Security question.

[J-T]

We have an asp.net application with <identity impersonate="true"/> and
<authentication mode="Windows" /> in our web config and we are using Windows
integrated in IIS and also NT AUTHORITY\NETWORK SERVICE account in its
application pool. I create an object in Global.asax which monitors a folder
for upcoming files.What is the security context of the object since there is
no user (Domain\Username) requesting this object.Is it running under the
security context of AUTHORITY\NETWORK SERVICE account ?

Thanks in advance

 

[Bruce Barker]

objects don't have a security context, only threads do. if you access the
the object in global.asax before authentication, then you run under the app
pool account. if you call the object after the authentication event, then
you will run under the impersonated account

-- bruce (sqlwork.com)

 

[J-T]

In that object I'd like to gain access to the file system of a windows 200
which is not in our domain,so I was thinking to set up our application pool
to run under a local aacount and then duplicate that account in windows 2000
server and give it right NTFS permission sets then for our database access I
create a sql server acount with the same name and password and I use this
connection string in my web.config

<add key="Main.ConnectionString"
value="Server=db-d;Database=vcad;Min Pool Size=5;Trusted_Connection=True"/>
OR
<add key="Main.ConnectionString" value="Data Source=db-d;Min
Pool Size=5;Initial Catalog=vcad;Integrated Security=SSPI;"/>

and also this:

identity impersonate="true" username="MyUser" password="123"/>
<authentication mode="Windows" />


Note: MyUser is a local account to each server and is the one which my
application pool is setup under.

Thanks a lot