Ask a Question related to ASP.NET Security, Design and Development.
-
Anton Sokolovsky #1
expiring passwords with impersonated identity
Hi all !
Imagine ASP.NET application impersonating specific identity with webconfig:
<identity impersonate="true" userName="accountname" password="password" />
When accountname user is specially created to run this application and noone
uses it for interactive logon, there is no standard way to change the
password when it expires. This leads to ASP.NET application failing with
code 500.
There are 2 workarounds in this case that I came up to:
1. Try impersonating the user in the code for each page, and if fails
redirect to the page that gives the ability to change the password.
2. Same as #1 but done only once - in default.aspx
Question is: whith impersonation in default.aspx will the token be
application wide - used for any other subseqent page request within this
application, or it's scope is just a single page. Point is to reach
application-wide impersonation with a piece of code rather than using
webconfig.
Sorry if this question has been asked previously, but I cannot find it.
Thanks,
Anton.
Anton Sokolovsky Guest
-
expiring sessions
I've seen a couple of questions regarding the expiring of sessions in PHP. The way to control how sessions expire is to set some options in... -
start process as impersonated account for NETSH DHCP?
Am trying to automatically query and update DHCP servers via a web application with VB.NET. Testing with a privileged account, defined thus in... -
ASPNet Process Token flowing with Impersonated Identity
I have a problem with a service-oriented application that is using impersonation. MachineA (Web Server) - Hosts webservices MachineB (App... -
Impersonated login to web service from outside domain
I'm having trouble connecting to a web service through a web server, when using a client not part of the same domain as the servers. The setup is... -
Registry access permission doesn't obey impersonated user
I have an asp.net application that impersonates a user. I did a test for reading a registry key and noticed that the app can read the key even... -
Anton Sokolovsky #2 Solved - expiring passwords with impersonated identity
1. Don't use imersonation in web.config
2. In global.asax implement Application_PreRequestHandlerExecute with the
code to impersonate required user
3. If #2 fails and current loged in user has OS admin rights, redirect the
user to the page where he is allowed to configure the application with new
credentials.
"Anton Sokolovsky" <anton@infopulse.com.ua> wrote in message
news:cll7ks$ar0$1@relay.infopulse.com.ua...webconfig:> Hi all !
>
> Imagine ASP.NET application impersonating specific identity withnoone> <identity impersonate="true" userName="accountname" password="password" />
>
> When accountname user is specially created to run this application and> uses it for interactive logon, there is no standard way to change the
> password when it expires. This leads to ASP.NET application failing with
> code 500.
>
> There are 2 workarounds in this case that I came up to:
> 1. Try impersonating the user in the code for each page, and if fails
> redirect to the page that gives the ability to change the password.
> 2. Same as #1 but done only once - in default.aspx
>
> Question is: whith impersonation in default.aspx will the token be
> application wide - used for any other subseqent page request within this
> application, or it's scope is just a single page. Point is to reach
> application-wide impersonation with a piece of code rather than using
> webconfig.
>
> Sorry if this question has been asked previously, but I cannot find it.
>
> Thanks,
> Anton.
>
>
Anton Sokolovsky Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
