 |  |  |  |  |  |  |  |
Impersonation in ASP.NET
Please support our ASP.NET advertiser: Intel Parallel Studio Home
 |
Hi,
I have one ASP.NET page which allows users to upload their files which are stored in another system (file server) through simple network share. The code is as simple as
FileUpload.PostedFile.SaveAs(strPath)
Here this page gets "access denied" to save the file. I know the application is running under ASPNET local user account. So i even can't give privileges to save file for this local account in another target system.
I solved this problem by using impersonation tags as below in the web.config :
<identity impersonate="true" userid=xxx password=yyyy />
But i have to specify user id and password explicitly in plain text here....
Is there anyway i avoid specifying user id and password like this?
I have one ASP.NET page which allows users to upload their files which are stored in another system (file server) through simple network share. The code is as simple as
FileUpload.PostedFile.SaveAs(strPath)
Here this page gets "access denied" to save the file. I know the application is running under ASPNET local user account. So i even can't give privileges to save file for this local account in another target system.
I solved this problem by using impersonation tags as below in the web.config :
<identity impersonate="true" userid=xxx password=yyyy />
But i have to specify user id and password explicitly in plain text here....
Is there anyway i avoid specifying user id and password like this?
•
•
Join Date: Mar 2004
Posts: 634
Reputation: 
Solved Threads: 7
Practically a Master Poster
If you define it in the web config, then it isn't available for users to view. Hence it is secure.
Hope this helped.
Slade
Hope this helped.
Slade
Formerly known as Slade.
•
•
•
•
Originally Posted by srikkanthan
Hi,
I have one ASP.NET page which allows users to upload their files which are stored in another system (file server) through simple network share. The code is as simple as
FileUpload.PostedFile.SaveAs(strPath)
Here this page gets "access denied" to save the file. I know the application is running under ASPNET local user account. So i even can't give privileges to save file for this local account in another target system.
I solved this problem by using impersonation tags as below in the web.config :
<identity impersonate="true" userid=xxx password=yyyy />
But i have to specify user id and password explicitly in plain text here....
Is there anyway i avoid specifying user id and password like this?
Don't dance to the rhythm - erasure
OR if I recall just give Permission to the IUSR_anonymous User in Windows access to the directory/files. It is the default user used by ASP.Net
Hi,
If you are concerned about the security with respect to some user having access to the machine can read the user credentials, then you can encrypt that particular configuration section of the web.config using aspnet_regiis.exe with the pe / pef commands. This would render the web.config section unreadable if opened physically, but readable from the application.
That brings up another question though. What happens if the company policy madates the change of user passwords at regular intervals? Can we read the user credentials from Active Directory without coding, i.e., can we specify whether to get the user credentials from the AD by specifying user name? Can someone answer these questions?
regards,
Prabin.
If you are concerned about the security with respect to some user having access to the machine can read the user credentials, then you can encrypt that particular configuration section of the web.config using aspnet_regiis.exe with the pe / pef commands. This would render the web.config section unreadable if opened physically, but readable from the application.
That brings up another question though. What happens if the company policy madates the change of user passwords at regular intervals? Can we read the user credentials from Active Directory without coding, i.e., can we specify whether to get the user credentials from the AD by specifying user name? Can someone answer these questions?
regards,
Prabin.
|
Similar Threads
- ASP.NET/SQL Developer/Programmer (Web Development Job Offers)
- ASP.Net perm full time programmer wanted (Web Development Job Offers)
- Front-End Developer with ASP.net needed!!! (Web Development Job Offers)
- Experience ASP.net with C# developer needed!! (Web Development Job Offers)
- ASP.Net / C# Web Developer (Web Development Job Offers)
Other Threads in the ASP.NET Forum
- Previous Thread: Please Help
- Next Thread: Dropdown appears short in IE
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest ASP.NET Posts
- Today's Posts
- Unanswered Threads
.net 3.5 activexcontrol ajax alltypeofvideos appliances asp asp.net bc30451 beginner box browser businesslogiclayer button c# cac checkbox class commonfunctions control countryselector dataaccesslayer database datagrid datagridview datagridviewcheckbox datalist deployment development dgv dialog dropdownlist dropdownmenu dynamic dynamically edit embeddingactivexcontrol expose fileuploader fill findcontrol flash formatdecimal formview gridview gudi iis javascript list listbox login microsoft mouse mssql nameisnotdeclared news novell numerical opera panelmasterpagebuttoncontrols problem radio redirect registration relationaldatabases reportemail save schoolproject search security sessionvariables silverlight smoobjects software sql sql-server sqlserver2005 ssl suse textbox tracking treeview unauthorized validatedate validation vb.net video videos vista visualstudio vs2008 web webapplications webdevelopemnt webdevelopment webprogramming webservice wizard xsl youareanotmemberofthedebuggerusers
