Re: WindowsAuthentication from code
From: Alan Mendelevich (ng_at_ailon.org)
Date: 10/14/03
- Next message: Jim Cheshire [MSFT]: "Re: Web.Config / Security Settings for sites NOT on sys partition"
- Previous message: MS Newsgroups: "Re: WindowsAuthentication from code"
- In reply to: MS Newsgroups: "Re: WindowsAuthentication from code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Oct 2003 16:37:08 +0300
I think impersonation is not really what is needed here. As far as I
understand impersonation makes it look like asp.net process is running under
different identity than it's actually is. After putting some thought into
whole this situation I'm leaning toward the conclusion that this kind of a
problem could not be solved. I think that in whole this windows
authentication process not only server but browser should also know that
some authentication has happened. At least in the case of basic
authentication actually browser sends credentials with every request no
matter that the logon dialog is shown only once. So if we "fake" windows
authentication on the server and browser knows nothing about it, then next
request is sent from the browser like nothing happened.
All these are just some random thoughts and I might be wrong. Maybe it's
possible to send some header back to the browser or something like that.
Please, let me know if you find any solution, and I'll let you know if I do.
Best regards,
Alan.
"MS Newsgroups" <nospam@nospam.com> wrote in message
news:OFpWoVlkDHA.1728@TK2MSFTNGP11.phx.gbl...
> I agree on that, I have been trying to use impersonation to get the user
to
> proper WindowsIdentity as seen from IIS but i can not get this to work.
>
> I was thinking a concept like this:
>
> Dim myToken as intPtr
>
> mytoken=logonuser bla bla API call
>
> Dim myNewID as new WindowsIdentity(mytoken)
>
> Dim myNewContext as WindowsImpersonationContext
>
> myNewContext=myNewID.impersonate
>
> I have tested this and also the sample for how to imperonate a specific
user
> in
>
> http://support.microsoft.com/default.aspx?scid=306158
>
> But i get an "Impersonation Failure" thrown when the contxt is about to
> switch. I have given ASPNET account the "Act as part of operating system"
> right add added the identity impersonate tag in web.config.
>
> Let me know what you think, or if you have any success with this
>
> Thanks
>
> Niclas
>
>
> "Alan Mendelevich" <ng@ailon.org> wrote in message
> news:eZsPtClkDHA.2312@TK2MSFTNGP12.phx.gbl...
> > Hi Niclas,
> >
> > Thanks for the quick reply! As far as I can tell from the code it still
is
> a
> > workaround. I mean IIS doesn't know that something like windows
> > authentication occured. What I try to achieve in the long run is that
when
> > users access non-asp.net content protected by IIS with windows
> > authentication they don't have to enter login information once more.
> >
> > Best regards,
> > Alan.
> >
> > "MS Newsgroups" <nospam@nospam.com> wrote in message
> > news:uNcIF3kkDHA.372@TK2MSFTNGP11.phx.gbl...
> > > This is how i done it:
> > >
> > > Logon using API call to get a token, create a new WindowsIdentity
Object
> > and
> > > create a new Windows principal
> > >
> > > Add the principal to the session with
> > >
> > > session.add("AuthID", ctype(myNewPrincipal,object))
> > >
> > > Change userID for this call with:
> > >
> > > context.User = CType(Session.Item("AuthID"), WindowsPrincipal)
> > >
> > > Then i use global.asax to change the identity for every request
> > >
> > > Private Sub Global_PreRequestHandlerExecute(ByVal sender As Object,
> ByVal
> > e
> > > As System.EventArgs) Handles MyBase.PreRequestHandlerExecute
> > >
> > > If Not Session.Item("AuthIdentity") Is Nothing Then
> > > Context.User = CType(Session.Item("AuthIdentity"),
> > > WindowsPrincipal)
> > > End If
> > >
> > > What i have also done, but not included here, is that i save the
> anonymous
> > > principal to the session before switching, so i can switch back if i
> would
> > > like the user to be able to perform a log off and continue as
anonymous
> > >
> > > Any questions,
> > >
> > > Let me know
> > >
> > > Niclas Lindblom
> > >
> > >
> > > "Alan Mendelevich" <ng@ailon.org> wrote in message
> > > news:OpjxwrjkDHA.2068@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > I'm trying to build a login system where users login via web form,
but
> > > then
> > > > they are logged in as they would with windows authentication only
not
> > > > involving chalenge/response or basic authentication. I was able to
> login
> > > > user via LogonUser() function and to get WindowsIdentity and
> > > > WindowsPrincipal objects. But when I assign WindowsPrincipal object
to
> > the
> > > > HttpContext.Current.User property it get's assigned
> > > > (HttpContext.Current.User.Identity.Name becomes the name of the user
> and
> > > > IsAuthenticated becomes true) but lasts only for the current
request.
> > For
> > > > the next request HttpContext.Current.User.Identity.Name is Anonymous
> and
> > > > IsAuthenticated is false.
> > > >
> > > > What should I do for this authentication to persist across requests?
> > > >
> > > > Thanks in advance for your help!
> > > >
> > > > Best regards,
> > > > Alan Mendelevich
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Jim Cheshire [MSFT]: "Re: Web.Config / Security Settings for sites NOT on sys partition"
- Previous message: MS Newsgroups: "Re: WindowsAuthentication from code"
- In reply to: MS Newsgroups: "Re: WindowsAuthentication from code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
