 |  |  |  |  |  |  |  |
Impersonation in ASP.NET
Please support our ASP.NET advertiser: $4.95 a Month - ASP.NET Web Hosting – Click Here!
 |
Hi,
I have one ASP.NET page which allows users to upload their files which are stored in another system (file server) through simple network share. The code is as simple as
FileUpload.PostedFile.SaveAs(strPath)
Here this page gets "access denied" to save the file. I know the application is running under ASPNET local user account. So i even can't give privileges to save file for this local account in another target system.
I solved this problem by using impersonation tags as below in the web.config :
<identity impersonate="true" userid=xxx password=yyyy />
But i have to specify user id and password explicitly in plain text here....
Is there anyway i avoid specifying user id and password like this?
I have one ASP.NET page which allows users to upload their files which are stored in another system (file server) through simple network share. The code is as simple as
FileUpload.PostedFile.SaveAs(strPath)
Here this page gets "access denied" to save the file. I know the application is running under ASPNET local user account. So i even can't give privileges to save file for this local account in another target system.
I solved this problem by using impersonation tags as below in the web.config :
<identity impersonate="true" userid=xxx password=yyyy />
But i have to specify user id and password explicitly in plain text here....
Is there anyway i avoid specifying user id and password like this?
•
•
Join Date: Mar 2004
Posts: 634
Reputation: 
Solved Threads: 6
Practically a Master Poster
If you define it in the web config, then it isn't available for users to view. Hence it is secure.
Hope this helped.
Slade
Hope this helped.
Slade
Formerly known as Slade.
•
•
•
•
Originally Posted by srikkanthan
Hi,
I have one ASP.NET page which allows users to upload their files which are stored in another system (file server) through simple network share. The code is as simple as
FileUpload.PostedFile.SaveAs(strPath)
Here this page gets "access denied" to save the file. I know the application is running under ASPNET local user account. So i even can't give privileges to save file for this local account in another target system.
I solved this problem by using impersonation tags as below in the web.config :
<identity impersonate="true" userid=xxx password=yyyy />
But i have to specify user id and password explicitly in plain text here....
Is there anyway i avoid specifying user id and password like this?
Don't dance to the rhythm - erasure
OR if I recall just give Permission to the IUSR_anonymous User in Windows access to the directory/files. It is the default user used by ASP.Net
Hi,
If you are concerned about the security with respect to some user having access to the machine can read the user credentials, then you can encrypt that particular configuration section of the web.config using aspnet_regiis.exe with the pe / pef commands. This would render the web.config section unreadable if opened physically, but readable from the application.
That brings up another question though. What happens if the company policy madates the change of user passwords at regular intervals? Can we read the user credentials from Active Directory without coding, i.e., can we specify whether to get the user credentials from the AD by specifying user name? Can someone answer these questions?
regards,
Prabin.
If you are concerned about the security with respect to some user having access to the machine can read the user credentials, then you can encrypt that particular configuration section of the web.config using aspnet_regiis.exe with the pe / pef commands. This would render the web.config section unreadable if opened physically, but readable from the application.
That brings up another question though. What happens if the company policy madates the change of user passwords at regular intervals? Can we read the user credentials from Active Directory without coding, i.e., can we specify whether to get the user credentials from the AD by specifying user name? Can someone answer these questions?
regards,
Prabin.
|
Similar Threads
- ASP.NET/SQL Developer/Programmer (Web Development Job Offers)
- ASP.Net perm full time programmer wanted (Web Development Job Offers)
- Front-End Developer with ASP.net needed!!! (Web Development Job Offers)
- Experience ASP.net with C# developer needed!! (Web Development Job Offers)
- ASP.Net / C# Web Developer (Web Development Job Offers)
Other Threads in the ASP.NET Forum
- Previous Thread: Please Help
- Next Thread: Dropdown appears short in IE
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest ASP.NET Posts
- Today's Posts
- Unanswered Threads
.net 3.5 activexcontrol advice ajax alltypeofvideos asp asp.net bc30451 beginner bottomasp.net browser businesslogiclayer c# c#gridviewcolumn cac checkbox class commonfunctions compatible confirmationcodegeneration content countryselector courier dataaccesslayer database datagrid datagridview datagridviewcheckbox datalist deployment development dgv dropdownlist dropdownmenu dynamic dynamically edit embeddingactivexcontrol fileuploader fill findcontrol flash formatdecimal forms formview gridview gudi homeedition iframe iis javascript jquery listbox microsoft mouse mssql multistepregistration nameisnotdeclared news objects opera panelmasterpagebuttoncontrols problem redirect registration relationaldatabases reportemail rotatepage schoolproject security sessionvariables silverlight smartcard smoobjects software sql sql-server sqlserver2005 ssl textbox tracking treeview unauthorized validatedate validation vb.net video videos virtualdirectory vista visual-studio visualstudio web webapplications webdevelopemnt webdevelopment webprogramming webservice youareanotmemberofthedebuggerusers