473,387 Members | 1,497 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > authentication and impersonation

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Authentication and impersonation

I setup a intranet application based on windows integrated
authentication .
windows integrated authentication checked in IIS
and anonymous access unchecked.
i have used impersonation in my web config file
<identity impersonate="true" >
<authorization>
<allow roles="mydomain\group_a"/>
<deny users="*/>
</authorization>
a User A belongs to group_a but not to group_b
group_b is a group that i have added to SQL server in order to set
permissions on data.
i'm using a trusted connection to the SQL database throught a
webservice.
when i try to access the application in my browser with user A , as A
is member of the group_a , his access is granted to the page but he can
also access data in the database although he doesn't belong to group_b
configured in SQL server to access data.this user A doesn't belong to
any other group and has no login in SQL as well.
Why does this user have access to data although he has neither login
nor belongs to any groups that have access to sql server?
if we are using impersonation=true without any username and login
specified it's normally the authenticated user token that is used to
check the access to SQL server or did i missunderstood the mecanism?
if some could tell me what i did wrong , i would be very grateful.
Thank in advance for any help.
Eric

Nov 19 '05 #1
1 911
Most probably user_A is member of a group that has permissions on the
SQL Server. Check the groups that have access to SQL server including
the local machine security groups.

user_A may be a member of the local administrators group.

Nov 19 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
ASP.NET Authentication / Impersonation issues
by: Shikari Shambu | last post by:
Hi, I have an ASP.NET intranet site that is using a central directory (ADAM) that the users authenticate against. We chose to use a separate ADAM instead of leveraging the corporate AD. To...
ASP.NET
26
Problems with authentication/impersonation
by: andrew_webby at hotmail | last post by:
Hi Am having a problem with an app I wrote to test patch delivery. I contact a remote PC, and get it to run a patch which is installed on a server. It works fine if I use psexec for example and...
Visual Basic .NET
1
Forms Domain Authentication / Impersonation
by: Infospy | last post by:
Hi! I'm designing a Form Authentication to authenticate users in IIS in order to redirect them, already authenticated, to their webdav folders. This should work like this: IIS AuthApp --->...
ASP / Active Server Pages
6
Windows authentication/impersonation.. login failed for user null?
by: Not Me | last post by:
Hey, We have an sql server 2000 machine and IIS 6 machine running seperately but on the same domain. I can connect fine to the database without using impersonation, but when it's enabled I get...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!