I am trying to use the Impersonation functionality but am getting
inconsistent results. Win 2000 w/ Visual Studio 2003 .NET Framework v1.1 in
development mode.

I have the following set in web.config:
<authentication mode="Windows" />
<identity impersonate ="true" />

I also have changed IIS to not allow Anonymous Access

I have changed the permissions on a couple of files to different users that
I have created. Each of the files having only 1 different user given
permission.

2 Problems:

1) Sometimes things happen as expected where, when moving from apsx to aspx,
I get promted for the username/password/domain and with the proper
credentials get permission. But all of a sudden it stops working and am not
given access when retrying with the same credentials on the same aspx page
when nothing has changed.

2) When provided access via the username/login/domain credentials all other
pages that are accessed use that last set of credentials instead of the
original, that being what the user is logged into the machine as.

This isn't a major problem but shouldn't it only allow access and not change
anything?

Istead of using ACL's, try using the <location> element in your web.config
to set the particular user allowed to access a particular location (in your
case a specific .aspx page)

eg.
<configuration>
<!-- allow only user1 to access page 1 -->
<location path="page1.aspx">
<system.web>
<authorization>
<allow users="user1"/>
<deny users="*" />
</authorization>
</system.web>
</location>
<!-- allow only user1 to access page 2 -->
<location path="page2.aspx">
<system.web>
<authorization>
<allow users="user2"/>
<deny users="*" />
</authorization>
</system.web>
</location>
<!-- allow all other authenticated users to access other pages -->
<system.web>
<authorization>
<allow users="?"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>


--

- Paul Glavich
ASP.NET MVP
ASPInsider (www.aspinsiders.com)


"whornak" <whornak (AT) discussions (DOT) microsoft.com> wrote