Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / July 2007

Tip: Looking for answers? Try searching our database.

httplistener, custom hosting and authentication/impersonation

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Enrico Sabbadin - 17 Jul 2007 17:27 GMT
Hi,
I've developed in .net 2.0 a custom web server that hosts asp.net sites
using the httplistener and applicationhost.createapplicationhost.
When I tell to the httplistener to require authenticathion it does work,
however in the the asp.net site EVEN IF I require authentication=windows /
impersonate=true
System.security.prinvipal.windowsidentity.getcurrent() returns the identity
of the hosting process, not of the caller .. and
system.threading.currentprincipal.identity.name is empty.
(all works fine if I publish the same dir to IIS)
What wiring am I missing to have the identity flow from the httplistener to
the asp.net stack ?

i managed to solve it doing an explicit impersonate before forwarding the
call to the asp.net runtime , however i guess there is a better way to do it

Thank you
Reply to this Message
bruce barker - 17 Jul 2007 19:19 GMT
you are confusing two concepts with asp.net. authentication (how the
user is) and thread identity (impersonation).

    authentication=windows inpersonate=true

is telling asp.net that the windows authenication was used, and to
impersonate the hosts identity.

you are coding it the same way as iis does. it impersonates the
webclient before accessing any resources (such as asp.net or the file
system).

-- bruce (sqlwork.com)

> Hi,
> I've developed in .net 2.0 a custom web server that hosts asp.net sites
[quoted text clipped - 14 lines]
>
> Thank you
Reply to this Message
Enrico Sabbadin - 18 Jul 2007 08:18 GMT
i'm not confusing the 2 concepts , i know the difference..
i'm just asking if  authentication=windows inpersonate=true is something i
should take care in custom web hosting , or it's something out of the box if
i code properly

> you are confusing two concepts with asp.net. authentication (how the user
> is) and thread identity (impersonation).
[quoted text clipped - 27 lines]
>>
>> Thank you
Reply to this Message
Enrico Sabbadin - 18 Jul 2007 11:08 GMT
i found the solution here
http://www.leastprivilege.com/HttpListenerAuthenticationAndASPNET.aspx

> i'm not confusing the 2 concepts , i know the difference..
> i'm just asking if  authentication=windows inpersonate=true is something i
[quoted text clipped - 33 lines]
>>>
>>> Thank you
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.