Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Impersonate is true and user can access unauthhorised files

Status
Not open for further replies.
chuair

chuair

Programmer
Apr 9, 2001
20
SG
Hi. Can please help?

- identity impersonate is set to "true"
- user can access to unauthorised files and folders.
- one of my page which will get username and display them in the page is working fine.

- identity impersonate is set to "false"
- only authorised user will be able to access files and folders.
- page that get username and display them displays "ASPNET" instead of username.

I am using "System.Environment.UserName" to get the username. What I am trying to do is to be able to control which user is authorised to access which page and who isn't. And also to be able to display the username and store it into my database.

What's wrong?

Thanks.
 
Sort by date Sort by votes
>>And also to be able to display the username and store it into my database.


try using HttpContext.Current.User.Identity.

it looks like System.Environment.UserName is getting the account name under which the ASP.NET process is executing (which is ASPNET by default)...


Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Yoz. Thanks for the prompt reply. Yeah. It works. Thanks. But just don't understand. Thought when we use impersonate, ASPNET will assume the identity of the user. And with that, aren't we suppose to set security based on the user id?
 
Upvote 0 Downvote
>>when we use impersonate, ASPNET will assume the identity of the user.

correct

>>And with that, aren't we suppose to set security based on the user id?

You are comparing authentication users with processmodel user. Both are different. While the first decides who can access the situation, the second decides under whose account .NET will execute the aspx file...

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Wow. Meaning it's better to turn off impersonate?

When you said, authenticating users will decides who can access the situation, do you mean it's the same as setting security at the files or folders?

"Procesmodel user" decides whose account .NET will execute the aspx files.... Thought we are using ASPNET to access the aspx files???
 
Upvote 0 Downvote
>>When you said, authenticating users will decides who can access the situation, do you mean it's the same as setting security at the files or folders?

sorry, i meant solution not situation, solution meaning your project.

the impersonate tag decides under whose account the .NET runtime will execute the ASPX file...

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Thanks for the prompt reply. Thanks...
 
Upvote 0 Downvote
welcome...

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
635
Makumbi256
Makumbi256
Makumbi256
  • Locked
  • Question
how can i convert this code to cshap
Replies
1
Views
683
xwb
xwb
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
176
WIREMESH
WIREMESH
a6green
  • Locked
  • Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
724
a6green
a6green
sugu1
  • Locked
  • Question
sound editing in web site to record, cut/trim, paste and save as wav file
Replies
0
Views
646
sugu1
sugu1

Part and Inventory Search

Sponsor

Back
Top