I have an http handler that saves files on a remote location. For doing this I need specific permissions and the entire application is configured to work with impersonation (web.config setting)
This works perfect for all the pages (some other pages also needs the same specific permissions) but the impersonation is not working for http handlers, it simply doesn't impersonate.
This works perfect on IIS6 but not on IIS7. The application pool mode is classic
Why impersonate for file io permissions, that is what app pool identity is for? Set your handler's app pool's identity to a user that has permission to do the IO.
Specify an Identity for an Application Pool (IIS 7)
Configuring Application Pool Identity with IIS 6.0 (IIS 6.0)
Related
I developed a webpage on IIS that controls PC volume (using the library - CSCore.CoreAudioAPI ).
I need that the user will be logged in as the current user in the machine.
I tried to configure the web.config file to allow Impersonated Authentication, but still having troubles.
<system.web>
<identity impersonate="true"
userName="Domain\username"
password="XXXX" />
</system.web>
Thank you for your help.
You need to also enable Windows Authentication in order for this to work. Otherwise there's no mechanism to capture the user name.
However, I think the better approach is to create a custom application pool for your application and explicitly set the impersonation (Advanced Settings) to the user you want to set it to. Since the application pool hosts your application (ie. it's the launching EXE) your application then runs under that account and assuming it has full rights on the machine it should be able to access the hardware to control the volume.
ASP.NET Impersonation is a legacy feature that was meant to be used with IIS 6 and older when IIS didn't have proper application isolation. With later versions Application Pools took over the hosting of applications and the user account impersonation with it.
When deploying my asp.net website to IIS using Web deploy, my previously configured SMTP settings (in my IIS application) are erased. I know I can set this settings in web.config but i don't want to.
I've had Windows Authentication working in the Cassini (Visual Studio) web server for some time now but when I changed to run my site in IIS 7 the site no longer works properly.
I have Anonymous Authentication disabled, Windows Authentication enabled, and ASP.NET Impersonation enabled. My web.config file includes:
<authentication mode="Windows" />
<identity impersonate="true" />
The problem is that whenever I try to access the site I am prompted to provide a username and password.
My expectation is that my browser will send my credentials to IIS (via some kind of auth token) and IIS will impersonate my user on all page requests.
Why am I being prompted to login? What must I do to avoid this prompt and have ASP.NET use my impersonated username?
UPDATE:
I added my site to the "Intranet zone" in IE and using IE I no longer get prompted for username and password. There was a setting in IE to Autologin for intranet sites.
However, I don't understand why this was not a problem using the Cassini web server in VS? Any ideas?
Have you tried this against IIS Express?
This is just a stab, but Visual Studio runs both Cassini and IE from the same user account, so perhaps your identity impersonate was passing through from Visual Studio. IIS 7 user account is established by the app pool, which could be a different user than was running VS / Cassini. I believe IIS Express runs as your user account, so identity impersonate might work against it without prompting or changing intranet zone settings.
If that works, you can configure the IIS 7 app pool to run as your user account, and the prompts might go away.
Again, this is just a stab.
I have an ASP MVC application installed on IIS 7.5.
I have specified the app pool identity to be a domain service account.
The application has anonymous authentication disabled and windows authentication enabled.
The domain service account has full access to a set of files on the server that I want to access from ASP.
When I try and access the files from the ASP application I get an error, "access to the path ... is denied.".
I can only get this to go away by giving the windows user account access to the files. What I want to do is just give the service account access to the files.
Impersonation is disabled in the web.config via <identity impersonate="false" />
How can this be achieved?
Have you tried disabling ASP.NET Impersonation?
If you are trying to access files locally on the server, try to use the LocalSystem account for your app-pool identity.
I have been searching all over the place for a solution to this.
I have an ASP.NET app which ran fine on IIS6. On IIS 7.5 (Integrated pipeline) I am running into some problems. <identity impersonate="true" /> is set in the web.config as the app needs to access some resources under the IIS IUSR account. If works fine as when a user isn't logged in (i.e. the app impersonates IUSR and accesses the resources fine).
As soon as you logon via Forms Authentication (backed by a DB) impersonation stops working and it reverts to the app pool user identity (which doesn't have access to the required resources, I have verified this with procmon). I understand this is probably a limitation of Forms Authentication in integrated mode.
Is there any workaround which would let me impersonate IUSR while still using Forms Authentication?