Authentication and ASP.NET Impersonation
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1
The examples in this section show how to create ASP.NET applications that incorporate various kinds of industry-standard security technologies. For examples of how to create applications that use forms authentication, see information about Forms Authentication Provider on MSDN.
Using IIS Authentication with ASP.NET Impersonation
In this scenario, you are setting up an application on an intranet Web site for posting employee information. However, some of the information is for managers only. The manager information can be posted to a subdirectory of the general employee information, so that access to it can be limited. The scenario also assumes that:
You are using a Microsoft Windows NT or Microsoft Windows 2000 server.
The hard disk is formatted for NTFS.
Internet Information Services (IIS) 6.0 is the Web server.
All employees needing access are using Windows platforms.
You, as administrator:
Create the files and directories shown in the following illustration.
.gif "Art Image")
Create a Windows group called Managers that contains all users who should have access to the ManagerInfo.aspx file.
Set up Windows authentication using the IIS administration tool.
Set the impersonate attribute in the <identity> element in the ASP.NET configuration file to true.
Set the NTFS access control list (ACL) for the ManagerInformation directory to allow access to only those identities that are in the Windows Manager group. Note that the local system still needs access as well so that the ASP.NET process itself can read the files. Settings in this directory typically resemble the following:
Remove access from the Everyone group, if it has access.
Deny anonymous users.
Add accounts that are to have access privileges.
Give the system account access.
This helps provide the necessary security without the necessity of writing any code.