Impersonation is when a user accesses a resource without revealing his identity.
The two types of accounts that are set up using IIS make the task of being identifiable very difficult. These are IUSR_machinename and IWAM_machinename and they get added on a web server automatically. When IIS receives a request for a web page or other resource that has permission for anonymous access, IIS treats the IUSR_machinename/ IWAM_machinename account (depending upon the type of the resource) as the user's account, to access the resources. This obviates the need to authenticate a user.
0 Comments:
Post a Comment