Re: Active Directory and asp.net....
From: Jim (ssss)
Date: 05/27/03
- Next message: Chris Thunell: "Unable to relay with system.web.mail"
- Previous message: Matjaz Ladava: "Re: Active Directory and asp.net...."
- In reply to: Matjaz Ladava: "Re: Active Directory and asp.net...."
- Next in thread: Matjaz Ladava: "Re: Active Directory and asp.net...."
- Reply: Matjaz Ladava: "Re: Active Directory and asp.net...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 May 2003 12:40:57 +0100
This is what I am doing already but it does not want to work from asp.net,
any ideas?
Cheers
Jim
"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:ueUFTHEJDHA.2152@TK2MSFTNGP10.phx.gbl...
> Jup. Actualy if you enable impersonation on forms authentication, then you
> application will run under IUSR_..... account because impersonation
> impersonates IIS account. I would like to point you to an QArticle that
> shows sample on how to use LogonUser API in your ASP.NET application
> http://support.microsoft.com/default.aspx?scid=306158
> I was just starting to write the code, when this QArticle poped-up :-))
>
> Regards
>
> Matjaz Ladava
>
> "Jim" <ssss> wrote in message
news:uZnmj6DJDHA.3604@tk2msftngp13.phx.gbl...
> > So you are saying is that inside my asp.net api call out to the win32
> > LogonUser api to change the current user from the default asp account to
> my
> > special account designed only to have 'domain admin' rights.
> >
> > So this is a kinda impersonation using win32 api calls....
> >
> > Jim
> >
> >
> >
> > "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
> > news:#N$9ryDJDHA.3056@tk2msftngp13.phx.gbl...
> > > Impersonation works only on Windows authentication, so it has no
affect
> on
> > > Forms authentication. What you can do is, to use diferent acount for
ASP
> > > worker process (with admin rightd), but this is quite dangerous
(running
> > web
> > > site under domain admin). Another aproach would be to use LogonUser
Api,
> > to
> > > temporary switch application thread to another user.
> > >
> > > Regards
> > >
> > > Matjaz Ladava
> > >
> > > "Jim" <ssss> wrote in message
> news:eRXyacDJDHA.700@TK2MSFTNGP10.phx.gbl...
> > > > I have a web service that is doing user authentication and
management,
> > > > internally it is using active directory to store the user accounts,
> this
> > > is
> > > > accessed through the System.DirectoryServices namespace in C#. I use
> > > > imperonsation to modify the user accounts, i.e. I impersonate a
> 'Domain
> > > > Adminstrator' account and modify the user properties as required.
> > > >
> > > > When I test this from a desktop or console application it works
> > perfectly
> > > > fine, but when my web service is used from an asp.net application I
am
> > > > unable to modify user properties. The asp.net application is using
> forms
> > > > authentication which uses this web service to authenticate, what do
I
> > have
> > > > to modify in the asp.net application to get imperonsation working
> > > correctly
> > > > for my web service?
> > > >
> > > > Cheers
> > > >
> > > > Jim
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Chris Thunell: "Unable to relay with system.web.mail"
- Previous message: Matjaz Ladava: "Re: Active Directory and asp.net...."
- In reply to: Matjaz Ladava: "Re: Active Directory and asp.net...."
- Next in thread: Matjaz Ladava: "Re: Active Directory and asp.net...."
- Reply: Matjaz Ladava: "Re: Active Directory and asp.net...."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
