0

I am creating a website and I want to give certain users the ability to maintain the content (create new pages, update pages, add documents, etc.). I have set the default account for the app pool to only have read / execute permissions. I needed a way to grant write permissions to only a few people who login to the website. I searched and found these two articles:

Can I turn off impersonation just in a couple instances

http://support.microsoft.com/en-us/kb/306158

I followed the code example in the microsoft article under the section "Impersonate a Specific User in Code".

This worked.

Both of these articles are older though, so I wanted to see if anyone had any concerns with this method (specifically security concerns).

My server is Windows 2008R2 (IIS 7.5). I am using .NET 4.5.1 with c#.

Community
  • 1
  • 1
joeshmoe301
  • 1,193
  • 2
  • 11
  • 25
  • 2
    personally I would stay away from Impersonation and implement some other approach for example `User Rights / Rolls` or you could create your own using database.. there are several approached to this without using Impersonation.. – MethodMan Mar 30 '15 at 20:28
  • Support article you've linked to still applies. There are always security concerns around authentication/authorization, but it is not clear what kind of concerns you are looking for. – Alexei Levenkov Mar 30 '15 at 20:37
  • MethodMan: Your example "User Rights / Rolls"; I am not familiar with this approach. Could you provide a link to documentation? Thanks. – joeshmoe301 Mar 31 '15 at 12:39

0 Answers0