Hi Richlm,

From your description, you're wantting to build a trusted sub-system for
your ASP.NET application and wonder what's the proper way to configure
ASP.NET security settings, correct?

Based on my experience, the "AppDomain.CurrentDomain.SetPrincipalPolicy" is
seldom used in ASP.NET application. ASP.NET application has its own
security settings:

** the authentication (in IIS and ASP.NET side)

** the impersonate

the authentication will control whether the IIS will forward security
credential of client to ASP.NET and whether ASP.NET will populate it in
current Thread's principal. The impersonate will control whether the
ASP.NET will change the current worker thread's security account(either the
one you set in web.config or the account forwarded from IIS/CLIENT).

For your scenario, a typical trusted sub-system mainly require a powerful
process account. That means you can change the process account to a custom
account which will have sufficient permission to access any resource your
application requires. And you'll no longer need to do impersonate(to run
thread under client authenticated account or account set in web.config).

Here are some reference about ASP.NET security settings:

#Authentication in ASP.NET: .NET Security Guidance
http://msdn2.microsoft.com/en-us/library/ms978378.aspx

#Impersonation with ASP.NET 2.0
http://www.c-sharpcorner.com/UploadFile/manishkdwivedi/impersonation10092007
065217AM/impersonation.aspx

#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998351.aspx

#Configuring Process Identity for ASP.NET (IIS 6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1
34d11d5-7676-4f59-936b-a59e7bca8515.mspx?mfr=true

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@microsoft.com.

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

What has this to do with trusted subsystem?

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)