Re: security
From: Willy Denoyette [MVP] (willy.denoyette_at_pandora.be)
Date: 12/15/04
- Next message: Sarmad Ansari: "Bookmarks"
- Previous message: dkelly_at_memco.co.uk: "Re: where is FileNameEditor?"
- In reply to: ivang: "Re: security"
- Next in thread: ivang: "Re: security"
- Reply: ivang: "Re: security"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Dec 2004 18:26:29 +0100
"ivang" <ivan_gavrilyuk@hotmail.com> wrote in message
news:u4YYuur4EHA.1452@TK2MSFTNGP11.phx.gbl...
> Hello, Willy!
> You wrote on Wed, 15 Dec 2004 14:15:38 +0100:
>
> WDM> No they dont, but if you specify the correct logontype when calling
> WDM> LogonUser (NETWORK_CLEARTEXT) you will get a direct token with
> network
> WDM> access privileges!
> Will this api work under asp.net process account on windows servers lower
> than 2003?
>
*** No, on W2K "LogonUser" can only be called by users having "Act as part
of the Operating System" privilege, by default only SYSTEM has this
privilege is, that means asp.net should run as "Localsystem" .
This restriction does not exists any longer on XP and higher.
> WDM> If you're like me and don't like impersonation, you simply have to
> WDM> establish a network logon session (use record) using the "net use"
> WDM> command (from the command line a logon script), or by calling Win32
> WDM> API NetUseAdd through PInvoke.
> I'm not sure this will be fast enough to map different network share for
> each function call :(
*** You shouldn't use this from asp.net, use impersonation instead.
See inline ***
Willy.
- Next message: Sarmad Ansari: "Bookmarks"
- Previous message: dkelly_at_memco.co.uk: "Re: where is FileNameEditor?"
- In reply to: ivang: "Re: security"
- Next in thread: ivang: "Re: security"
- Reply: ivang: "Re: security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
