impersonation

问题 We have a service that is hosted under IIS7. The connection string for the SQL server is set to Trusted. In order for the authentication to happen I need to setup impersonation on the service and have the client initiate an impersonated connection. Is there a way to not have impersonation set and still allow the service to log into the SQL server, via the trusted connection? We want to avoid having the clients log into the service. We are not sure what they will be using as a proxy. I would

问题 I have a blank test app created in VS 2005 as ASP.NET application. MSDN says that By default, ASP.NET does not use impersonation, and your code runs using the ASP.NET application's process identity. And I have the following web.config <configuration> <appSettings/> <connectionStrings/> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="true"

问题 I have an asp.net web application with forms authentication and users (credentials) are checked against active directory, username is actually samAccountName attribute from AD. Now I need to enable users to get access to some files which are located on file share, where each user has his own folder. First proof of concept works like this: appPool in IIS is configured to run under some domain user, and this user was given R/W access to file share and all user folders when the user logs into

问题 I have a directory on the root of my website which contains some files(usually html). These files should be accessed only for the logged-in user. How can I achieve this? I believe this could be done using impersonation but I don't have any idea about how exactly I can implement it. Could you please guide me on right direction? Currently, I have added these settings to my Web.config file: <location path="TestData"> <!-- 'TestData' is the directory which I want to deny access for --> <system

问题 I want to impersonate a remote user dynamically for executing some part of code. I searchd a lot in net and got some codes to impersonate. The code to impersonate is shown below namespace Tools { #region Using directives. // ---------------------------------------------------------------------- using System; using System.Security.Principal; using System.Runtime.InteropServices; using System.ComponentModel; // ---------------------------------------------------------------------- #endregion //

问题 Is there a way to start / stop a windows service of a server in a different network (not \\<server name> ) from an asp.net page? I tried using ServiceController but it's only work if it's in the same network. 回答1: RE: ServiceController How to Start/Stop a Windows Service from an ASP.NET app - Security issues Anything you can do from command line or powershell can be ran from a page (assuming the app pool user has correct permissions etc) https://serverfault.com/questions/429426/how-can-i

问题 We have a particular SQL Server which we need to access from a thick (.Net 4.0 WPF) client, and the only credentials available to us for that connection is a 'service' account which is effectively an Active Directory account with permission on the SQL Server. I am using Entity Framework, and ObjectContext, throughout the project, so am continuing with it here. After looking around, I have implemented an impersonation routine based on LogonUserEx, and DuplicateTokenEx, which allows me, via

问题 I developped a stored procedure in order to restore a database from a backup file and add an application user to it. This stored procedure belongs to the master database. The issue is that my IT department does not allow me to use an admin user, only to use an EXECUTE AS statement with a sysadmin user. I can restore the database but I can't find a way to add the user at the end of the process. The code I use: CREATE PROCEDURE [dbo].[myProc] @database VARCHAR(50) WITH EXECUTE AS 'aSysAdminUser

问题 My app needs to impersonate a service account, which I do through a native-call to LogonUser . However, it appears that random components in the .Net library try to access registry keys the account doesn't have access to, causing a SecurityException to be thrown. Specifically, when I load a LinkLabel , it crashes trying to determine the default hyperlink color in IE: System.Security.SecurityException: Requested registry access is not allowed. at System.ThrowHelper.ThrowSecurityException

问题 I'm trying to debug as NT AUTHORITY\SYSTEM. I've tried to use the methods described in the following question: RunAs A different user when debugging in Visual Studio Yet, what credentials do I need to use in order to pass through authentication? 回答1: runas cannot start as System/Local Service/Network Service etc. But psexec -s can start a process as System. -s Run the remote process in the System account. 来源： https://stackoverflow.com/questions/21466060/how-to-debug-as-nt-authority-system-in