Microsoft IIS
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
 
 
User Name:
Password:
Remember me
Go Back   ASP Free ForumsSystem AdministrationMicrosoft IIS

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread ASP Free Forums Sponsor:
  #1  
Old November 7th, 2005, 11:58 AM
captain captain is offline
Registered User
ASP Free Newbie (0 - 499 posts)
 
Join Date: Nov 2005
Posts: 1 captain User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 6 m 4 sec
Reputation Power: 0
Problem with ASP.NET Windows Authentication/Impersonation ?

Hi All,

I've been trying to solve an access problem for a couple of days, with no success.

What I'm trying to do is secure a particular folder under the web root directory, using Windows authentication and impersonation. My current setup is as follows :

Windows Server 2003
IIS 6.0
ASP.NET 1.1
IE 6.0

I have set NTFS security on the web root and folder to be secured, and this seems to be set up correctly, as only authorized users can access the secured folder. Additionally, I have turned off anonymous access in IIS, leaving only the Windows Authentication box checked.

In the web.config file under the web root, I have the following :

<identity impersonate="true"/>

The authentication mode is set to true in the machine.config file, so I thought I had everything in place to simply secure the folder using NTFS security.....

What actually happens is that all authenticated users can browse to .aspx pages in the secure folder, even though they can't get at the folder using windows explorer (making me think that the NTFS security is set correctly)...

To ensure that the users were being impersonated correctly, I made the .aspx pages display the currently impersonated user, which proves (I think) that the impersonation was working.

So now I'm stuck - the impersonation seems to be working, but the pages in the secured folder are still displayed whereas, according to NTFS security, they shouldn't be....The only users with access to the folder under NTFS security are "NETWORK SERVICE" and "SYSTEM". It seems as if, because the user has been authenticated at root level, they are authorized to all folders below the root (for .aspx pages). To further confuse me, if I put a classic asp (.asp) page in the secure folder, the security works and the users can't get at it - which is what I need for the .aspx pages!

Can anyone please help ?

Thanks.

Reply With Quote
Reply

Viewing: ASP Free ForumsSystem AdministrationMicrosoft IIS > Problem with ASP.NET Windows Authentication/Impersonation ?


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway
Stay green...Green IT