework.aspnet.webservices)
Re: No access to AD through DirectoryEntry/Searcher even when logging on
... the explicit credentials are used when binding. ... Following uses the default credentials (process or impersonation thread token): ... When specifying the usesername as something like: eTrond, then you need to specify secure binding. ... Also check whether computer.company.no is a server name or a domain name, if not sure use the flat NetBIOS name of the AD/DC. ...
(microsoft.public.dotnet.framework.aspnet.security)