none
Best Practice - Running .NET application as a different user RRS feed

  • Question

  • Hi,

    I'm working on a project, where we expect the application to have more permissions, than the user calling it. Namely:
    • Database access to a network server
    • File system access to a specific folder
    This is currently achieved, by having a separate WCF service on the same machine handle these requests. This service will have been setup via the application pool to run as a different user, who will have the required permissions.

    My question is, is this best practice, and if not, what is?

    Personally I feel that creating a service layer, simply for a security benefit seems a long way round. Can't we have a secure application .exe managed in a similar way to how the Application pool is used for the service?
    Wednesday, February 18, 2009 2:07 PM

Answers

  • If it's running over WCF, wouldn't you want to host the WCF service on the
    same box but distribute the application to users who have rights? You could
    distribute the app via a group policy so that it's controlled who has permissions.


    • Marked as answer by Zhi-Xin Ye Tuesday, February 24, 2009 7:03 AM
    Thursday, February 19, 2009 3:26 AM

All replies

  • It could be as simple as using the Runas command.  Or a service running under a particular account.  You haven't given nearly enough details to tell if that's good advice or not.
    Hans Passant.
    Wednesday, February 18, 2009 2:26 PM
    Moderator
  • Sorry, was just trying to avoid overcrowding the problem.

    We have users accessing the host machine (Win Server 2003) via WTS. They can then run the application that involves data and file transfer, however the user themselves should not have access to the files (on the WTS host machine) or the database (SQL Server). Therefore the credentials that are used for this access must be kept private from the user (i.e. we can't put username and password in the app.config).

    This is currently achieved via the service, as the user cannot take the credentials from the Application Pool. I was expecting there to be some way the same credentials could be securely assigned or hosted to the exe, rather than having to go through a service layer, or having the password in the app.config and impersonating the given user.

    Please let me know if there are any further details you would like to know, and I can provide them.

    Wednesday, February 18, 2009 2:40 PM
  • If it's running over WCF, wouldn't you want to host the WCF service on the
    same box but distribute the application to users who have rights? You could
    distribute the app via a group policy so that it's controlled who has permissions.


    • Marked as answer by Zhi-Xin Ye Tuesday, February 24, 2009 7:03 AM
    Thursday, February 19, 2009 3:26 AM