Re: Impersonation error \ prevention
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Tue, 24 Apr 2007 10:53:36 -0500
"Gavin" <Gavin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B897786D-5510-4F5C-8D0E-64B8C80E5F1B@xxxxxxxxxxxxxxxx
We have also seen an instance where a user has logged on to a test system as
two different users and seen the role based site for one user whilst awaiting
authentication as the other user.
Our suspicion is that ISA is confusing sessions from a single computer where
those requests have come from behind the same proxy - is there a setting or
error in our configuration that may be allowing this to happen? Do anyone
have any other advice or knowledge on why this might happen and how we can
prevent it?
ISA isn't the problem. Everything you have described implies a screwed up IIS
and screwed up Web Application design, particularly in the area of "State
Maintainence". But IIS and Site design isn't really my area and I really don't
have the knowledge to straighten that out.
I do know that you have to consider the fact that a proxy is in use when you
design the method of maintaining state because not all methods may work well.
It is also futher complicated if more than one Web Server or more than one Web
Site on a single server is involved and the user is moving back and forth
between them. I believe it pretty much requires a Cookie on the users browser
with a unique indentifier that is *not* related to the SessionID because the
SessionID is not going to be consistant. The user's IP# is also not a proper
unique ID.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
.
- Prev by Date: Re: DMZ zone
- Next by Date: Re: Impersonation error \ prevention
- Previous by thread: DMZ zone
- Next by thread: Re: Impersonation error \ prevention
- Index(es):
Loading
