ExamGuru IT/.Net Guru : Must impersonate in web.config on ASPFriends.com 'aspngsec' list

.NETGURU

Must impersonate in web.config

Messages

Related Types

This message was discovered on ASPFriends.com 'aspngsec' list.

Ely Lucas

Hello,

Anyone know of a way (or even possible) to force a user to use impersonation
in their web.config file as well as specify the username and password?

Thanks,
Ely

Reply to this message...

James Avery

Have you tried this?


<identity impersonate="true" userName="" password=""/>

This is from the machine.config where I know it works, it does not error
out in web.config but I did not test to make sure it does actually
perform the impersonation.

-----Original Message-----
From: Ely Lucas [mailto:Click here to reveal e-mail address]
Sent: Tuesday, July 23, 2002 11:11 AM
To: aspngsec
Subject: [aspngsec] Must impersonate in web.config

Hello,

Anyone know of a way (or even possible) to force a user to use
impersonation in their web.config file as well as specify the username
and password?

Thanks,
Ely

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

Reply to this message...

Daniel Kent

You can use a <location> element in the machine.config to define
impersonation for the web application you want to force impersonation on. If
you set the allowOverride attribute of <location> to false, the web.config
of the application will not be able to define a different setting.

e.g.

<location path="testSite/testApplication"
    allowOverride="false">
    <system.web>
        <identity impersonate="true" username="testUser"
password="dgsd73b8dn">
    </system.web>
</location>

Note that there are several difficulties with locking down web applications
in the current version of ASP.NET - forcing impersonation is just one of the
hurdles. I haven't found a way to completely separate web applications where
users with permission to edit the code of the applications are not trusted.
When Code Access Security and trust levels are implemented in ASP.NET, this
should become a lot easier...

I hope this helps.

Dan.

Professional ASP.NET Security - Out In August!

-----Original Message-----
From: Ely Lucas [mailto:Click here to reveal e-mail address]
Sent: 23 July 2002 16:11
To: aspngsec
Subject: [aspngsec] Must impersonate in web.config

Hello,

Anyone know of a way (or even possible) to force a user to use impersonation
in their web.config file as well as specify the username and password?

Thanks,
Ely

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

Reply to this message...

ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification

Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews

.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT

Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project

FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.

Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials

	Copyright © ExamGuru, Inc. 2001-2006
	Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification