Re: impersonate/delegate problem

From: Jerry (jerryy_at_solutionbuildersinc.com)
Date: 08/08/03 

Date: Thu, 7 Aug 2003 20:24:39 -0400

I've been trying to do what you suggest for #2 but that does not work..
Simply setting the <impersonate="true"/> in the web.config and allowing for
windows auth. does not work.

Using computer A connect to website on computer B (web server) and try
to see the status of a windows service on computer C on the same network
can not be done by what you suggest as solution #2.

Although from what I've read from MS doc.. you should be able to but not...

Jerry

"Aadil Abbas" <maa49@cornell.edu> wrote in message
news:uX$4HpPXDHA.2328@TK2MSFTNGP12.phx.gbl...
> There can be two things:
> 1. You can create an assembly to programmatically impersonate the part of
> your application's code that is accessing Network Resources. Make sure to
> encrypt the assembly, so that it cannot be disassembled easily. You can
> distribute this assembly to the development team.
>
> 2. If your application clients are domain users and already have access to
> Network Resources, then you can access the Network Resources using their
> impersonated thread, which would just require <impersonate = "true"/>.
This
> way you can control access to the Network by changing privileges on Active
> Directory (A fine-grained control).
>
> Thanks
> Aadil
>
> 1. If your ASPNET application is being accessed on an intranet, and you
have
> all its users already added in Active Directory, then you can grant access
> to these users on the network resources through Active Directory and they
> should be able to access the Network Resources depending on their rights.
> The impersonated thread in ASP.NET itself inherits all user rights,
because
> its running as the user, however if you spawn a process from this thread
> using Process.Start(), then this new process won't inherit the user's
> security context and would instead run as ASPNET or Network Service user.
>
> 2. You can alternatively, make an assmebly If you wan't to access Network
> Resources
>
> "Jerry" <jerryy@solutionbuildersinc.com> wrote in message
> news:ePdAEzOXDHA.2424@TK2MSFTNGP12.phx.gbl...
> > Ok.. so I've read and seen lot of messages and MSDN docs concerning the
> > above issue.. how do I get it to work?
> > I want to impersonate the current user accessing my website...
> > so I turn on the site directory security to NOT allow anonymous but turn
> ON
> > integrated windows authentication.
> > Then I change the web.config to allow impersonate = "true".
> >
> > So far so good.. this setting will allow me to run the request process
> from
> > the user to the webserver under the current users identity...
> >
> > Now that same process needs to access some network
resources..specifically
> > see if some windows services are running on network servers... so I
need
> to
> > "delegate" the current users identity to the ASPNET...
> >
> > but I thought the impersonate="true" would do that but I guess it
> doesn't..
> > It looks like the impersonate is only for the process b/w the client and
> > webserver.
> >
> > seeing how we are running Win2000 servers and desktops.. and using
Active
> > Directory..
> > what more do I need to get delegate to work?
> >
> > I want to be able to use the user's identity for the delegate..
> >
> > I've tried setting a valid username and password in the webconfig but I
> > don't want to use that.. since it opens up the
> > id/pwd to everyone in the development group..
> >
> > Do I have to turn on the property for the webserver to support delegate
in
> > the AD?
> >
> >
> > Thanks,
> > Jerry
> >
> >
> >
>
>

Relevant Pages

  • Re: Feel Duped by Microsoft with MCE NOT being allowed to join DOM
    ... Unofficial FAQ for Windows Server 2003 at ... > That's because Media Center isn't designed for an office, ... >>> network resources after a reboot or logging back into the PC. ... >>> The primary reason for not allowing joining to a domain was the ...
    (microsoft.public.windows.mediacenter)
  • Re: Active Directory Minimum hardware Spec
    ... the next version of Active Directory has came out with Windows 2003 ... distributed computing environments. ... centrally manage and share information on network resources and users while ...
    (microsoft.public.windowsxp.hardware)
  • Re: Windows Media Edition 2003
    ... While you can access network resources on a work network or a domain, you cannot join a Windows XP ... Media Center 2005 PC to the domain. ...
    (microsoft.public.frontpage.client)
  • Re: Cannot add domain users to my XP Home
    ... > My boss has his laptop configured with Windows XP Home ... Please help, or my boss will.... ... Windows XP Home Edition has limited functionality in a Domain ... way in which you boss is accessing Domain secured network resources. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: difference between Professional and Media Edition
    ... What you won't get with MCE is Pro's domain joining ability and cached credentials... ... While you can access network resources on a work network or a domain, you cannot join a Windows XP Media Center Edition 2005 PC to the domain. ...
    (microsoft.public.windows.mediacenter)
Quantcast