Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / December 2004

Tip: Looking for answers? Try searching our database.

Web service Impersonatation?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Frank Wisniewski - 07 Dec 2004 15:41 GMT
When I set up impersonation in the web.config file and specify a user and
password I get strange results.  This line of code will get me the user
account I set to impersonate:
System.Security.Principal.WindowsIdentity.GetCurrent().Name

This line of code will get me my user account ever time:

System.Threading.Thread.CurrentPrincipal.Identity.Name

What's the difference? shouldn't they both be the user I am trying to
impersonate?

Thanks

Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
Nicholas Paldino [.NET/C# MVP] - 07 Dec 2004 15:49 GMT
Frank,

   No, they should not.  When you impersonate through the WindowsIdentity
object, it does not change the current principal on the thread.  The reason
for this is that you can have different implementations of IPrincipal which
don't necessarily map to windows users and groups.  To that end, having
WindowsIdentity change the current thread's principal would be wrong.

   Hope this helps.

Signature

              - Nicholas Paldino [.NET/C# MVP]
              - mvp@spam.guard.caspershouse.com

> When I set up impersonation in the web.config file and specify a user and
> password I get strange results.  This line of code will get me the user
[quoted text clipped - 12 lines]
> Frank Wisniewski MCSE 4.0, MCP+I, A+
> f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
Frank Wisniewski - 07 Dec 2004 15:56 GMT
Thanks Nicholas,

But how do you know which Principal is being used by your code.  Lets say I
have a routine that writes a file to the local directory, how do I ensure
that code is using my impersonated users rights?

Signature

Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m

> Frank,
>
[quoted text clipped - 22 lines]
> > Frank Wisniewski MCSE 4.0, MCP+I, A+
> > f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
Nicholas Paldino [.NET/C# MVP] - 07 Dec 2004 16:17 GMT
Frank,

   The code will use the rights of whomever the thread is currently running
under.  If you always want to base this on the Windows identity, you can
call the static GetCurrent method on the WindowsIdentity type, passing true
for the ifImpersonating parameter.

Signature

              - Nicholas Paldino [.NET/C# MVP]
              - mvp@spam.guard.caspershouse.com

> Thanks Nicholas,
>
[quoted text clipped - 33 lines]
>> > Frank Wisniewski MCSE 4.0, MCP+I, A+
>> > f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
Consultant - 07 Dec 2004 15:57 GMT
is your server trusted for delegation?

> When I set up impersonation in the web.config file and specify a user and
> password I get strange results.  This line of code will get me the user
[quoted text clipped - 12 lines]
> Frank Wisniewski MCSE 4.0, MCP+I, A+
> f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
Frank Wisniewski - 07 Dec 2004 18:41 GMT
I am running it from my local machine which is part of the domain, is that
what you are asking?

Signature

Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m

> is your server trusted for delegation?
>
[quoted text clipped - 14 lines]
> > Frank Wisniewski MCSE 4.0, MCP+I, A+
> > f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
Consultant - 07 Dec 2004 20:25 GMT
no, in order for impersonation to work, the server must be trusted for
delegation within active directory

>I am running it from my local machine which is part of the domain, is that
> what you are asking?
[quoted text clipped - 18 lines]
>> > Frank Wisniewski MCSE 4.0, MCP+I, A+
>> > f p w 2 3 @ h o t m a i l . c o m
Reply to this Message
bruce barker - 07 Dec 2004 17:09 GMT
asp.net seperates the thread identity from the authenicated user identity.
when the user is authenicated (not anonymous), your have three options:

1) the thread runs as the asp.net account (default)
2) the thread impersonates the authenication account (must use windows
authenication). set impersonate=true in web config
3) the thread impersonates the account specified in the web config.

you picked the third option, so the CurrentPrincipal is the authenicated
account and WindowsIdentity is the thread identity.

note: CurrentPrincipal is a WindowsIdentity only if windows authenication is
used.

-- bruce (sqlwork.com)

| When I set up impersonation in the web.config file and specify a user and
| password I get strange results.  This line of code will get me the user
[quoted text clipped - 12 lines]
| Frank Wisniewski MCSE 4.0, MCP+I, A+
| f p w 2 3 @ h o t m a i l . c o m
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.