-
Posted to
Security
by
tokyoh
on
10-09-2008, 10:42 PM
Excellent, thank you very much.
So, I assume the resultant identities of HttpContext, WindowsIdentity and Thread ALL need permission on the website folder.
-
Posted to
Security
by
tokyoh
on
10-07-2008, 9:02 PM
Right....
What I was trying to do was somehow separate the authentication and authorization, so I could identify the user but still control the authorization with a single identity.
Clearly impossible, right? An identity is either a domain user or anon.
But what about asp.net? With IWA enabled, I see ...
-
Posted to
Security
by
tokyoh
on
10-07-2008, 4:53 AM
Hi,
I want to allow anonymous access to an asp.net website but also authenticate the users because some authorization is done by the web application. I want the web app to run under network service account and access to the website root be restricted to the IIS_WPG only.
I am confused because although impersonation is not enabled, ...