windows-authentication

I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in another table which shares its primary key with the aspnet_users table. For users who are part of our domain I store their domain account name in the secondary users table, and I want to automatically log in users whose domain account name matches a name stored in the table. I have read the guides which are available - they're all from two years ago or more and assume that you are able to activate

Is there a way to tell my code to run as a different user? I am calling NetUserSetInfo via a PInvoke and I need to call it as a different user. Is there a way to do that? Richard Berg Impersonation requires calling some native APIs (namely, LogonUser) so it's probably not worth posting 3 pages of wrapper code. This page has a complete working sample: http://platinumdogs.wordpress.com/2008/10/30/net-c-impersonation-with-network-credentials/ Note that impersonation has important security considerations. Make sure you follow best practices. Milan Matějka Probably the best and the cleanest code

I am using windows authentication without impersonation on my company's intranet website with IIS7. Under IIS7, what account is used to access the folder which contains my web app using these settings? Would it be IIS_IUSRS? Or NETWORK SERVICE? Or another I don't know about? Thomas In IIS 7 (not IIS 7.5), sites access files and folders based on the account set on the application pool for the site. By default, in IIS7, this account is NETWORK SERVICE . Specify an Identity for an Application Pool (IIS 7) In IIS 7.5 (Windows 2008 R2 and Windows 7), the application pools run under the

I have a .NET 3.5 application running under IIS 7 on Windows 2003 server and cannot get integrated windows authentication working properly as I continue to get prompted for a login. I have set Windows Authentication to enabled in IIS with all other security types disabled and my application web.config file authentication/authorization is set up as: <system.web> <compilation debug="true" strict="false" explicit="true" targetFramework="3.5" /> <authenticationmode="Windows"/> <authorization> <deny users = "?" /> </authorization> </system.web> With this setup, I'm expecting behind the scene

I'm trying to enable CORS support in my WebAPI project, and if I enable Anonymous Authentication then everything works fine, but with Windows Auth + disabled anonymous authentication, the OPTIONS request sent always returns a 401 unauthorized response. The site requesting it is on the DOMAIN so should be able to make the call, is there any way to get around the issue without disabling Windows Authentication? You can allow only OPTIONS verb for anonymous users. <system.web> <authentication mode="Windows" /> <authorization> <allow verbs="OPTIONS" users="*"/> <deny users="?" /> </authorization> <