IIS ASP.Net - What identity is your page running in?

There are at least three identities that I know of when you run an ASP.Net page on an IIS server. They are:
  1. At the page level: Page.User.Identity

  2. At the thread level: System.Threading.Thread.CurrentPrincipal.Identity

  3. At the process level: System.Security.Principal.WindowsIdentity.GetCurrent()


Then there are authentication and impersonation modes to set. In Vista, the Computer Management configuration is not as neat as XP or Server 2003, as follows:


Click to see details


The different identities have values as follows (the IIS server is mozart and the web browser user is UserA):


































Authentication ModeASP.Net ImpersonationProcessThreadPage
AnonymousFalseNT AUTHORITY\
NETWORK SERVICE		--
AnonymousTrueNT AUTHORITY\IUSR--
WindowsFalseNT AUTHORITY\
NETWORK SERVICE		mozart\UserAmozart\UserA
WindowsTruemozart\UserAmozart\UserAmozart\UserA



References:


Comments

Post a Comment

Popular posts from this blog

Attack Lab - Level 5 explained

Image
Ning Wang has published a very good write-up (2022 update: web page is gone now) on his solutions to the Attack Lab from the CS:APP book. However, I thought his solution to Level 5 could do with a bit more elaboration for those who are struggling with this topic. First, it is necessary to understand what ROP requires. An essential component of ROP is good luck, lots of it. Without getting lucky, you may take more than 10 100  years to find a workable attack, if at all. This, the authors of CS:APP did not mention. I also could not comprehend the purpose this exercise is even given out as homework in CMU to be completed in a week (while there are tons of homework from other courses too), without an intensive course in Intel Assembler as a prerequisite. Level 5 requires the same general logic as Level 3, which can be summarized as (pseudo code): mov <cookiestring address>, %rdi //why? because touch3 is expecting it there call touch3 To achieve the above for Level 5, ...
Read more

Microsoft Security Essentials - Network and Connectivity Issues

The only time I have used an anti-virus software for myself was in 1987 (yes, more than 20 years ago) when I checked out a version from an Israeli company. I disassembled it, examined the machine instructions, and promptly uninstalled it as I could not relish the idea that every int 21 call must go through a third party. Since then I have not installed AV software on any of my computers. If you have problems updating the MSE anti-virus files due to a proxy server, you may want to skip the long story and jump to the last paragraph below. My daughter started using Windows 95 at age 5 and went through the peak of virus mania circa post-2000. My wife uses the computer daily to check mail and browse the Internet but she belongs to the group of the most elementary and novice type of user you can find. So within my family you can find the full range of computer users. All our computers are running Microsoft Windows and none of them has AV software installed. It's 10 years later and ...
Read more

Assembly version, File version, Product version

Image
If you are a .NET developer, Assembly and File version would be familiar to you. They can be set in the Designer UI (project Properties page, Application tab, Assembly I nformation button...) which basically updates appropriate attributes in AssemblyInfo.cs. Now, there is a less well known number - the Product version . It is not well documented and most developers ignore it altogether with no side-effects most of the time. However, it is an important number and it seems that, of the three, Product version is the most widely used. The three version numbers simply take the values you give them or: a. If Assembly version is not explictly specified, it takes the value of 0.0.0.0. b. If File version is not explicitly specified, it takes the value of Assembly version. c. If Product version is not explicitly specified, it takes the value of File version. In Windows Explorer of Windows XP and Server 2003, you can see from the properties of a file all three version numbers. In W...
Read more