Documente Academic
Documente Profesional
Documente Cultură
Pgina 1 de 6
www.developer.com/security/article.php/3065031 Back to Article IIS 6.0 and ASP.NET - XML, Security, and More By Thiru Thangarathinam August 18, 2003
http://www.developer.com/security/print.php/11580_3065031_2
24/11/2003
Pgina 2 de 6
Delegation feature that is supported in Windows Server 2003. You can enable .NET Passport authentication by selecting the Default Web Sites-> Virtual Directory Name from the IIS manager and selecting Properties from the context menu. In the Properties dialog box, select the Directory Security tab and then click the Edit command button to bring up the following dialog box.
In the preceding dialog box, once you select .NET Passport Authentication as the authentication mechanism, the Default domain text box will be enabled, allowing you to specify the domain name.
http://www.developer.com/security/print.php/11580_3065031_2
24/11/2003
Pgina 3 de 6
By using this new feature, you can set directory permissions from within the IIS manager itself.
Impersonation is enabled
http://www.developer.com/security/print.php/11580_3065031_2
24/11/2003
Pgina 4 de 6
In this instance, ASP.NET impersonates the token passed to it by IIS, which is either an authenticated user or the anonymous user account (IUSR_machinename). For backward compatibility with ASP, you must enable impersonation. To enable impersonation, modify the identity element in the web.config file to look like the following:
<identity impersonate="true" />
Impersonation is enabled and a specific impersonation identity is specified In this instance, ASP.NET impersonates the token that is generated using the configured identity. In this case, ASP.NET does not use the token of the authenticated client except when performing access checks. To enable impersonation and specify an impersonation identity, modify the web.config file to look like the following:
<identity impersonate="true" name="domain\user" password="password" />
After that, add the following lines of code to the Page_Load event of the default web form.
private void Page_Load(object sender, System.EventArgs e) {
http://www.developer.com/security/print.php/11580_3065031_2
24/11/2003
Pgina 5 de 6
Response.Write("Credentials under which the ASP.NET application executing is : <b>" + WindowsIdentity.GetCurrent().Name + "</b><br>"); Response.Write("Name of the logged on user name is :<b>" + Context.User.Identity.Name + "</b><br>"); }
If you execute the preceding code, you will see an output that is somewhat similar to the following. In the output, it is important to note that the ASP.NET application runs using the credentials of NetworkService account.
Now if you execute this code, you will see that the ASP.NET application executes using the credentials of the logged- on user.
Conclusion
In this series of articles on IIS 6.0 and ASP.NET, we understood the new features of IIS and demonstrated how these features contribute to the increase in reliability, scalability, and security of your ASP.NET applications. We also looked at how XML- based storage is used to store the IIS configuration settings that provides for a number of enhancements when compared to the previous versions of IIS. Finally, we also understood the new security model of IIS 6.0, in which, by default, the code runs using the fewest possible privileges. All these new features of IIS 6.0 in conjunction with the seamless integration of IIS and ASP.NET should make a compelling case for the migration of your existing Web servers from IIS 5.0 to IIS 6.0.
http://www.developer.com/security/print.php/11580_3065031_2
24/11/2003
Pgina 6 de 6
Thiru has six years of experience in architecting, designing, developing and implementing applications using Object Oriented Application development methodologies. He also possesses a thorough understanding of software life cycle (design, development and testing). He is an expert with ASP.NET, .NET Framework, Visual C#.NET, Visual Basic.NET, ADO.NET, XML Web Services and .NET Remoting and holds MCAD for .NET, MCSD and MCP certifications. Thiru has authored numerous books and articles. He can be reached at thiruthangarathinam@yahoo.com. ### Go to page: Prev 1 2
Jupitermedia is publisher of the internet.com and EarthWeb.com networks. Copyright 2003 Jupitermedia Corporation All Rights Reserved. Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Advertise on EarthWeb
http://www.developer.com/security/print.php/11580_3065031_2
24/11/2003
Dieses Dokument wurde mit Win2PDF, erhaeltlich unter http://www.win2pdf.com/ch Die unregistrierte Version von Win2PDF darf nur zu nicht-kommerziellen Zwecken und zur Evaluation eingesetzt werden.