Security context question - ASP / Active Server Pages

Kevin Jackson

If I turn off anonymous access to an ASP page and then use "Integrated
Authentication" in a Intranet environment, I expected the user context to be
the user who is accessing the page. It doesn't seem to be the case.

I'm using a component (ASPUpload) to move a file to a share point on another
box. The user context that I thought I was running under has write access
to this share but I keep getting a 500 back when I run the page. Local
paths work fine, share points are a no go.

I turned to basic authentication, put the name of the domain in the domain
box and then used the same username and password to access the page and it
copied the file with no problems. So in this case it seems that the user
context WAS the user I expected.

What am I missing that I cannot get Integrated Authentication to work in the
expected user context?

Any ideas?

Jul 19 '05 #1

Subscribe Reply

2169

Leo Chen [MSFT]

Hi Kevin,

This is because the token doesn't have the outbound privilege. This article
may be what you are looking for.

207671 HOW TO: Access Network Files from IIS Applications
http://support.microsoft.com/?id=207671

You can configure the component in COM+ and specify an identity for the
COM+ component, so that it can access files on another machine.

Hope this helps.

Best Regards,
Leo Chen

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Kevin Jackson" <kj******@power wayinc.com>
| Subject: Security context question
| Date: Wed, 6 Aug 2003 15:15:27 -0500
| Lines: 20
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <ew************ **@TK2MSFTNGP10 .phx.gbl>
| Newsgroups: microsoft.publi c.inetserver.as p.general
| NNTP-Posting-Host: 12.96.65.193
| Path: cpmsftngxa06.ph x.gbl!TK2MSFTNG P08.phx.gbl!TK2 MSFTNGP10.phx.g bl
| Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.inetserver.as p.general:24883 5
| X-Tomcat-NG: microsoft.publi c.inetserver.as p.general
|
| If I turn off anonymous access to an ASP page and then use "Integrated
| Authentication" in a Intranet environment, I expected the user context to
be
| the user who is accessing the page. It doesn't seem to be the case.
|
| I'm using a component (ASPUpload) to move a file to a share point on
another
| box. The user context that I thought I was running under has write access
| to this share but I keep getting a 500 back when I run the page. Local
| paths work fine, share points are a no go.
|
| I turned to basic authentication, put the name of the domain in the domain
| box and then used the same username and password to access the page and it
| copied the file with no problems. So in this case it seems that the user
| context WAS the user I expected.
|
| What am I missing that I cannot get Integrated Authentication to work in
the
| expected user context?
|
| Any ideas?
|
|
|

Jul 19 '05 #2

Similar topics

2355

Developing role-based security question

by: craig | last post by:

I am working on my first .NET development project that involves custom role-based security per the project requirements. This lead to a general design issue this week that really caused us some concern. I have described the situation below because we are very curious to see what other, more experienced, developers might suggest. The specific classes and fields are used just to illustrate the concepts. Our application uses role-based...

.NET Framework

2938

threading and Principal question - from Role-based security to declarative security.

by: hazz | last post by:

If I successfully run a VS.NET app which includes the following; ************************** APP 1 **************************** m_iIdnt = new System.Security.Principal.GenericIdentity(t.UserName,"MyAuthentication"); //user and My authentication type added to Identity string roles = {"Chief Cook and Bottle Washer", "Master Gardener"};

C# / C Sharp

1204

Security question.

by: J-T | last post by:

We have an asp.net application with <identity impersonate="true"/> and <authentication mode="Windows" /> in our web config and we are using Windows integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account in its application pool. I create an object in Global.asax which monitors a folder for upcoming files.What is the security context of the object since there is no user (Domain\Username) requesting this object.Is it running under...

ASP.NET

1599

Security Context in threads

by: Sparky | last post by:

Hi I have an vb.net winforms application that needs to launch a thread, and within that thread change the security context of the current user to a new one using impersonation. For clarity, the main thread that the application is running under is Thread A, and the new thread in which i perform the impersonation under is thread B. This works fine, but i now need to launch another thread (Thread C) from within Thread B. This is all...

Visual Basic .NET

2301

Security Exception when deploying a VB.NET 2003 solution.

by: John Kotuby | last post by:

Hello all, Note: This is the full version of a Post that I inadvertently sent before it was complete. About a year ago I wrote a VB.NET 2003 solution that consists of a number of assemblies (1 EXE and 15 DLLS). As I recall, in order to deploy the solution to a testing server I simply copied the contents of the Bin folder in the development area where the compiled assemblies reside. Be patient with me here, because I haven't used...

Visual Basic .NET

1860

Security question about IIS and Cassini

by: Ian | last post by:

I am developing a .NET Web Service that acts as a thin calling layer for a larger object. Thus the larger object runs in the context of the web service that is calling it, and is therefore subject to the security restrictions of the Web Server the web service is run through. All well and good. At the end of the main method call of the larger object, it instantiates and calls (through a RCW) a method of a legacy COM object that writes...

.NET Framework

12061

Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicK

by: Mike | last post by:

Hi I have problem as folow: Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config) ---> System.Security.SecurityException: Request for the permission of type

ASP.NET

1701

Impersonation to less powerfull user and the executing app with link label leads to security exception,...

by: Kerem Gümrükcü | last post by:

Hi, the topic of this thread implies the question. Why does this happen. What can i do against it. App runs in admin context, then ii switch to user standard user context and open a form with linklabel. this leads to following exeption: Informationen über das Aufrufen von JIT-Debuggen

C# / C Sharp

8337

System.Security.SecurityException: Request

by: Henry Stock | last post by:

I am trying to understand the following error: Any thing you can tell me about this is appreciated. Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: for the permission of type

ASP.NET

10329

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10152

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10092

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

9950

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

8974

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7500

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5511

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4053

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2880

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General