Security

PowerShell ASP is fully integrated into the ASP.NET Pipeline. Because of this, you can use the standard ASP.NET mechanisms for securing access to your scripts and pages.

Impersonation

One issue that is important to understand, however, is how impersonation of users logging into your PowerShell ASP-enabled web site works.

By default, your PowerShell ASP scripts will never run in the context of the users logged on to the application, regardless of how you configure the impersonate attribute of the <identity> element in your Web.Config file.

This happens because PowerShell executes all scripts and pipelines in a secondary thread that is not integrated into the regular ASP.NET thread pool, and thus does not inherit the security and impersonation of the original thread processing the HTTP request.

If this is a feature you absolutely need (it's not generally recommended), you can change this behavior so that the impersonation context flows between the right threads. This can only be done at a global level, by editing the main aspnet.config configuration file for the .NET 2.0 framework, which can be found in the %WINDIR%\Microsoft .NET\Framework\v2.0.50727\ directory.

For details about the changes necessary to enable this feature, visit: http://blogs.msdn.com/powershell/archive/2007/09/10/impersonation-and-hosting-powershell.aspx

Copyright (c) 2022 /n software inc. - All rights reserved.
PowerShell Server 2020 - Version 20.0 [Build 8318]