Re: Active Directory and asp.net....

From: Jim (ssss)
Date: 05/27/03 

Date: Tue, 27 May 2003 11:56:39 +0100

So you are saying is that inside my asp.net api call out to the win32
LogonUser api to change the current user from the default asp account to my
special account designed only to have 'domain admin' rights.

So this is a kinda impersonation using win32 api calls....

Jim

"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:#N$9ryDJDHA.3056@tk2msftngp13.phx.gbl...
> Impersonation works only on Windows authentication, so it has no affect on
> Forms authentication. What you can do is, to use diferent acount for ASP
> worker process (with admin rightd), but this is quite dangerous (running
web
> site under domain admin). Another aproach would be to use LogonUser Api,
to
> temporary switch application thread to another user.
>
> Regards
>
> Matjaz Ladava
>
> "Jim" <ssss> wrote in message news:eRXyacDJDHA.700@TK2MSFTNGP10.phx.gbl...
> > I have a web service that is doing user authentication and management,
> > internally it is using active directory to store the user accounts, this
> is
> > accessed through the System.DirectoryServices namespace in C#. I use
> > imperonsation to modify the user accounts, i.e. I impersonate a 'Domain
> > Adminstrator' account and modify the user properties as required.
> >
> > When I test this from a desktop or console application it works
perfectly
> > fine, but when my web service is used from an asp.net application I am
> > unable to modify user properties. The asp.net application is using forms
> > authentication which uses this web service to authenticate, what do I
have
> > to modify in the asp.net application to get imperonsation working
> correctly
> > for my web service?
> >
> > Cheers
> >
> > Jim
> >
> >
>
>

Relevant Pages

  • Re: Web Services - ProtocolError
    ... HTTP 401 errors has to do with authorization and not with authentication. ... It means that your login is recognized as a known account but this account ... I have created the web service, ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Active Directory and asp.net....
    ... Actualy if you enable impersonation on forms authentication, ... impersonates IIS account. ... > LogonUser api to change the current user from the default asp account to ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... Just as a check I used NET USER /ADD on my test account and as expected ... The password dialog is supposed to appear for Basic authentication ... Thinking more esoterically now -- what are the login rights assigned ... IIS uses a specific login type, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... Everytime I attempt to login under Basic Authentication, ... IUSR_blah account. ... the anonymous user impersonated by the IIS Server is the ... > Event Viewer Security log. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... here are the results of the MS Authentication & Access ... ACCOUNTNAME, this is the account that I am trying to grant access to: ... Account: COMPUTERNAME\ACCOUNTNAME Access type: FULL ... The current configuration requires IIS subauthentication. ...
    (microsoft.public.inetserver.iis.security)