|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Authentication/Impersonation Inconsistencyinconsistent results. Win 2000 w/ Visual Studio 2003 .NET Framework v1.1 in development mode. I have the following set in web.config: <authentication mode="Windows" /> <identity impersonate ="true" /> I also have changed IIS to not allow Anonymous Access I have changed the permissions on a couple of files to different users that I have created. Each of the files having only 1 different user given permission. 2 Problems: 1) Sometimes things happen as expected where, when moving from apsx to aspx, I get promted for the username/password/domain and with the proper credentials get permission. But all of a sudden it stops working and am not given access when retrying with the same credentials on the same aspx page when nothing has changed. 2) When provided access via the username/login/domain credentials all other pages that are accessed use that last set of credentials instead of the original, that being what the user is logged into the machine as. This isn't a major problem but shouldn't it only allow access and not change anything? Istead of using ACL's, try using the <location> element in your web.config
to set the particular user allowed to access a particular location (in your case a specific .aspx page) eg. <configuration> <!-- allow only user1 to access page 1 --> <location path="page1.aspx"> <system.web> <authorization> <allow users="user1"/> <deny users="*" /> </authorization> </system.web> </location> <!-- allow only user1 to access page 2 --> <location path="page2.aspx"> <system.web> <authorization> <allow users="user2"/> <deny users="*" /> </authorization> </system.web> </location> <!-- allow all other authenticated users to access other pages --> <system.web> <authorization> <allow users="?"/> <deny users="*" /> </authorization> </system.web> </configuration> Show quoteHide quote "whornak" <whor***@discussions.microsoft.com> wrote in message news:708EAB11-E5CA-4464-8188-7EBB5416E9BB@microsoft.com... > I am trying to use the Impersonation functionality but am getting > inconsistent results. Win 2000 w/ Visual Studio 2003 .NET Framework v1.1 in > development mode. > > I have the following set in web.config: > <authentication mode="Windows" /> > <identity impersonate ="true" /> > > I also have changed IIS to not allow Anonymous Access > > I have changed the permissions on a couple of files to different users that > I have created. Each of the files having only 1 different user given > permission. > > 2 Problems: > > 1) Sometimes things happen as expected where, when moving from apsx to aspx, > I get promted for the username/password/domain and with the proper > credentials get permission. But all of a sudden it stops working and am not > given access when retrying with the same credentials on the same aspx page > when nothing has changed. > > 2) When provided access via the username/login/domain credentials all other > pages that are accessed use that last set of credentials instead of the > original, that being what the user is logged into the machine as. > > This isn't a major problem but shouldn't it only allow access and not change > anything? 
Other interesting topics
API to access loaded assembly hash
Medium Level Trust and Reflection Active Directory Machine Account Permissions Method SetThreadPrincipal Make Security to Directory Forms authentication periodically requires re-login XmlSerialization of classes with declarative Security enterprise library encrypt using config file Windows user controls in a web page: Security CAS problems |
|||||||||||||||||||||||
