 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / November 2007Pass through Windows Identity to Web Service
I have a web site. It's business layer is accessed through another web service. Both are hosted on IIS. When this application is deployed on the intranet, we have people access it through their AD accounts. Ideally, we want to pass the Windows Identity that is accessing the website through to the business web service layer. The web service layer then grabs the roles from AzMan and returns a custom identity class (that implements IIdentity). The problem I am having is that both the web site and web service have to have <identity impersonate="true" /> in order for the web service to get the client's identity. We don't want the web site to use the client identity. We want the web site to run under ASPNET / Network Service (i.e. the identity assigned for the App Pool). Hi Noremac, For your scenario, you need to pass the windows identity from the ASP.NET application to the webservice application without enable impersonate in ASP.NET web application ,correct? I assume that your web application and webservice are on the same server machine(other wise, we can not forward client authenticated user token across multiple machine boundary--- double hop). Then, if you do not to imperonate your ASP.NET application through <web.config>, you can consider the following means: **use programmatic impersonate. Thus, you can put impersonate code only at the function where you'll call the webservice. Since you've used "windows" authentication in ASP.NET web app, you can use the authenticated user identity(through Context.User.Identity) to perform the impersonate. Here are two articles that may help you: #How To: Use Windows Authentication in ASP.NET 2.0 http://msdn2.microsoft.com/en-us/library/ms998358.aspx #How To: Use Impersonation and Delegation in ASP.NET 2.0 http://msdn2.microsoft.com/en-us/library/ms998351.aspx How do you think? Sincerely, Steven Cheng Microsoft MSDN Online Support Lead ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- >From: =?Utf-8?B?Tm9yZW1hYw==?= <Noremac@newsgroups.nospam> >Subject: Pass through Windows Identity to Web Service >Date: Thu, 15 Nov 2007 11:25:04 -0800 >I have a web site. It's business layer is accessed through another web >service. Both are hosted on IIS. [quoted text clipped - 10 lines] >want the web site to run under ASPNET / Network Service (i.e. the identity >assigned for the App Pool). Hi Noremac, Have you got any further idea on this issue? If you need any other help, please feel free to post here. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- >From: stcheng@online.microsoft.com (Steven Cheng[MSFT]) >Organization: Microsoft >Date: Fri, 16 Nov 2007 04:29:09 GMT >Subject: RE: Pass through Windows Identity to Web Service >Hi Noremac, > [quoted text clipped - 77 lines] >>want the web site to run under ASPNET / Network Service (i.e. the identity >>assigned for the App Pool).
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.