Temporarily impersonate the Windows authenticated user in ASP.Net

StackOverflow https://stackoverflow.com/questions/19042357

Question

I'm just reading about temporarily impersonating a user in ASP.Net

at http://msdn.microsoft.com/en-us/library/ff647405.aspx

To achieve this the following code is used.

// Temporarily impersonate the original user.

WindowsImpersonationContext wic = wi.Impersonate();
try
{
  // Access resources while impersonating.
}
catch
{
  // Prevent exceptions propagating.
}
finally
{
  // Revert impersonation.
  wic.Undo();
}

I am using Windows Server 2008 and have an application pool and just wanted to cofirm that when I am not impersonating by using the above code by default the service will then use the identity of my what I have set for my application pool.

Issue is I want a different security access to resources depending on if the user logged in via windows application or used ASP.Net forms authentication Thanks

Was it helpful?

Solution

That is by what I know correct. If you do not impersonate as the calling user, by default it should run under the default identity from the application pool.

===============================================================================

Below are some good links you can go through these to understand the iis user

In summary:

  • IIS 5.1 (Windows XP) - it's a local ASPNET account
  • IIS 6 - by default, application pools run under the Network Service account which is a member of IIS_WPG group
  • IIS 7.0 - still Network Service
  • IIS 7 SP2 / 7.5 - runs under an ephemeral thing called ApplicationPoolIdentity which maps to an account IIS APPPOOL\ApplicationPool (e.g. IIS APPPOOL\DefaultAppPool). This account is a member of IIS_IUSRS user group

Infomation source:-

User ASP.NET runs under What are all the user accounts for IIS/ASP.NET and how do they differ?

http://www.bluevisionsoftware.com/WebSite/TipsAndTricksDetails.aspx?Name=AspNetAccount

http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis

http://imar.spaanjaars.com/287/how-do-i-determine-the-security-account-that-iis-uses-to-run-my-web-site

Source: Shekhar - In which Account By Default ASP.NET 4.0 Code Execute?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top