 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / September 2007Identity Impersonate in ASP.NET
So, I've got an intranet site I'm developing where I'm being told to integrate a few pages that require me to query a remote MSSQL server. That server's owner says authentication on his server is Windows based (no SQL ID/password combos will be assigned, it has to be domain login credentials), but I can only get him to permission one account. AFAICT, that requires me use an <identity impersonate...> in the web.config file for it to be able to run this particular set of queries for all the users who might visit my intranet site. Problem is that I have my own security items based on Windows login credentials. Based on what I've read and the result of my own testing, once I put in that <identity impersonate...> statement, all users start using that identity's login credentials and it overrides their own. So, making it possible for my site to pass through his security breaks my security. Is there any way to set an identity impersonation for just a single page or directory and not have it mess up user identities elsewhere within the site? > So, I've got an intranet site I'm developing where I'm being told to > integrate a few pages that require me to query a remote MSSQL server. [quoted text clipped - 17 lines] > page or directory and not have it mess up user identities elsewhere > within the site? Do you need to use impersonation for this? Can you create a connection to the SQL server with the appropriate credentials uid=domain\account and pwd=pwd and maintain your existing impersonation on your "local" network? Admittedly, I haven't tried that cross-domain and could be overlooking something obvious. Do you need to access remote network resources as well, or simply a SQL connection? You can use code to impersonate the sql server account around all db calls. Not as clean but it'll work. You could also centralize it pretty easily by creating utility classes to create/destroy connections and include impersonation or can create your own connection class which does the impersonation for you at the right time. We do this in our apps for a situation where we need to read from a remote directory. Look at the docs for WindowsIdentity.Impersonate. There's a very good example there. HTH, Sam ------------------------------------------------------------ We're hiring! B-Line Medical is seeking .NET Developers for exciting positions in medical product development in MD/DC. Work with a variety of technologies in a relaxed team environment. See ads on Dice.com. >So, I've got an intranet site I'm developing where I'm being told to >integrate a few pages that require me to query a remote MSSQL server. [quoted text clipped - 17 lines] >page or directory and not have it mess up user identities elsewhere >within the site?
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.