Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / April 2008

Tip: Looking for answers? Try searching our database.

Client-side application and impersonation

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Martin - 31 Mar 2008 15:56 GMT
Can a browser-based cient-side application impersonate a domain user?

I am trying to host a client-side assembly in a browser. I need to
then impersonate a domain user account in the assembly to give me
access to network resources, and I'm not sure if I'm able to
impersonate a domain account on a client-side application. I've tried
using various samples for impersonation that use the LogonUser API
call in order to get a token, but this fails in my client app, due to
a security exception.

This is an Intranet environment, with the web server running XP. I
have tried running as a trusted site, but no difference.

Apologies in advance if this has gone to the wrong group.

Regards,
Martin
Reply to this Message
Alvin Bruney [ASP.NET MVP] - 02 Apr 2008 02:54 GMT
You are probably aware that this is no ordinary request, right? You can only
do this if your client can 'see' a domain account. Typically, your client
hosted in the browser has no direct access to the server so if the domain
account is on the server you won't be able to do this easily. If your code
running your client has access to a user context, you can extract the user
from the context and turn around and fire a active directory query but in
most cases the user context is null. The cheap way to see if your existing
code works is simply to turn cas policy off at the command prompt and see if
the application works. If it does, then you simply need to configure CAS
policy.

One way is to have an app or web service running on the server that can do
what you want. From your client, you just fire a web request to the server
to 'authenticate' the client.

Signature

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------

> Can a browser-based cient-side application impersonate a domain user?
>
[quoted text clipped - 13 lines]
> Regards,
> Martin
Reply to this Message
Martin - 02 Apr 2008 09:05 GMT
Hi Alvin,

Thanks for the reply on this - I was aware it was probably not
something I was going to be able to do with ease! I am probably being
a bit lazy, and was really hoping I could reuse the existing control
without much work.

It looks like I'll be doing as you say, and writing a web service.

Thanks again.

Martin
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.