什么是ASP.net模拟 [英] What is Impersonation in ASP.net

问题描述

能否请您解释一下模拟非技术users.Then的观点，请解释一下.NET world.Impersonation是相当邪恶的还是不错的？。做我们这申请Forms身份验证？

Can you please explain impersonation in the view of non-technical users.Then please explain it in .NET world.Impersonation is quite evil or good?.Do we apply it for FORMS AUTHENTICATION?

推荐答案

您应该检查出的<一基思·布朗的描述href=\"https://web.archive.org/web/20100425071718/http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsImpersonation.html\"相对=nofollow>模拟。这实在是一个Windows的概念。

You should check out Keith Brown's description of impersonation. It is really a Windows concept.

当您在使用窗体身份验证（FA）IIS进程下的IIS特定用户设置的凭据正在运行的应用程序。

When you have an application using forms authentication (FA) the IIS process is running under the credentials of a specific user setup in IIS.

例如：如果你有一个叫做用户Bob登录时使用FA和和IIS安装作为网络服务运行。鲍勃访问一个页面，这使得Web服务调用到另一台计算机，其他计算机将看到IIS用户，而不是鲍勃。您可以使用模拟允许Bob访问Web服务作为一个真正的Windows用户，而不是网络服务。

Example: If you have a user called Bob logged on using FA and and IIS setup to run as Network Service. Bob accesses a page which makes a web service call to another computer, the other computer will see the IIS user and not Bob. You can use impersonation to allow Bob to access the web service as a real Windows user and not Network Service.

模拟不是邪恶的，但它也可能被滥用。你真的需要了解你的整体安全模型的影响。这也是对开发人员调试创造了很多的工作什么的。这是特别的情况下，如果你不具备管理员权限的资源（如网络服务），您试图访问。

Impersonation is not evil but it can be misused. You really need to understand the impact on your overall security model. It is also something that create a lot of work for developer to debug. This is especially the case if you do not have admin rights to the resource (eg. web service) you are trying to access.

这篇关于什么是ASP.net模拟的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！