NTFS rights not honored

[Pål Andreassen]

Running Windows 2003 Server
Framework 1.1

A site is configured to use integrated security (in IIS 6)
Windows autentication and user impersonation in web.config
<identity impersonate="true" />
<authentication mode="Windows" />

I've got a ASPX page that lists folders and files from a predefined
location on the server. These folders and files have access rights set to
them by NTFS security. The problem is that everyone can see every file
and
folder, even though NTFS does not permit them.

How can I expose a file structure for browsing through ASP.NET and
still honouring NTFS file rights?

 

[Kevin Spencer]

You say that everyone can see every file and folder. What you mean is that
your ASP page will DISPLAY every file and folder, do you not? The reason I
say that is, there is only ONE account under which that ASP.Net application
runs, and it is the ASP.Net worker process that is looking at the files and
folders, and displaying information about them in the browser. The user is
only looking at the browser, which doesn't require any special permission,
unless the web site itself requires a Windows login to be viewed, and even
then, that doesn't affect what user account your ASP.Net worker process is
running under. It only affects who can view that page.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.