IIS ASP.Net - What identity is your page running in?

There are at least three identities that I know of when you run an ASP.Net page on an IIS server. They are:
  1. At the page level: Page.User.Identity

  2. At the thread level: System.Threading.Thread.CurrentPrincipal.Identity

  3. At the process level: System.Security.Principal.WindowsIdentity.GetCurrent()


Then there are authentication and impersonation modes to set. In Vista, the Computer Management configuration is not as neat as XP or Server 2003, as follows:


Click to see details


The different identities have values as follows (the IIS server is mozart and the web browser user is UserA):


































Authentication ModeASP.Net ImpersonationProcessThreadPage
AnonymousFalseNT AUTHORITY\
NETWORK SERVICE		--
AnonymousTrueNT AUTHORITY\IUSR--
WindowsFalseNT AUTHORITY\
NETWORK SERVICE		mozart\UserAmozart\UserA
WindowsTruemozart\UserAmozart\UserAmozart\UserA



References:


Comments

Post a Comment

Popular posts from this blog

Attack Lab - Level 5 explained

Image
Ning Wang has published a very good write-up (2022 update: web page is gone now) on his solutions to the Attack Lab from the CS:APP book. However, I thought his solution to Level 5 could do with a bit more elaboration for those who are struggling with this topic. First, it is necessary to understand what ROP requires. An essential component of ROP is good luck, lots of it. Without getting lucky, you may take more than 10 100  years to find a workable attack, if at all. This, the authors of CS:APP did not mention. I also could not comprehend the purpose this exercise is even given out as homework in CMU to be completed in a week (while there are tons of homework from other courses too), without an intensive course in Intel Assembler as a prerequisite. Level 5 requires the same general logic as Level 3, which can be summarized as (pseudo code): mov <cookiestring address>, %rdi //why? because touch3 is expecting it there call touch3 To achieve the above for Level 5, ...
Read more

Assembly version, File version, Product version

Image
If you are a .NET developer, Assembly and File version would be familiar to you. They can be set in the Designer UI (project Properties page, Application tab, Assembly I nformation button...) which basically updates appropriate attributes in AssemblyInfo.cs. Now, there is a less well known number - the Product version . It is not well documented and most developers ignore it altogether with no side-effects most of the time. However, it is an important number and it seems that, of the three, Product version is the most widely used. The three version numbers simply take the values you give them or: a. If Assembly version is not explictly specified, it takes the value of 0.0.0.0. b. If File version is not explicitly specified, it takes the value of Assembly version. c. If Product version is not explicitly specified, it takes the value of File version. In Windows Explorer of Windows XP and Server 2003, you can see from the properties of a file all three version numbers. In W...
Read more

Setting to English for the Xiaomi Wifi Router

Image
The Xiaomi Mi Wifi Router now is in English. If it boots up to a foreign language for you, this guide will help you to change it to English. It is best to connect to it via wired Ethernet for the first time. Otherwise, the default unsecured wifi SSID should be Xiaomi_C3C1 . Your IP should be in the subnet 192.168.31.x, and the router is at http://miwifi.com which the router will resolve to 192.168.31.1. The first screen you see will be the setting up of the wifi SSID and wifi password. The big blue button at the bottom is the Next button. The next screen sets up the router administrator password (second field). The first field is Home/Work/Custom. Click the big blue button to complete. At the main configuration page, look for the third item (Settings) on the top menu, and the orange option (System Status): The last option on the page is the language selection: Open the drop down to select English: The change will take place the moment you click English. Enj...
Read more