Help using impersonation - permission problems.

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

teejayem@gmail.com - 19 Oct 2007 16:29 GMT

Hi.

I have an ASP.NET website. My IIS is set to use Windows NT
Authentication.

I have configured my ASP website to use impersonation using the
following tag:-

<identity impersonate="true" />

Now I understand that the code that runs on the server should now run
as the NT user that has authenticated against my IIS. This doesn't
seem to be the case as I have tested this with users who are members
of the Domain Admins group and the website displays errors which is
being caused by permissions.

When I explicitly define the user name and password of an
administrative account it works fine.

<identity impersonate="true" userName="WALKER_MORRIS\user"
password="" ></identity>

Any ideas? As I would rather not have a domain admin account user
details written in plain text.

Reply to this Message

bruce barker - 19 Oct 2007 16:50 GMT

if you use identity impersonate with nt authentication, permissions are
only good on the iis server. they cannot be used to access another
server. this is a limitation of nt security (1 hop rule). you can switch
to kerberos and enable credentials forwarding.

if you are just trying to give the web site permission, then use app
pools to set the identity, not the web config. asp.net also support
encrypting string in the web config.

-- bruce (sqlwork.com)

> Hi.
>
[quoted text clipped - 20 lines]
> Any ideas? As I would rather not have a domain admin account user
> details written in plain text.

Reply to this Message

teejayem@gmail.com - 22 Oct 2007 13:14 GMT

> if you use identity impersonate with nt authentication, permissions are
> only good on the iis server. they cannot be used to access another
[quoted text clipped - 34 lines]
>
> - Show quoted text -

Thanks - extreemly helpful!

Reply to this Message

Help using impersonation - permission problems.

Free Magazines