stackoom
  简体   繁体   中英

Using ASP.Net Impersonation w/ Windows Authentication

 原文  2014-07-17 21:38:10       asp.net/ .net/ .net-4.0/ iis-6/ impersonation

Question

We have a web application that copies files to a remote server within our domain ( OurDomain ). The following issue occurs with users that log on to their laptop with another domain, and then log on to the web application with OurDomain . Users that log on to both the laptop and web application with OurDomain\\User don't have this problem.

We have two webforms:

The 1st webform retrieves the user's ID using System.Security.Principal.WindowsIdentity.GetCurrent() and then sends an email with this userid. This code retrieves the user's ID only if we have Windows Authentication set to Enabled and ASP.Net Impersonation also set to Enabled . If ASP.Net Impersonation is set to Disabled , the user will be Network Service . So I set both to Enabled and everything here works great.

The 2nd webform copies some files to the remote server, also under the domain OurDomain . With Windows Authentication set to Enabled and ASP.Net Impersonation set to Disabled , then Network Service is used to copy the files to the remote server and are copied correctly. On the other hand, If ASP.Net Impersonation is set to Enabled , it seems to bypass Network Service and even OurDomain\\User and tries to copy with, apparently, the credentials used to log on to the laptop (Another domain). The files don't copy and I get error Access to the path is denied

The only fix I've found is to add OurDomain\\User to the folder, and it's really not a big deal, but I wanted to see why this was happening.

Thanks.

1 answers

solution1
 0 ACCPTED  2014-07-18 00:42:13

I believe OurDomain\\User is the user who is logged into the system from web browser. It is not a good security practice to give server folder access to that group of users. If you give access to those users they can even browse the remote folder without your web application.

NetworkService is a user who has role on in the system where it is created.

Better create a user as asp.net appPool user in OruDomain\\webappuser ie the user who runs the w3wp worker process. Let the password with be the admin.Give OurDomain\\webappuser the permission on the remote folder. Run the web form without impersonation.

Now the files which are received via file upload dialog in webform2 can be copied to the folder safely as the asp.net application run in the context of OurDomain\\webappuser

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET windows authentication with impersonation ASP.NET Windows Authentication Impersonation Oracle on Linux with ASP.NET Windows Authentication Impersonation Entity Framework Windows Authentication with ASP.NET Impersonation Sign data using smart card's private key with ASP.NET, Windows Authentication, and Impersonation Configuring ASP.NET Impersonation Authentication User impersonation with asp.net forms authentication User impersonation with ASP.NET Forms Authentication Using ASP.NET Impersonation to get the windows login name why does windows authentication / impersonation fail on asp.net application with iis 7.5 / windows 7 /
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM