My question is: Why does setting the impersonate in the location element in the apps web.config behave differently than setting it in the separate web.config? Brad [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => Brad [ip] => nospam@co.lane. [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 1 [islastshown] => [isfirstshown] => 1 [attachments] => [allattachments] => ) --> Can you create a new web project to test this? Luke Microsoft Online Support Get Secure! [url]www.microsoft.com/security[/url] (This posting is provided "AS IS", with no warranties, and confers no rights.) [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => MSFT [ip] => lukezhan@online [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 4 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> impersonation and location element - ASP.NET Security

impersonation and location element - ASP.NET Security

I have an asp.net app with one sub folder that requires windows authentication. The IIS folder is set to require intergrated security and the sub folder has its own web.config with the following setting. <identity impersonate="true" /> <authorization> <allow users ="*" /> </authorization> This works fine and WindowsIdentity.GetCurrent.Name yields the true users identity. But...if I remove the web.config from the sub folder and place the above settings in a "location" element in the apps web.config (se below) then impersonation seems to fail and the "WindowsIdentity.GetCurrent.Name always equals "NT AUTHORITY\NETWORK SERVICE". <location path="subfoldername/page.aspx"> <system.web> <identity impersonate="true" /> <authorization> <allow users ="*" ...

  1. #1

    Default impersonation and location element

    I have an asp.net app with one sub folder that requires windows
    authentication. The IIS folder is set to require intergrated security and
    the sub folder has its own web.config
    with the following setting.
    <identity impersonate="true" />
    <authorization>
    <allow users ="*" />
    </authorization>
    This works fine and WindowsIdentity.GetCurrent.Name yields the true users
    identity.

    But...if I remove the web.config from the sub folder and place the above
    settings in a "location" element in the apps web.config (se below) then
    impersonation seems to fail and the "WindowsIdentity.GetCurrent.Name
    always equals "NT AUTHORITY\NETWORK SERVICE".

    <location path="subfoldername/page.aspx">
    <system.web>
    <identity impersonate="true" />
    <authorization>
    <allow users ="*" /><!-- This allows access to all users -->
    </authorization>
    </system.web>
    </location>

    My question is: Why does setting the impersonate in the location element in
    the apps web.config behave differently than setting it in the separate
    web.config?


    Brad


    Brad Guest

  2. #2

    Default RE: impersonation and location element

    Hi Brad,

    I tested this situation but I got different result with you. When I open
    the webform in sub folder, it give me correct user account instead of "NT
    AUTHORITY\NETWORK SERVICE".

    Therefore, I want confirm with you that if you also create a virtual
    directory for the sub folder in IIS? When you open the page, did you use:

    [url]Http://localhost/WebApplication1/Sub1/page.aspx[/url]

    or

    [url]Http://localhost/Sub1/page.aspx[/url] ?

    In my test, I only have "WebApplication1" as a virtual directory and set
    its securoty to "Integrated Windows Authentication"

    Luke
    Microsoft Online Support

    Get Secure! [url]www.microsoft.com/security[/url]
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)


    MSFT Guest

  3. #3

    Default Re: impersonation and location element

    Luke,
    Using your example:
    Sub1 is not a virtual directory. Anonymous access is enabled for WebApp1
    but it is disabled for Sub1. The page must be accessed as
    [url]Http://localhost/WebApplication1/Sub1/page.aspx[/url] as it is part of the
    WebApp1 compiled application.

    I see the question coming: why not just use integrated auth for WebApp1?
    WebApp1 actually uses forms authentication because some users can be
    authenticated on our domain and others must login using a login page. With
    integrated auth on Sub1 I can test users against folder and, if they can
    access sub1/page.aspx, I set the forms auth using their windows identity
    name otherwise they have to use the login page and I set the forms auth
    using the login page info. It works quite well and I've been using for a
    year now. I was just trying to eliminate multiple web configs in the same
    app and ran into this little issue.

    Brad


    "MSFT" <lukezhanonline.microsoft.com> wrote in message
    news:Y4SqXmpoDHA.1548cpmsftngxa06.phx.gbl...
    > Hi Brad,
    >
    > I tested this situation but I got different result with you. When I open
    > the webform in sub folder, it give me correct user account instead of "NT
    > AUTHORITY\NETWORK SERVICE".
    >
    > Therefore, I want confirm with you that if you also create a virtual
    > directory for the sub folder in IIS? When you open the page, did you use:
    >
    > [url]Http://localhost/WebApplication1/Sub1/page.aspx[/url]
    >
    > or
    >
    > [url]Http://localhost/Sub1/page.aspx[/url] ?
    >
    > In my test, I only have "WebApplication1" as a virtual directory and set
    > its securoty to "Integrated Windows Authentication"
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! [url]www.microsoft.com/security[/url]
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    >

    Brad Guest

  4. #4

    Default Re: impersonation and location element

    Hi Brad,

    I tested "Sub1 is not a virtual directory. Anonymous access is enabled for
    WebApp1 but it is disabled for Sub1. ", but I still get the correct result.
    Here is my ASPX code behind:

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load
    Response.Write(WindowsIdentity.GetCurrent.Name)
    End Sub

    And here is the configration section in web.config of webapp1:

    <location path="sub1/webform5.aspx">
    <system.web>
    <identity impersonate="true" />
    <authorization>
    <allow users ="*" /><!-- This allows access to all users -->
    </authorization>
    </system.web>
    </location>

    Can you create a new web project to test this?

    Luke
    Microsoft Online Support

    Get Secure! [url]www.microsoft.com/security[/url]
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)


    MSFT Guest

  5. #5

    Default Re: impersonation and location element

    Hello Bard, what is the result after you create a new web project for test?
    any updates?

    Luke
    Microsoft Online Support

    Get Secure! [url]www.microsoft.com/security[/url]
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    MSFT Guest

  6. #6

    Default Re: impersonation and location element

    Bard?? Hmmm...I'm not so adept with word or pen as to be called a Bard ;-)
    Anyway....it works now. I'm not sure why it didn't earlier though
    assumption would be that I had a typo or left something out before.

    Thanks for looking into this and the followup.

    Brad



    "MSFT" <lukezhanonline.microsoft.com> wrote in message
    news:54QuMo3pDHA.2616cpmsftngxa06.phx.gbl...
    > Hello Bard, what is the result after you create a new web project for
    test?
    > any updates?
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! [url]www.microsoft.com/security[/url]
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >

    Brad Guest

Similar Threads

  1. Replies: 2
    Last Post: February 9th, 12:41 PM
  2. Error: That location is controlled by another site.Please choose another location
    By zelen2 in forum Macromedia Contribute Connection Administrtion
    Replies: 0
    Last Post: February 24th, 03:36 PM
  3. Forms auth / Location element
    By Mark Teague in forum ASP.NET Security
    Replies: 1
    Last Post: March 22nd, 09:46 AM
  4. how to check array element's values if this element isempty
    By jiecoldfusion in forum Macromedia ColdFusion
    Replies: 2
    Last Post: February 25th, 10:00 PM
  5. [HTML::Element] how to read element by element
    By julien in forum PERL Modules
    Replies: 1
    Last Post: September 18th, 06:31 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •