 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / March 2007WindowsIdentity - Invalid token; it cannot be duplicated
I am having invalid token, it cannot be duplicated error 70% of the time on one machine. We are creating and validating the current user. The following line of code raise exception. System.Security.Principal.WindowsIdentity winIden=new System.Security.Principal.WindowsIdentity(iToken); Exception: String Message = "LoginWI() Invalid token; it cannot be duplicated. at RtReports.Security.LocalAuthentication.CheckUserGroups(IntPtr iToken, StringCollection strGroupsCollection) Any help is really appreciated. Thanks, Kamal Where do you get the token from? ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > I am having invalid token, it cannot be duplicated error 70% of the > time on one machine. We are creating and validating the current user. [quoted text clipped - 13 lines] > Thanks, > Kamal Hi Domnic, Thanks for your response. Here the code from Login() webmethod and the same token will be passed to another method which has the actual problem. WindowsIdentity wi = WindowsIdentity.GetCurrent(); IntPtr iToken = wi.Token; string domainName=""; string userName=""; if (wi.Name != null) { string curUser = wi.Name; if (curUser.Length>0) { int sepIndex = curUser.IndexOf(@"\"); if (sepIndex>-1) { domainName = curUser.Substring(0,sepIndex); int len = curUser.Length-domainName.Length; if (len>0) { userName = curUser.Substring(sepIndex+1,len-1); } } else //just in case , no domain userName=curUser; } } Thanks, Kamal. > Where do you get the token from? > [quoted text clipped - 20 lines] > > Thanks, > > Kamal Hi, well - frankly, i don't understand what you are doing... and why do you have to pass tokens around?? ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > Hi Domnic, > [quoted text clipped - 52 lines] >>> Thanks, >>> Kamal Dominik, Because the login method will be used by asp.net application and also used by sharepoint webpart to access some webservice calls, we splited into two. So, the login method is common and before that we received the Token, we are passing the token to Login method and it tries to get the Priniciple. Sequence is: 1. SharepointLogin() using WindowsIdentity wi = WindowsIdentity.GetCurrent(); IntPtr iToken = wi.Token; and passing this token to LogInUser() method fo Global.ascx. 2. static internal void LogInUser(System.Web.HttpApplication appState, IntPtr iToken, string domainName, string userName) which internally calls another method to retreive valid groups list by passing the iToken again. 3. public string CheckUserGroups(IntPtr iToken, StringCollection strGroupsCollection) which uses the following. System.Security.Principal.WindowsIdentity winIden=new System.Security.Principal.WindowsIdentity(iToken); This is where the "Invalid token" problem happens. I can create a sample application if you like. Please let me know if there is any best way to accomblish this one. Thanks Kamal > Hi, > [quoted text clipped - 63 lines] > >>> Thanks, > >>> Kamal Are you passing the pointer across process boundaries or something? You can't do that. Joe K.  SignatureJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- > Dominik, > Because the login method will be used by asp.net application and also used [quoted text clipped - 102 lines] >> >>> Thanks, >> >>> Kamal Some things strike me odd... First - you are using WindowsIdentity.GetCurrent() - this implies you are using client impersonation (and also that your code will only work with that setting) - you can always get to the authenticated client name by using Context.User.Identity.Name. This also means - why do you have to factor that out? The client information is always available.. ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > Dominik, > Because the login method will be used by asp.net application and also [quoted text clipped - 97 lines] >>>>> Thanks, >>>>> Kamal Dominic, Thank you so much. Reallized after your comment that the following line of code is not right way of doing it. System.Security.Principal.WindowsIdentity winIden=new System.Security.Principal.WindowsIdentity(iToken); Replaced with System.Security.Principal.WindowsIdentity winIden =(WindowsIdentity)this.Context.User.Identity; Problem is resolved now. This helps lot to resolve few other security related questions. http://www.leastprivilege.com/ASPNETSecurityContextTroubleshootingTool.aspx Thanks for your Help. -Kamal. > Some things strike me odd... > [quoted text clipped - 111 lines] > >>>>> Thanks, > >>>>> Kamal Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.