iis 7.5 - Impersonation and forms authentication: why is this asp.net configuration working? -


i inherited asp.net website type app has following security settings in web.config:

<authentication mode="forms">   <forms loginurl="~/signin.aspx" /> </authentication> <identity impersonate="true" /> <authorization>   <allow users="?" /> </authorization>

the application wired application pool running classic pipeline under domain account, let's call svcacct.

the anonymous user identity set application pool identity.

here questions:

  1. does configuration make sense, in particular having anonymous authentication , forms authentication @ same time? though can access page without being authenticated, behind scenes, app checks session variables set after logging in via form , rejects access.

  2. svcacct doesn't have permission read content of folder pages deployed. why still working? svcacct not member of local group, , not member of iis_iusrs group far see. users authenticated manually against ad. understanding iis app uses pool identity read/compile pages , authenticated user identity execute them given impersonate=true.

i found this: https://msdn.microsoft.com/en-us/library/ff649264.aspx lays out nicely options (table 1, row 3), however, don't know if applies in case.

thanks!

update: think answer #2 given paragraph here:

iis 7 , above makes process of configuring application pool identity , making necessary changes easier. when iis starts worker process, needs create token process use. when token created, iis automatically adds iis_iusrs membership worker processes token @ runtime. accounts run 'application pool identities' no longer need explicit part of iis_iusrs group. change helps set systems fewer obstacles , makes overall experience more favorable.

the iis_iusrs has read access on folder , because svcact set identity of pool added automatically iis_iusrs group.


Comments

Post a Comment

Popular posts from this blog

sql server - Cannot query correctly (MSSQL - PHP - JSON) -

i have little problem on project. , turns out query result returns nothing when value of first name or last name has 'ñ' in it. here's code config.php: <?php ini_set('mssql.charset', 'utf-8'); header('content-type: text/html; charset=utf-8'); $servername = "192.168.1.21"; /* ip add of db server */ $connection = array("database" => "db", "uid" => "?", "pwd" => "***"); $conn = sqlsrv_connect($servername, $connection); if(!$conn){ echo "connection not established."; die(print_r(sqlsrv_errors(), true)); } ?> myquery: $idnumber = $_post["idnum"]; $response = array(); $query2 = "select clname, cfname, cmname, cqualifier student cidno = '$idnumber'"; try{ $stmt2 = sqlsrv_query($conn, $query2); } catch(pdoexeption $ex){ $response["success"] = 0; $response["message"] = "d...
Read more

php - trouble displaying mysqli database results in correct order -

i have table in database stores events , date expire. want display events on website display current events first expired events after? i have tried following sql $sql = "select noticeid, notice, noticedesc, noticeimg, noticedate, expirydate tbl_notices group noticeid ,expired order expirydate asc"; but returns expired results first due expirydate being ordered asc in query. my tbl_notice structure looks this noticeid => int(4) notice => varchar(100) noticedesc => text noticedate => timestamp noticeimg => varchar(40) expirydate => datetime expired => int(1) 0 current or 1 expired my php code is $sql = "select noticeid, notice, noticedesc, noticeimg, noticedate, expirydate tbl_notices group noticeid ,expired order expirydate asc"; $result = mysqli_query($conn,$sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { ...
Read more

C++ Linked List -

i trying create linked list download txt file , use linked list handle file line line. when handling downloaded linked list operations performed on such text editor would. encountering problems however. seems "node(string value)" section of code has wrong though original node() declaration no arguments passes. unable figure out quite is. node.h class node { public: node(); node(string value); void setnext(node *nextnode); // allows user set "next" pointer of node points friend class linkedlist; private: string data; // data box node* next; // pointer box }; node.cpp # include <string> # include "node.h" using namespace std; node::node() { data = ""; next = null; } node::node(string value) { data = value; next = null; } void node::setnext(node *nextnode) // allows user set "next" pointer of node points { this->next = nextnode; } your #include <string> ...
Read more