By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,640 Members | 2,094 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,640 IT Pros & Developers. It's quick & easy.

Identity Impersonation question.

P: n/a
Hi,

I have a server that I use for shared hosting. For security reasons, I set
<identity impersonate="true" /> in my machine.config file, and set
allowOverRide="false" to prevent individual webs from impersonating anything
other than the IIS anonymous account.

The problem now is that I would actually like to impersonate a non-anonymous
user for one specific web application. This web application will allow users
to change their passwords so it can not be run under an anonymous identity.
I know I can change the the IIS anonymous user to an admin user, but I don't
really want to do that either.

Basically, all I need to do then is to find a way to prevent impersonation
for all web applications EXCEPT for this one web application.

Is this possible through machine.config or some other way?

Thanks - Peter
Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
I am not sure I fully understand your requirements but I think you can
either NOT set the impersonation via machine.config and do it only for
individual webs (I know you mentioned you dont want to allow singular webs
to override this) or you could disable anonymous auth in IIS and use Window
Integrated only. If the users are not a member of a domain, then setup
user(s) on the local machine and use that for authentication/authorisation.

--
- Paul Glavich
Microsoft MVP - ASP.NET
"Peter Johansen" <pe**********************@hotmail.com> wrote in message
news:X_**********************@twister01.bloor.is.n et.cable.rogers.com...
Hi,

I have a server that I use for shared hosting. For security reasons, I set
<identity impersonate="true" /> in my machine.config file, and set
allowOverRide="false" to prevent individual webs from impersonating anything other than the IIS anonymous account.

The problem now is that I would actually like to impersonate a non-anonymous user for one specific web application. This web application will allow users to change their passwords so it can not be run under an anonymous identity. I know I can change the the IIS anonymous user to an admin user, but I don't really want to do that either.

Basically, all I need to do then is to find a way to prevent impersonation
for all web applications EXCEPT for this one web application.

Is this possible through machine.config or some other way?

Thanks - Peter

Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.