IIS Server Security - RE: Looking for an article on identities used in IIS 6.0 web appli

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > October 2005 > RE: Looking for an article on identities used in IIS 6.0 web appli





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author RE: Looking for an article on identities used in IIS 6.0 web appli
Chris Cichocki

2005-10-24, 11:03 am

These are some good articles and I've saved them as bookmarks for reference.
However, what I'm really looking for is a step-by-step walkthrough of a
request that highlights when identities are used. For example, when the
worker process is initiated, it is started with the identity configured in
the Application Pool. But then at some point, the HTTPContext gets assigned
an identity and I'm not sure exactly where in the process that happens.

I know from testing that if I have the Network Service configured in the
application pool and the Internet Guest Account configured in the directory
security, I need to grant both of those Windows accounts Read permissions to
the files or I will get a security error. But why?

A step-by-step explanation of how pages are served that includes different
security configurations such as:

* Anonymous
* Windows authentication
* Basic authentication
* ASP.Net impersonation as configured through the web.config settings

An article on this would help me to get a clear understanding of how this
works, and make sure that I configure the minimum security required to get an
application to work.

Thanks,
Chris

"Wei-Dong XU [MSFT]" wrote:

> Hi Chris,
>
> Tom has suggested a very good article on this topic in ASP.net.
> Furthermore, I'd also suggest the article "Web Site Authentication" in IIS
> online help contains all the information about the IIS6 authentications.
>
> In addiation, some articles on the IIS authentication will also be helpful:
> 158229 INFO: Security Ramifications for IIS Applications
> http://support.microsoft.com/?id=158229
>
> 174775 How Windows NT Challenge/Response Works
> http://support.microsoft.com/?id=174775
>
> About Authentication
> http://www.microsoft.com/windows200...p?url=/windows2
> 000/en/server/iis/htm/core/iiabasc.htm
>
> Please feel free to let me know if you have any further question on this
> matter.
>
> Best Regards,
> Wei-Dong XU
> Microsoft Product Support Services
> This posting is provided "AS IS" with no warranties, and confers no rights.
> It is my pleasure to be of assistance.
>
>
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com