Impersonation

Release 1.0 - ...

Smartsite impersonation allows you to perform impersonation on every request. Impersonation means that a request that is made to Smartsite runs under a configured Windows user account instead of under the default account of the process. Under IIS every request runs under the user defined in the application pool which is by default "Network_Service". This means however that whoever performs that request, every request has the same right on the local system. So if the editor needs to have write access to the www folder because he or she needs to upload images every now and then, every user automatically has write access, even users that are not logged in.

In order to reduce the attack surface, impersonation allows you to specify a different Windows user account for each Smartsite user role. As a result, the editor can run under a Windows user account that has read and write access to the www folder whereas a guest that is not logged in runs under a different Windows user account that has only read access. This has the following benefits:

  1. Security to files and other resources is checked by the operating system and not on application level so there is no need to check every module in the system if it doesn't accidently reads a file to which it should not have access.
  2. Configuring security on your system has now become a common Windows administrator task which is a well-known area for most administrators and is well documented.
Configuring for impersonation

You can configure Smartsite to use impersonation by

  1. Defining a <windowsaccounts> section in your Smartsite.Security.config
  2. Defining an <impersonate windowsaccount="..." /> element in each security profile in Smartsite.security.config

This is an example of a windowsaccount section:

XML CopyCode image Copy Code
<windowsaccounts>
 <windowsaccount id="Guest" domain="mycompany" username="SiteGuestUser" password="12345" />
 <windowsaccount id="Editor" domain="mycompany" username="SiteEditorUser" password="abcde" />
 <windowsaccount id="SystemUser" domain="mycompany" username="SiteAdminUser" password="zyxwv" />
</windowsaccounts>

This is an example of a security profile that uses impersonation to under under the Windows user account mycompany\SiteAdminUser.

XML CopyCode image Copy Code
<profile id="System Administrator" userroles="ADMINISTRATOR">
 <database ref="Test6,AdventureWorks" />
 <impersonate windowsaccount="SystemUser" />
</profile>

Settings access to folder

Because both Smartsite and ASP.Net create temporary files on your system, every account specified in Smartsite.Security.config must have both read and write access to the following folders:

  1. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
    which is the temporary folder where ASP.Net creates shallow copies of your dll's.
  2. C:\Windows\Temp (when running as a service) or
    C:\Documents and Settings\<username>\Local Settings\Temp (when running as a user)
    which is the temporary folder for the current user
  3. C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files (when running as a service) or
    C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files (when running as a user)
    which is the temporary internet files folder.