stackoom
  简体   繁体   中英

IIS Application Pool Identity to use Logged On User Windows Identity

 原文  2017-07-11 09:18:33       asp.net/ asp.net-mvc/ iis-7

Question

I'm developing a web app that performs Active Directory updates using LDAP . When I host the app on an IIS 7, I get the Access is denied error at the statement directoryEntry.CommitChanges(); .

Then I found out that the application pool is using the identity "IIS APPPOOL\\ASP.NET v4.0" to perform the update.

I need the window's account of the user who is using the web application to be the identity of the application pool.

I have done the following:

  1. Add > authentication mode="Windows" in web.config
  2. Disabled anonymous authentication on IIS
  3. Select the built in account "ApplicationPoolIdentity" as the application pool's identity

But haven't still got it to work.

2 answers

solution1
 3  2017-07-11 11:41:18

the concept you are looking for is called Impersonation
from the documentation :

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).
  2. In Features View, double-click Authentication.
  3. On the Authentication page, select ASP.NET Impersonation .
  4. In the Actions pane, click Enable to use ASP.NET Impersonation authentication with the default settings.
  5. Optionally, in the Actions pane, click Edit to set the security principal.
  6. In the Edit ASP.NET Impersonation Settings dialog box, select either Specific user or Authenticated user. Whichever you decide, IIS uses this identity for the security context of the ASP.NET application. By default, IIS 7 is set to impersonate the authenticated user.
  7. Click OK to finish or proceed to the next optional steps to change the identity to impersonate.
  8. Optionally, click Set to change the Specific user identity.
  9. In the Set Credentials dialog box, enter the name of an existing user account in User name, the password associated with that user account in Password, and then the exact same value in Confirm password for a new account IIS should use for anonymous access.
  10. Click OK to close the Set Credentials dialog box.
  11. Click OK to close the Edit ASP.NET Impersonation Settings dialog box.

solution2
 0  2018-08-05 20:02:35

In my case with this configuration it logs with active directory account and the result of System.Security.Principal.WindowsIdentity.GetCurrent().Name is the authenticated session 

<identity impersonate="true"/>
<authentication mode="Windows">
  <forms name="Login" loginUrl="Login.aspx" path="/" timeout="10"/>
</authentication>
<authorization>
  <deny users="?"/>
  <allow users="*"/>
</authorization>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Programmatically set up user account for custom identity application pool in IIS 7 IIS application pool identity not allowing the server to start Identity pool in IIS7 Which one should I use for “anonymous user identity”? “specific user: IUSR” or “application pool identity”? Can I stop and start a windows service from IIS app running under application pool identity? How do you set the IIS Application Pool Identity User Locale when it's set to ApplicationPoolIdentity How to use hosted application pool identity IIS application using application pool identity loses primary token? app pool identity lightswitch isn't getting the logged on user Use Authorize Attribute to Verify Identity User Logged In
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM