locked
How to enforce to use user account, rather than NT Authority/Network Service? RRS feed

  • Question

  • User1389651474 posted

     This code below is written on page_load and it runs on a Visual Studio Development Server (2005) mode.  I use the SQL Profiler to trace on what account is running on the Roles' and Profiles' functions.

    The results came out on a Visual Studio Development Server mode:

    It run on the user account which is what I wanted.

     

    I use VS 2005 to publish it (Build --> Publish) to the IIS (v6) and run the SQL Profile again.  The result came out:

    It run on NT Authority\Network Service which is NOT what I want.

     Here is my snippet of my web.config:

        <authentication mode="Windows">

        </authentication>
        <identity impersonate ="true"/>
        <authorization>
          <deny users="?"/>
        </authorization>

       <roleManager enabled="true" defaultProvider="SqlRoleManager" >
          <providers>
            <clear/>
            <add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="ABCConnectionString" applicationName="ABC" />
          </providers>
        </roleManager>

        <profile defaultProvider ="ABCSQLProfileProvider" enabled="true">
          <providers>
            <clear/>
            <add name="ABCSQLProfileProvider" connectionStringName="ABCConnectionString" applicationName="ABC" type= "System.Web.Profile.SqlProfileProvider" />
          </providers>
          <properties>
            <add name="UserDropProfile" type="String" defaultValue="" />
            <add name="UserFontSize" type="String" defaultValue="tdtssmaller.css" />
          </properties>
        </profile>
       

    <connectionStrings>
         <clear/>
         <add name="LocalSqlServer" connectionString="Data Source=...;Initial Catalog=TDTS;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
         <add name="ABCConnectionString" connectionString="Data Source=...;Initial Catalog=TDTS;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
      </connectionStrings>

     

    Does anyone here have any ideas how to enforce this to use user account, rather than NT Authority/Network Service on IIS mode?  Any information would be appreciated...

     

    Snippet Code of Profile, User Roles and User Identity

            Dim User As Principal.IPrincipal = System.Web.HttpContext.Current.User
            Dim UserProfile As Object = HttpContext.Current.Profile

            If User Is Nothing Then
                Response.Redirect("~/InvalidUser.aspx")
            Else
                If Roles.GetRolesForUser(User.Identity.Name).Count > 0 Then
                    lblWhoLogOn.Text = User.Identity.Name
                Else
                    Response.Redirect("~/InvalidUser.aspx")
                End If
            End If

            If (UserProfile Is Nothing) Then
                MyStyleSheet.Href = "css/tdtssmaller.css"
                UserProfile.SetPropertyValue(cFontProfileName, "tdtssmaller.css")
            ElseIf (UserProfile.GetPropertyValue(cFontProfileName).ToString = String.Empty) Then
                MyStyleSheet.Href = "css/tdtssmaller.css"
                UserProfile.SetPropertyValue(cFontProfileName, "tdtssmaller.css")
            Else
                MyStyleSheet.Href = "css/".ToString & UserProfile.GetPropertyValue(cFontProfileName).ToString
            End If

     

    Sunday, July 12, 2009 9:25 PM

Answers

  • User-738352979 posted

      Integrated Security=SSPI;"

     first change i will suggest that use Integrated Security=Ture.

     

    and go to

     run-> Inetmgr-> ur website->

    rightclick -> properties-> directry secuirty->

     edit-> and here u have

     checked windows integrated secuirty check box.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 13, 2009 2:02 AM
  • User372121194 posted

    Hi,

    To impersonate window identity in ASP.NET correctly, please disable "Anonymous access" and enable "Integrated Windows authentication" on IIS.

    Where is your SQL Server? If your ASP.NET application server and SQL Server are not in same machine, IIS cannot delegate that user's credentials to a remote machine. So it always uses ASP.NET server name (<Domain>\<MachineName>$) to login SQL server.

    If so, I suggest you use SQL authentication in connection string with userid and password.

    For more information, you can refer to related discussion on http://forums.asp.net/t/1433961.aspx

    I look forward to receiving your test results.

     

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 15, 2009 2:48 AM

All replies

  • User-738352979 posted

      Integrated Security=SSPI;"

     first change i will suggest that use Integrated Security=Ture.

     

    and go to

     run-> Inetmgr-> ur website->

    rightclick -> properties-> directry secuirty->

     edit-> and here u have

     checked windows integrated secuirty check box.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 13, 2009 2:02 AM
  • User372121194 posted

    Hi,

    To impersonate window identity in ASP.NET correctly, please disable "Anonymous access" and enable "Integrated Windows authentication" on IIS.

    Where is your SQL Server? If your ASP.NET application server and SQL Server are not in same machine, IIS cannot delegate that user's credentials to a remote machine. So it always uses ASP.NET server name (<Domain>\<MachineName>$) to login SQL server.

    If so, I suggest you use SQL authentication in connection string with userid and password.

    For more information, you can refer to related discussion on http://forums.asp.net/t/1433961.aspx

    I look forward to receiving your test results.

     

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, July 15, 2009 2:48 AM