Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Interop / June 2004

Tip: Looking for answers? Try searching our database.

QueryInterface discution

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Renato Aloi - 04 Jun 2004 19:49 GMT
Is there a more elegant way to solve the authentication problem when using
COM components in ASP.NET application? I have found some tips on how to
solve this issue, but the only one that worked to me was setting identity
impersonate element at web.config file to a valid user. The problem of this
aproaching is that the ASPNET user is already configurated for sql server,
directory's write access and so on. But now, if I impersonate the ASPNET to
another user, all other althentications will fail.

Please, don't tell me that I will need to change all permissions... I know
that is one way. But I was wondering about change some role-based permission
to include ASPNET user in it.

Any ideas?

tks
Renato

-----------------------------------------------------
Renato Aloi
Analista Programador
J&W Inform?tica Ltda.
Reply to this Message
Jim Sievert - 04 Jun 2004 20:29 GMT
You can work any of two ways.

1.  You can choose not to impersonate in web.config.  In this case, you
simply selectively impersonate in your application using
WindowsIdentity.Impersonate().  You can get the WindowIdentity from
(WindowsIdentity) ( (WindowsPrincipal) Page.User ).Identity.
2.  You can choose to impersonate in web.config.  In this case, you
selectively revert impersonation to ASPNET using the static method,
WindowsIdentity.Impersonate( IntPtr.Zero ).  You can resume impersonation
using WindowsImpersonationContext.Undo().

> Is there a more elegant way to solve the authentication problem when using
> COM components in ASP.NET application? I have found some tips on how to
[quoted text clipped - 17 lines]
> Analista Programador
> J&W Inform?tica Ltda.
Reply to this Message
Renato Aloi - 05 Jun 2004 05:42 GMT
Tks Jim,

It worked fine! Here's the code:

' The caller

       Dim iu As New ImpersonateUser
       If iu.impersonateValidUser("testUser", "MyDomain", "test1234") Then
           'Insert your code that runs under the security context of a
specific user here.
           Dim iop As New InteropTest.Net.Hello
           Response.Write(iop.World)
           Marshal.ReleaseComObject(iop)
           iu.undoImpersonation()
       Else
           'Your impersonation failed. Therefore, include a fail-safe
mechanism here.
           Response.Write("Did you think that it would work?")
       End If

' The class

Imports System.Security.Principal
Imports System.Runtime.InteropServices

Public Class ImpersonateUser

   Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
   Dim LOGON32_PROVIDER_DEFAULT As Integer = 0

   Dim impersonationContext As WindowsImpersonationContext

   Private Declare Function LogonUserA Lib "advapi32.dll" (ByVal
lpszUsername As String, _
                           ByVal lpszDomain As String, _
                           ByVal lpszPassword As String, _
                           ByVal dwLogonType As Integer, _
                           ByVal dwLogonProvider As Integer, _
                           ByRef phToken As IntPtr) As Integer

   Private Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
                           ByVal ExistingTokenHandle As IntPtr, _
                           ByVal ImpersonationLevel As Integer, _
                           ByRef DuplicateTokenHandle As IntPtr) As Integer

   Private Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
   Private Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal
handle As IntPtr) As Long

   Public Function impersonateValidUser(ByVal userName As String, ByVal
domain As String, ByVal password As String) As Boolean

       Dim tempWindowsIdentity As WindowsIdentity
       Dim token As IntPtr = IntPtr.Zero
       Dim tokenDuplicate As IntPtr = IntPtr.Zero
       impersonateValidUser = False

       If RevertToSelf() Then
           If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
               If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                   tempWindowsIdentity = New
WindowsIdentity(tokenDuplicate)
                   impersonationContext = tempWindowsIdentity.Impersonate()
                   If Not impersonationContext Is Nothing Then
                       impersonateValidUser = True
                   End If
               End If
           End If
       End If
       If Not tokenDuplicate.Equals(IntPtr.Zero) Then
           CloseHandle(tokenDuplicate)
       End If
       If Not token.Equals(IntPtr.Zero) Then
           CloseHandle(token)
       End If
   End Function

   Public Sub undoImpersonation()
       impersonationContext.Undo()
   End Sub

End Class
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.