Re: Active Directory and asp.net....

From: Matjaz Ladava (matjaz_at__nospam_ladava.com)
Date: 05/27/03 

Date: Tue, 27 May 2003 13:19:17 +0200

Jup. Actualy if you enable impersonation on forms authentication, then you
application will run under IUSR_..... account because impersonation
impersonates IIS account. I would like to point you to an QArticle that
shows sample on how to use LogonUser API in your ASP.NET application
http://support.microsoft.com/default.aspx?scid=306158
I was just starting to write the code, when this QArticle poped-up :-))

Regards

Matjaz Ladava

"Jim" <ssss> wrote in message news:uZnmj6DJDHA.3604@tk2msftngp13.phx.gbl...
> So you are saying is that inside my asp.net api call out to the win32
> LogonUser api to change the current user from the default asp account to
my
> special account designed only to have 'domain admin' rights.
>
> So this is a kinda impersonation using win32 api calls....
>
> Jim
>
>
>
> "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
> news:#N$9ryDJDHA.3056@tk2msftngp13.phx.gbl...
> > Impersonation works only on Windows authentication, so it has no affect
on
> > Forms authentication. What you can do is, to use diferent acount for ASP
> > worker process (with admin rightd), but this is quite dangerous (running
> web
> > site under domain admin). Another aproach would be to use LogonUser Api,
> to
> > temporary switch application thread to another user.
> >
> > Regards
> >
> > Matjaz Ladava
> >
> > "Jim" <ssss> wrote in message
news:eRXyacDJDHA.700@TK2MSFTNGP10.phx.gbl...
> > > I have a web service that is doing user authentication and management,
> > > internally it is using active directory to store the user accounts,
this
> > is
> > > accessed through the System.DirectoryServices namespace in C#. I use
> > > imperonsation to modify the user accounts, i.e. I impersonate a
'Domain
> > > Adminstrator' account and modify the user properties as required.
> > >
> > > When I test this from a desktop or console application it works
> perfectly
> > > fine, but when my web service is used from an asp.net application I am
> > > unable to modify user properties. The asp.net application is using
forms
> > > authentication which uses this web service to authenticate, what do I
> have
> > > to modify in the asp.net application to get imperonsation working
> > correctly
> > > for my web service?
> > >
> > > Cheers
> > >
> > > Jim
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Remote control of windows service with windows 2003 server
    ... Impersonation is more difficult in forms authentication. ... you are passing the username and password for a windows account. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Active Directory and asp.net....
    ... LogonUser api to change the current user from the default asp account to my ... > Impersonation works only on Windows authentication, so it has no affect on ... Another aproach would be to use LogonUser Api, ... >> I have a web service that is doing user authentication and management, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: localhost vs. macinename in URL (access denied)
    ... Impersonation with Integrated Authentication will work if you are accessing ... a resource on the same machine. ... being delegated to allow delegation or change the computer account to allow ...
    (microsoft.public.dotnet.security)
  • Re: impersonating a user
    ... > authentication is what determines the context of the thread. ... > applications, IIS will read the HTTP, and when anonymous is selected IIS ... > Local System account (which is the default account for Services that are ... > impersonation and authentication very clearly. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Disable account in Active Directory from .NET using DirectoryEntry
    ... The account impersonated depends upon the authentication mechanism you are using ... As I previously mentioned, if impersonation is not enabled, then the ASPNET ...
    (microsoft.public.dotnet.framework.aspnet.security)