Re: Read-only access to SPGlobalConfig without administrator rights

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Thank you very much for your reply. Would have an example of how to
retrieve the app pool identity from the Metabase? I have not seen that
done before.

Thanks

Nikander and Margriet Bruggeman wrote:
> Hello Matt,
>
> Well, back to the impersonation thing again. We agree you shouldn't
hardcode
> admin user names and passwords in code, but you can have
impersonation using
> other options. One way would be to use to application pool identity
which
> is always a local administrator and SharePoint database administrator
(it's
> credentials are stored safely in the IIS metabase), another approach
would
> be to store the credentials in the SPPT credential mapping database
(where
> it's kept encrypted). So, you have other options besides hard coding
names
> and passwords...
>
> Kind regards,
> Nikander & Margriet Bruggeman
>
> > Does anyone know how to simply READ (not update) the settings in
> > SPGlobalAdmin and SPGlobalConfig without impersonation? We need to
> > read the BlockedFileTypes property in SPGlobalAdmin.Config for a
> > custom Web Part we're building that allows file uploads. We want
to
> > use the BlockedFileTypes property for the upload validation code.
> >
> > It is a standard Portal site with Windows integrated security. The
> > users are not portal admin users, so impersonation doesn't work,
and I
> > don't want to hard-code admin user names and passwords in code or
in
> > web.config.
> >
> > // Obtain a reference to the SharePoint admin class
> > SPGlobalAdmin admin = new SPGlobalAdmin();
> > // Test reading output << Prompts for admin logon here >>
> > output.write(admin.Config.BlockedFileTypes.ToString());
> > Thanks,
> >
> > Matt
> >

.

Relevant Pages

  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... Only account A has access to database DB-A ... Application A and Application B have an application security based on Active ... The Pool identity is the one accessing the backend resources like ... We are 'investigating' the impersonation alternative. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... We are 'investigating' the impersonation alternative. ... What is your suggestion for Application pool identity? ... IIS is being consistent with security while what you are doing is not ... identity changes group membership to have Group1 and accesses data. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Read-only access to SPGlobalConfig without administrator rights
    ... We agree you shouldn't hardcode admin user names and passwords in code, but you can have impersonation using other options. ... SPGlobalAdmin and SPGlobalConfig without impersonation? ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: shortest path to write to a network drive?
    ... The folder is used by every user who has a log on id and has 'Full Control' permissions granted to 'Everyone'. ... I've found and tried a number of Impersonation and Delegation articles, but I only get a headache from them. ... I know we have the IIS Application Pool Identity set to IWAM_machine instead of "Network Service", but I don't recall the rationale for changing it over a year ago. ... The latter returns "Could not find part of the path", which makes sense, I did not expect mapped drives to show up for the IIS process. ...
    (microsoft.public.dotnet.framework.aspnet)
  • XP SP2, SSPI, Bad Impersonation level Error
    ... password which allowed me to use SSPI to impersonate the admin user ... Since installing XP SP2, the SSPI impersonation code works the same ...
    (microsoft.public.platformsdk.security)