Help using impersonation - permission problems.

  • Thread starter Thread starter teejayem
  • Start date Start date
T

teejayem

Hi.

I have an ASP.NET website. My IIS is set to use Windows NT
Authentication.

I have configured my ASP website to use impersonation using the
following tag:-

<identity impersonate="true" />

Now I understand that the code that runs on the server should now run
as the NT user that has authenticated against my IIS. This doesn't
seem to be the case as I have tested this with users who are members
of the Domain Admins group and the website displays errors which is
being caused by permissions.

When I explicitly define the user name and password of an
administrative account it works fine.

<identity impersonate="true" userName="WALKER_MORRIS\user"
password="" ></identity>

Any ideas? As I would rather not have a domain admin account user
details written in plain text.
 
if you use identity impersonate with nt authentication, permissions are
only good on the iis server. they cannot be used to access another
server. this is a limitation of nt security (1 hop rule). you can switch
to kerberos and enable credentials forwarding.

if you are just trying to give the web site permission, then use app
pools to set the identity, not the web config. asp.net also support
encrypting string in the web config.

-- bruce (sqlwork.com)
 
if you use identity impersonate with nt authentication, permissions are
only good on the iis server. they cannot be used to access another
server. this is a limitation of nt security (1 hop rule). you can switch
to kerberos and enable credentials forwarding.

if you are just trying to give the web site permission, then use app
pools to set the identity, not the web config. asp.net also support
encrypting string in the web config.

-- bruce (sqlwork.com)












- Show quoted text -

Thanks - extreemly helpful!
 
Back
Top