I wonder if someone might advise me on what might be the best way of executing WMI queries against remote machines?
I have a few choices it seems. Which do you think would be more sensible?
1. Use a separate Application Pool configured to use an Identity with administrative access for the few pages configured to execute WMI queries.
The advantage of this one is that I can use Integrated Authentication from client to server, removing the need to attempt to secure authentication against the site (Kerberos takes care of it).
The downside is, that something running on the web server has a high level of access. Much higher than preferred. Even if that only applies to a handful of pages.
2. Use ASP.NET Impersonation (use the rights of the current user)
This one would reduce the potential for abuse perhaps.
But it means I have to provide a log on mechanism, ideally forms based, because I don't want to pass passwords in clear text (and no one will be logged on with Domain Administrative access on their client).