lennybacon.com | Re: Windows Impersonation in ASP.NET

I design, develop, deploy, teach, train, coach and speak software. My topics are HTML5 & Web, Data Access & Performance, Scalable & Testable Design, Distributed Systems & Services, Security & Trust.

2018
- April (1)
- March (1)
- February (5)
- January (1)
2017
- September (1)
- August (2)
- June (1)
- May (3)
- April (1)
- February (1)
2016
- December (2)
- November (3)
- October (1)
- September (1)
- August (1)
- April (1)
- February (2)
- January (2)
2015
- December (2)
- October (1)
- September (1)
- August (1)
- July (3)
- April (1)
- January (3)
2014
- November (2)
- August (3)
- June (7)
- April (1)
- March (3)
- February (1)
- January (6)
2013
- December (10)
- November (1)
- August (1)
- July (1)
- June (1)
- April (1)
- January (1)
2012
- March (2)
2011
- November (2)
- October (1)
- August (3)
- July (3)
- June (1)
- May (4)
- April (2)
- March (2)
2010
- December (4)
- November (1)
- October (3)
- September (3)
- August (8)
- June (2)
- May (4)
- April (1)
- March (1)
- February (2)
2009
- December (1)
- November (1)
- October (2)
- August (3)
- July (4)
- June (4)
- May (1)
- April (1)
- March (4)
- February (3)
- January (3)
2008
- December (3)
- November (1)
- October (6)
- July (2)
- June (1)
2007
- October (2)
- August (1)
- July (3)
- April (2)
- March (1)
- January (1)
2006
- December (2)
- November (2)
- October (1)
- August (2)
- July (2)
- June (1)
- May (4)
- April (1)
- February (6)
- January (7)
2005
- December (8)
- November (2)
- October (12)
- September (3)
- August (12)
- July (7)
- June (5)
- May (4)
- April (3)
- March (5)
- February (5)
- January (9)
2004
- December (5)
- November (8)
- October (7)
- September (8)
- August (6)
- July (6)
- June (3)
- May (9)
- April (1)
- March (5)
- February (6)
- January (7)
2003
- December (11)
- November (4)

I switched to dasBlog (4)
anti-wrinkle north melbourne wrote: Hello would you mind letting me know which webhost...
Why Microsoft's Browser Developer Tools suck (1)
Thorsten Hans wrote: To be honest, I've never used Edge dev tools be...
I switched to dasBlog (4)
en.gravatar.com wrote: Hmm it looks like your website ate my first commen...
I switched to dasBlog (4)
wisk coupons wrote: I'mreally loνing the theme/design of your blog. D...
I switched to dasBlog (4)
similac coupons wrote: Howdy this is sߋmewhat of off topіc buut I was wan...
1 Page print, Acrobat & 600 MB Memory = not enough ? (1)
Winifred wrote: Its such as you learn my mind! You seem to grasp a...
Chris Maunder - Whats up with CodeProject.com (1)
landing page conversions wrote: Impressive material and style of article writing. ...
Download: Internet File Select and Upload Dialog (2)
Se wrote: Very nice post. I just stumbled upon your weblog a...
Chaining asynchronous JavaScript calls with Angular JS (1)
Frank wrote: Hi Daniel, this is pretty much what `$q` and Pr...
Datenbank Autonomie (1)
Volker Wehrhahn wrote: "Datenbank" erscheint mir hier als begriff zu allg...
Comment RSS

Re: Windows Impersonation in ASP.NET

20 June 2005 Daniel-Fisher-(lennybacon) ASP.NET, Misc, Project, Security, WebServices

Pierre posted an entry bout impersonation in ASP.NET szenarios.

[Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource.

You have three choices (I guess):

Elevate the ASP.NET process identity - worse case since you could compromise the whole site security
Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx)
Demand the task to a COM+ server application

I think that the last is the best since we have more security and maintenance control
[...]

I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't.

By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on weblogs.asp.net :-) ...

So here my opinion as post in my blog:

Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.

Comments (1) -

Pierre Greborio

I like the idea to have a COM+ component (server application) which does the work since I don't have to impersonate. In my last application I used a Queued Component to save large documents (1-1.5 MB each) on the share from the web application.

Thanks,
Pierre

20 June 2005 -

Comments are closed