If your app needs to impersonate, the capabilities are limited. Setting impersonation in the identity element causes the Windows Identity to be IUSR_
Wednesday, June 22, 2005
ASP.NET Apps within SharePoint
While designing a digital asset management system for one of my clients, I considered running the ASP.NET app within SharePoint by simply instructing SharePoint to exclude the path. This is a pretty good idea, if the app can live within the confines SharePoint imposes. Authentication & Session, for example, can't be controlled at the this level.
If your app needs to impersonate, the capabilities are limited. Setting impersonation in the identity element causes the Windows Identity to be IUSR_. Leaving impersonation off causes the Windows Identity to be that of the App Pool (NETWORK SERVICE in my case). In either case, the Page and Thread Principals are empty since the Directory Security setting in IIS allows anonymous. Changing the Dir Sec setting does as you'd expect -- the Page and Thread Principals are set appropriately, impersonation is set, etc. But, now the entire top-level SharePoint site requires authorization (no anonymous access).
If your app needs to impersonate, the capabilities are limited. Setting impersonation in the identity element causes the Windows Identity to be IUSR_
Subscribe to:
Post Comments (Atom)
1 comment:
I now think that I could accomplish this w/o a second ASP.NET site (operating rather like a web service). One of this app's requirements is to provide individual (not group/role) security to individual (not Library/container) items. This could be accomplished by requiring the user's credentials in the ASP.NET app, then using Impersonate to revert to the App Pool's identity (Impersonate(IntPtr.Zero)). I haven't proved this out yet.
Post a Comment