473,288 Members | 1,729 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,288 software developers and data experts.

Authorizing Anonymous User - IIS6/.NET

Is there anyway to force authentication of the Anonymous user?

Here is the situation:
I have an ASP.NET page which calls an assembly which requires a certain
level of permissions. The page is running in a virtual server whose
anonymous user is a network account with the required permissions. This
allows anyone to view the page and see the data. This is working great,
however, due to what is being returned, the page load time is longer than
what I want the user to have to wait for.

I moved the process to a seperate thread in order to return the page to the
user right away. Where the process was working great when run in the same
thread, it fails to work in the 2nd thread. Somehow the single thread is
authenticating the anonymous user to run the process, but when spun to a
different thread which should have the same permissions as the parent, it is
not authorizing.

Any suggestions on how to get the thread to use the credentials of the
parent?

Nov 18 '05 #1
2 2888
when you start a thread in NT, it runs under the context (user) of the
originating process, not thread. this means if you create a thread, it will
be the user that asp.net process is running under. you have two options:

1) change the asp.net machine account to your anonymous account.
2) have the thread login as the anonymous account at startup.

-- bruce (sqlwork.com)

"Kevin Hoskins" <jh******@ichips.no.intel.spam.com.me> wrote in message
news:cl**********@news01.intel.com...
Is there anyway to force authentication of the Anonymous user?

Here is the situation:
I have an ASP.NET page which calls an assembly which requires a certain
level of permissions. The page is running in a virtual server whose
anonymous user is a network account with the required permissions. This
allows anyone to view the page and see the data. This is working great,
however, due to what is being returned, the page load time is longer than
what I want the user to have to wait for.

I moved the process to a seperate thread in order to return the page to the user right away. Where the process was working great when run in the same
thread, it fails to work in the 2nd thread. Somehow the single thread is
authenticating the anonymous user to run the process, but when spun to a
different thread which should have the same permissions as the parent, it is not authorizing.

Any suggestions on how to get the thread to use the credentials of the
parent?

Nov 18 '05 #2
Option #1 requires that the password is in cleartext in the xml - that is
not acceptable here.
Option #2 was the route that I went using the network account as the
anonymous user.

As of about 15 minutes ago, I solved my problem. In hopes that this will
help someone else, here is the solution:

My original code was using the current thread's principal to set the
WindowsPrincipal. By switching this around to get the WindowsPrincipal and
use that to set the thread's principal, the authentication started to work.
Original Code:
_winPrincipal =(WindowsPrincipal) Thread.CurrentPrincipal;
_winIdentity = (WindowsIdentity) _winPrincipal.Identity;

Working Code:
_winIdentity = WindowsIdentity.GetCurrent();
_winPrincipal = new WindowsPrincipal(_winIdentity);

Virtual Directory: Anonymous access only using user account with network
access
Web.config: authentication mode: Windows
impersonation: false
"bruce barker" <no***********@safeco.com> wrote in message
news:eL**************@TK2MSFTNGP15.phx.gbl...
when you start a thread in NT, it runs under the context (user) of the
originating process, not thread. this means if you create a thread, it will be the user that asp.net process is running under. you have two options:

1) change the asp.net machine account to your anonymous account.
2) have the thread login as the anonymous account at startup.

-- bruce (sqlwork.com)

"Kevin Hoskins" <jh******@ichips.no.intel.spam.com.me> wrote in message
news:cl**********@news01.intel.com...
Is there anyway to force authentication of the Anonymous user?

Here is the situation:
I have an ASP.NET page which calls an assembly which requires a certain
level of permissions. The page is running in a virtual server whose
anonymous user is a network account with the required permissions. This
allows anyone to view the page and see the data. This is working great,
however, due to what is being returned, the page load time is longer than what I want the user to have to wait for.

I moved the process to a seperate thread in order to return the page to the
user right away. Where the process was working great when run in the same thread, it fails to work in the 2nd thread. Somehow the single thread is authenticating the anonymous user to run the process, but when spun to a
different thread which should have the same permissions as the parent,

it is
not authorizing.

Any suggestions on how to get the thread to use the credentials of the
parent?


Nov 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: CJM | last post by:
I have a page which streams an Excel spreadsheet to the user. It has worked fine for 12mths or more, but recently I found out that it wasn't working. I suspect the problem lies with IIS, but I'm...
0
by: John Holmes | last post by:
I saw a post in October that related to the problem I'm having and posted something yesterday but never saw it show up, so I'll try again. I read secnet.pdf and gathered from that document that one...
1
by: rolfejr | last post by:
I have what I think is a simple question but I am finding nothing but complicated answers. I have a web site running on IIS6. One directory used to use an alternate account as the anonymous...
2
by: Andrew Wan | last post by:
Okay, this is really weird. We have two Windows 2003 Server SP1 PCs. One hosts IIS6 website, and the other hosts our DCOM service program. Our website is ASP/XSL. An ASP page uses...
2
anukagni
by: anukagni | last post by:
Hi all, I want to use the security levels in ms access.. Iam having 5 main user who are using the database and doing the entries and updation and viewing report ect. i.e. they are all five...
1
by: Erick | last post by:
I'm trying to develop a single security model that has to work for authenticated users and for users coming in from the outside world. I have looked at the Web Site Administration tool for...
1
by: Erick | last post by:
I'm trying to develop a single security model that has to work for authenticated users and for users coming in from the outside world. I have looked at the Web Site Administration tool for...
4
by: arggg | last post by:
I have disabled IWA as I want to handle the authentication my self. I have Allow Anonymous checked with the user IUSR_<MachineName> and unchecked IWA. It then says I do not have access when trying...
3
by: shapper | last post by:
Hello, On my web site I have a property, Visitor, which is available for Anonymous users: public class Visitor { public CultureInfo Culture { get; set; } public List<GuidPolls { get; set;...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.