Re: impersonation in a sub thread
From: charlie (charlie_at_nunya.com)
Date: 11/08/03
- Next message: charlie: "Re: Out of Process execution and .NET"
- Previous message: Alek Davis: "Re: database connection string..."
- In reply to: Christian: "impersonation in a sub thread"
- Next in thread: Christian: "impersonation in a sub thread"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 07 Nov 2003 23:59:20 GMT
Christian,
I am quite aware of your pain with this issue. This is a problem for which
I was unable to find a solution while working within the context of the web
server (the ASPNET process).
If you want to solve this issue quickly and with the desired effect, I would
point you in the same direction some others on this group pointed me - COM+.
A COM+ server runs outside the ASPNET context and can assume any identity
you would like it to assume. It is very robust and has good security
associated with it. I was able to solve in one day a problem I had been
battling for more than a week by just taking my code out of the services
application and creating a COM+ application.
Charlie
"Christian" <anonymous@discussions.microsoft.com> wrote in message
news:04b701c3a259$b40b89f0$a501280a@phx.gbl...
> When you create a new thread it inherits the original
> security context of the parent process.
> E.g. when a webapplication that is set to impersonate
> some domain account creates a new thread, the new thread
> runs as the original user (e.g. localmachine\ASPNET) not
> the user the application is impersonating.
>
> Does anyone know how to create a thread and make it
> impersonate the same user as the parent process is
> impersonating?
>
> I tried making the child thread explicitely impersonate
> the domain user, but it was not able/allowed to.
>
> Basically I am doing
>
> WindowsIdentity _winID;
> public static void StartThread()
> {
> // runs as domain user set to impersonate in web.config
> // or IIS control
> _winID = WindowsIdentity.GetCurrent();
> Thread _thread = new Thread(_threadStart);
>
> _thread.Start();
> }
>
> private static void DoWork()
> {
> //runs as localbox\ASPNET
>
> // fails with "Unable to impersonate user"
> _winID.Impersonate();
>
> // more code supposed to run as impersonated user
> }
>
>
> It succeeds when I set asp to run as SYSTEM. (in set
> <processModel userName="SYSTEM"> in machine.config)
>
> http://support.microsoft.com/default.aspx?scid=kb;en-
> us;Q306158
>
> indicates that the process would need the "act as part of
> the OS" privilege.
> After giving that privilege to ASPNET, it still
> impersonation still fails.
>
> Anybody know how I can get the subthread to execute as the
> same (impersonated) user as the web app? Additional
> privileges required for ASPNET? is there a way to start
> the subthread off with the right user?
>
> Thanks
> Christian
>
- Next message: charlie: "Re: Out of Process execution and .NET"
- Previous message: Alek Davis: "Re: database connection string..."
- In reply to: Christian: "impersonation in a sub thread"
- Next in thread: Christian: "impersonation in a sub thread"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
