Re: Impersonate user from ASP.NET - access to network file share
From: Paul Clement (UseAdddressAtEndofMessage_at_swspectrum.com)
Date: 12/10/04
- Next message: piyush: "Re: PostBuild Event : Retrieving Environment Variable"
- Previous message: Ben Solomon: "RE: Regex"
- In reply to: Michelle_at_bwalk.com: "Re: Impersonate user from ASP.NET - access to network file share"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 10 Dec 2004 09:11:41 -0600
On 9 Dec 2004 12:50:39 -0800, Michelle@bwalk.com wrote:
¤ Hi all!!
¤
¤ I just wanted to let you know that I have conceeded and just put
¤ <identity impersonate="true" userName="accountname" password="password"
¤ /> in the web config. This works perfectly. I origionally didnt' want
¤ to set up impersonation for the whole site, but hopefully my sysadmin
¤ will clear it and all will be well.
That probably works because the user name and password are clear text at the web server and can be
passed in response to authentication challenges from remote resources.
In answer to your other question, delegation is the next step after impersonation when attempting to
access remote resources. If you're using a mechanism where the user ID and password are encrypted
then you need to implement the delegation mechanism w/Kerberos.
If your credentials are clear text at the web server such as in Basic authentication with no SSL
(which of course isn't particularly secure) then those credentials can be used in response to
authentication challenges when access remote resources.
You can find more info at the below link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch08.asp
Paul ~~~ pclement@ameritech.net
Microsoft MVP (Visual Basic)
- Next message: piyush: "Re: PostBuild Event : Retrieving Environment Variable"
- Previous message: Ben Solomon: "RE: Regex"
- In reply to: Michelle_at_bwalk.com: "Re: Impersonate user from ASP.NET - access to network file share"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
