Re: Impersonation

From: Trevor Lawrence (TrevorL@ise.canberra.edu.au)
Date: 12/18/02 

From: "Trevor Lawrence" <TrevorL@ise.canberra.edu.au>
Date: Thu, 19 Dec 2002 09:58:39 +1100

Quite simple really. When machine.config says "System" the app works. When
set to "machine" it prangs with "unable to impersonate".

This is what the app does:

The app is set in web.config to impersonate a particular account which has
privileges needed by the app. That's fine. (Authorization settings control
who can run the app.) The app, however, needs to start a separate thread.
When you do that the new thread starts in the ASPNET context (or the SYSTEM
context depending on the machine.config setting). What I want to do is now
programatically make this thread impersonate the same user the app is
running under. This is done by taking the token from the app's
WindowsIdentity, passing this to the thread which then uses it in the
impersonate call - which then succeeds or fails as indicated above.

Anyway, I shall do some more poking about.

Trevor

"Larry Hastings" <greg.@remove-me.unixsucks.com> wrote in message
news:usWQb4kpCHA.2772@TK2MSFTNGP09...
> What seems to be the problem?
>
> Trevor Lawrence wrote:
> >> You're right. One was set to "machine", the other "System". Now
> >> all I have to do is to work out how to achieve what I want without
> >> using "System" :-)
> >>
> >> Trevor
> >>
> >> "Larry Hastings" <greg.@remove-me.unixsucks.com> wrote in message
> >> news:e41eXAjpCHA.2388@tk2msftngp13...
> >>> Compare process model section in machine.config on both machines
> >>>
> >>> Trevor Lawrence wrote:
> >>>>> I have an ASP.NET app that needs to start a thread and
> >>>>> Impersonate. This is workinh fine on a Win2K server, but when I
> >>>>> move it onto my local XP workstation the Impersonate call fails
> >>>>> with an "unable to impersonate" error.
> >>>>>
> >>>>> What are the differences in rights assignments in the two OSes
> >>>>> that lets it work on one and not on the other? Or am I barking
> >>>>> up the wrong tree?
> >>>>>
> >>>>> Trevor Lawrence
> >>>>> School of Computing
> >>>>> University of Canberra
>
>

Relevant Pages

  • Re: can a .NET app get access to a shared doc in SPS?
    ... >> I would suggest that you provide an ASP.NET app that allows the user to ... >> using the primary key from Oracle into a document library in Sharepoint ... >> your ASP.NET app would impersonate a domain account that has write ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: SQL2k3 connectivity problems
    ... I want one user that my app is running under. ... IIS is configured to use this user for anonymous. ... Why wouldn't ASP.Net just follow the rules, and impersonate ... > Why are you using integrated security in an ASP.NET app? ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Network permissions for w3wp.exe?
    ... There is a function on the Microsoft support site that allows you to ... impersonate a specific user in code. ... user, access the share, then switch back. ... > I have an ASP.NET app that is running on a W2k3 DC. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Impersonation
    ... When machine.config says "System" the app works. ... > | When you do that the new thread starts in the ASPNET context (or the ... > | programatically make this thread impersonate the same user the app is ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Impersonation
    ... Try to identify wether it fixes a problem or not - add ASP.NET and IUSR account to local ... When machine.config says "System" the app works. ... | set to "machine" it prangs with "unable to impersonate". ...
    (microsoft.public.dotnet.framework.aspnet.security)