Ask a Question related to ASP.NET Security, Design and Development.
-
Brian Newtz #1
Impersonation question regarding a microsoft article
Hello everyone!
I recently read "ASP.NET Impersonation" from the .NET
Framework Developer's Guide
([url]http://msdn.microsoft.com/library/default.asp?[/url]
url=/library/en-
us/cpguide/html/cpconaspnetimpersonation.asp) and it says
the following:
"Only application code is impersonated; compilation and
configuration are read as the process token. The result
of the compilation is put in the "Temporary ASP.NET
files" directory. The account that is being impersonated
needs to have read/write access to this directory."
So, this is basically telling me that every authenticated
user has to have access to my 'Temporary ASP.NET files'
directory in order to view the pages??? I've verified
that this is definitely not the case, as my 'Temporary
ASP.NET files' directory has only the following security
permissions(my computer name is BNEWTZ):
Administrators (BNEWTZ\Administrators)
aspnet (aspnet@mycompanysdomain.local)
CREATOR OWNER
LOCAL SERVICE
NETWORK SERVICE
Power Users (BNEWTZ\Administrators)
SYSTEM
Users (BNEWTZ\Users)
With these permissions (which are the default, except
that I've added the domain aspnet account which I use in
the processmodel section of machine.config) any domain
user can get to the website just fine. So is the article
incorrect in that statement?
Thanks!
-Brian
Brian Newtz Guest
-
[Microsoft][ODBC Microsoft Access Driver]'(unknown)' is not a valid path error
This is probably an old problem that most of you know how to fix (I hope!). The scenario is that I have a web server running an ASP site that needs... -
"Microsoft must deliver 'secure environments' not tools to write 'secure code'" : draft article
Hello Please see bellow the final draft of an article soon to be published. I would appreciate your comments and corrections of anything that I... -
Microsoft Self Paced Training ASP.NET Book Question
I apologize if this is the wrong place to post this, but there doesn't seem to be a NG for training. Please advise if there is a better NG. ... -
QUESTION for a MICROSOFT guy here...
about another news group... These news groups are always pleas for help... How about a news group like: ... -
microsoft-ds question
I don't think it can be disabled. Use a firewall (either something like ZoneAlarm or a router+firewall). There are several worms trying to... -
Jim Cheshire [MSFT] #2 RE: Impersonation question regarding a microsoft article
Brian,
That documentation is incorrect. The process account has to have full
control on that folder, but the impersonated account does not in the case
of first-time JIT compile.
Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
[email]jamesche@online.microsoft.com[/email]
This post is provided as-is with no warranties and confers no rights.
--------------------microsoft.public.dotnet.framework.aspnet.security: 8036>Content-Class: urn:content-classes:message
>From: "Brian Newtz" <anonymous@discussions.microsoft.com>
>Sender: "Brian Newtz" <anonymous@discussions.microsoft.com>
>Subject: Impersonation question regarding a microsoft article
>Date: Tue, 23 Dec 2003 08:17:43 -0800
>Lines: 40
>Message-ID: <09b201c3c970$4b509c00$a601280a@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Thread-Index: AcPJcEtQodKge0h2Sd+UR2DdUFfdag==
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>Path: cpmsftngxa07.phx.gbl
>Xref: cpmsftngxa07.phx.gbl>NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Hello everyone!
>
>I recently read "ASP.NET Impersonation" from the .NET
>Framework Developer's Guide
>([url]http://msdn.microsoft.com/library/default.asp?[/url]
>url=/library/en-
>us/cpguide/html/cpconaspnetimpersonation.asp) and it says
>the following:
>
>"Only application code is impersonated; compilation and
>configuration are read as the process token. The result
>of the compilation is put in the "Temporary ASP.NET
>files" directory. The account that is being impersonated
>needs to have read/write access to this directory."
>
>So, this is basically telling me that every authenticated
>user has to have access to my 'Temporary ASP.NET files'
>directory in order to view the pages??? I've verified
>that this is definitely not the case, as my 'Temporary
>ASP.NET files' directory has only the following security
>permissions(my computer name is BNEWTZ):
>
>Administrators (BNEWTZ\Administrators)
>aspnet (aspnet@mycompanysdomain.local)
>CREATOR OWNER
>LOCAL SERVICE
>NETWORK SERVICE
>Power Users (BNEWTZ\Administrators)
>SYSTEM
>Users (BNEWTZ\Users)
>
>With these permissions (which are the default, except
>that I've added the domain aspnet account which I use in
>the processmodel section of machine.config) any domain
>user can get to the website just fine. So is the article
>incorrect in that statement?
>
>Thanks!
>-Brian
>
>Jim Cheshire [MSFT] Guest
-
Brian Newtz #3 RE: Impersonation question regarding a microsoft article
Jim,
Thanks!
-Brian
has to have full>-----Original Message-----
>Brian,
>
>That documentation is incorrect. The process accountdoes not in the case>control on that folder, but the impersonated accountconfers no rights.>of first-time JIT compile.
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Developer Support
>ASP.NET
>jamesche@online.microsoft.com
>
>This post is provided as-is with no warranties and<anonymous@discussions.microsoft.com>>
>
>-------------------->>Content-Class: urn:content-classes:message
>>From: "Brian Newtz"<anonymous@discussions.microsoft.com>>>Sender: "Brian Newtz"article>>Subject: Impersonation question regarding a microsoftmicrosoft.public.dotnet.framework.aspnet.security>>Date: Tue, 23 Dec 2003 08:17:43 -0800
>>Lines: 40
>>Message-ID: <09b201c3c970$4b509c00$a601280a@phx.gbl>
>>MIME-Version: 1.0
>>Content-Type: text/plain;
>> charset="iso-8859-1"
>>Content-Transfer-Encoding: 7bit
>>X-Newsreader: Microsoft CDO for Windows 2000
>>Thread-Index: AcPJcEtQodKge0h2Sd+UR2DdUFfdag==
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>>Newsgroups:microsoft.public.dotnet.framework.aspnet.security>microsoft.public.dotnet.framework.aspnet.security :8036>>Path: cpmsftngxa07.phx.gbl
>>Xref: cpmsftngxa07.phx.gbl>>NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
>>X-Tomcat-NG:says>>
>>Hello everyone!
>>
>>I recently read "ASP.NET Impersonation" from the .NET
>>Framework Developer's Guide
>>([url]http://msdn.microsoft.com/library/default.asp?[/url]
>>url=/library/en-
>>us/cpguide/html/cpconaspnetimpersonation.asp) and itimpersonated>>the following:
>>
>>"Only application code is impersonated; compilation and
>>configuration are read as the process token. The result
>>of the compilation is put in the "Temporary ASP.NET
>>files" directory. The account that is beingauthenticated>>needs to have read/write access to this directory."
>>
>>So, this is basically telling me that everysecurity>>user has to have access to my 'Temporary ASP.NET files'
>>directory in order to view the pages??? I've verified
>>that this is definitely not the case, as my 'Temporary
>>ASP.NET files' directory has only the followingin>>permissions(my computer name is BNEWTZ):
>>
>>Administrators (BNEWTZ\Administrators)
>>aspnet (aspnet@mycompanysdomain.local)
>>CREATOR OWNER
>>LOCAL SERVICE
>>NETWORK SERVICE
>>Power Users (BNEWTZ\Administrators)
>>SYSTEM
>>Users (BNEWTZ\Users)
>>
>>With these permissions (which are the default, except
>>that I've added the domain aspnet account which I usearticle>>the processmodel section of machine.config) any domain
>>user can get to the website just fine. So is the>>>incorrect in that statement?
>>
>>Thanks!
>>-Brian
>>
>>
>.
>Brian Newtz Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
