|
-
January 12th, 2012, 08:24 AM
#1
Problem using impersonation
Intranet web app, ASP, C# -
I'm trying to add some functionality that will read remote info from PC's on our network that requires accessing their registries remotely, etc. When I run the code locally on my PC, it runs fine. When I run it from our IIS server, I'm getting the error:
"System.Security.SecurityException: Requested registry access is not allowed."
I did some research and realized the problem was that it was using a generic username to run the app from IIS and then I came upon impersonation. So in order to impersonate the user logged into Windows (me), I used the following code around the code I'm running that requires the access, per Microsoft:
Code:
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
//code
impersonationContext.undo();
Using the code below, I can verify that it does detect my username as the logged on user, whereas if I run it without the above impersonation code, it displays NT AUTHORITY\NETWORK SERVICE.
Code:
string username = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
However, I am now getting the similar error:
"System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access."
What am I doing wrong?
Scott
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
