Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / January 2006

Tip: Looking for answers? Try searching our database.

Impersonation a user for the duration of a method.

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Rainier [MCT] - 30 Jan 2006 13:29 GMT
Hi,
I'm running a ASP.NET application using the anonimous user. (ASPNET)
I don't want the user to log in and I don't want to give any more rights to
the ASPNET user either. So I thought of impersonating a local user just for
the duration of a single method.

That user will access the local SAM and retrieve some info.

I've found code on the internet which shows me how to login using COM calls
releasing the handles and dublicating tokens. Yuck.
[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(string pszUsername, string pszDomain,
string pszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

Isn't there some other dot.net like way to do this ?
Something like an attribute with a username and a password I can set above
my method?

Hope someone can release me of this COM code quick.

Kind Regards,
Signature

Rainier van Slingerlandt
(Freelance trainer/consultant/developer)
www.slingerlandt.com

Reply to this Message
Dominick Baier [DevelopMentor] - 30 Jan 2006 14:13 GMT
Hi,

look at the <identity impersonate="true" username="xx" password="xx" />

setting in web.config.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hi,
> I'm running a ASP.NET application using the anonimous user. (ASPNET)
[quoted text clipped - 20 lines]
>
> Kind Regards,
Reply to this Message
Narendra - 30 Jan 2006 14:50 GMT
Hi!
 I think more clarity is required from your side. Why do you want to do
impersonation for only one method? If I am not wrong, you want to
impersonate. But which user you want to impersonate?

regards,
narendra.

> Hi,
> I'm running a ASP.NET application using the anonimous user. (ASPNET)
[quoted text clipped - 17 lines]
>
> Kind Regards,
Reply to this Message
Henning Krause [MVP] - 30 Jan 2006 19:12 GMT
Hello,

and which version of the Framework are you using? Which Windows version?

Greetings,
Henning Krause

> Hi!
>  I think more clarity is required from your side. Why do you want to do
[quoted text clipped - 30 lines]
>>
>> Kind Regards,
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.