Re: Active Directory and asp.net....

From: Jim (ssss)
Date: 05/27/03 

Date: Tue, 27 May 2003 14:09:30 +0100

thanks will try later

"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
news:u1FTaDFJDHA.1392@TK2MSFTNGP10.phx.gbl...
> You are probably missing something. As first you can just delete
> impersonation element, second try the sample I created for you (quite easy
> one). It works on my system (just tested it). It is descriptive, so you
can
> see the code that does LogonUser and the part where you insert your code
> that needs impersonation.
>
> An don't forget changing username/domain/password in the code.
>
> If you have any questions, please post back.
>
> Regards
>
> Matjaz Ladava
>
> "Jim" <ssss> wrote in message
news:ut6HUTEJDHA.1392@TK2MSFTNGP10.phx.gbl...
> > This is what I am doing already but it does not want to work from
asp.net,
> > any ideas?
> >
> > Cheers
> >
> > Jim
> >
> >
> > "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
> > news:ueUFTHEJDHA.2152@TK2MSFTNGP10.phx.gbl...
> > > Jup. Actualy if you enable impersonation on forms authentication, then
> you
> > > application will run under IUSR_..... account because impersonation
> > > impersonates IIS account. I would like to point you to an QArticle
that
> > > shows sample on how to use LogonUser API in your ASP.NET application
> > > http://support.microsoft.com/default.aspx?scid=306158
> > > I was just starting to write the code, when this QArticle poped-up
:-))
> > >
> > > Regards
> > >
> > > Matjaz Ladava
> > >
> > > "Jim" <ssss> wrote in message
> > news:uZnmj6DJDHA.3604@tk2msftngp13.phx.gbl...
> > > > So you are saying is that inside my asp.net api call out to the
win32
> > > > LogonUser api to change the current user from the default asp
account
> to
> > > my
> > > > special account designed only to have 'domain admin' rights.
> > > >
> > > > So this is a kinda impersonation using win32 api calls....
> > > >
> > > > Jim
> > > >
> > > >
> > > >
> > > > "Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message
> > > > news:#N$9ryDJDHA.3056@tk2msftngp13.phx.gbl...
> > > > > Impersonation works only on Windows authentication, so it has no
> > affect
> > > on
> > > > > Forms authentication. What you can do is, to use diferent acount
for
> > ASP
> > > > > worker process (with admin rightd), but this is quite dangerous
> > (running
> > > > web
> > > > > site under domain admin). Another aproach would be to use
LogonUser
> > Api,
> > > > to
> > > > > temporary switch application thread to another user.
> > > > >
> > > > > Regards
> > > > >
> > > > > Matjaz Ladava
> > > > >
> > > > > "Jim" <ssss> wrote in message
> > > news:eRXyacDJDHA.700@TK2MSFTNGP10.phx.gbl...
> > > > > > I have a web service that is doing user authentication and
> > management,
> > > > > > internally it is using active directory to store the user
> accounts,
> > > this
> > > > > is
> > > > > > accessed through the System.DirectoryServices namespace in C#. I
> use
> > > > > > imperonsation to modify the user accounts, i.e. I impersonate a
> > > 'Domain
> > > > > > Adminstrator' account and modify the user properties as
required.
> > > > > >
> > > > > > When I test this from a desktop or console application it works
> > > > perfectly
> > > > > > fine, but when my web service is used from an asp.net
application
> I
> > am
> > > > > > unable to modify user properties. The asp.net application is
using
> > > forms
> > > > > > authentication which uses this web service to authenticate, what
> do
> > I
> > > > have
> > > > > > to modify in the asp.net application to get imperonsation
working
> > > > > correctly
> > > > > > for my web service?
> > > > > >
> > > > > > Cheers
> > > > > >
> > > > > > Jim
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>