Re: Impersonation of forms-authenticated Active Directory user
From: avnrao (avn_at_newsgroups.com)
Date: 04/28/04
- Next message: Magdelin: "ASP.NET Impersonation / delegation"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation of forms-authenticated Active Directory user"
- In reply to: Mike Swift: "Impersonation of forms-authenticated Active Directory user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Apr 2004 20:26:42 +0530
just wanted to find out why User.Identity is empty for the first time..
r u populating User.Identity with GenericPrinciple object for the first time
just after validating from your login page?
Av.
"Mike Swift" <mikeswift@mailinator.com> wrote in message
news:88fce4c8.0404280552.20fee3f6@posting.google.com...
> Hello all
>
> I wonder if the great and the good of this esteemed forum might shed
> some light on a problem of mine...
>
> Three servers in a domain: one Active Directory server, one SQL Server
> and one IIS. IIS hosts an ASP.NET Web Application which requires that
> users log on through a web form, are authenticated against their
> Active Directory account and then acquire the permissions on the SQL
> Server objects that their Active Directory group membership bestows.
>
> In the following code authentication through LDAP works and authTicket
> appears to be generated correctly. At this stage User.Identity is
> empty, but by loading the page a second time User.Identity contains
> the correct details. This is presumably as a result of reading the
> cookie, but how can I get the correct User.Identity from the
> authTicket without letting the cookie reader do it for me
> automagically?
>
> Anyway, even on the refresh when we have...
>
> User.Identity.Name=myuser
> User.Identity.IsAuthenticated=True
> User.Identity.AuthenticationType=Forms
>
> ...the code still fails on
> (System.Security.Principal.WindowsIdentity)User.Identity, producing
> 'specified cast is invalid'. Is this because its authentication type
> is Forms? If so, and given that form based login is a requirement, how
> can I "Impersonate the Authenticating User in Code".
>
>
> string adPath = "LDAP://ad1.mydomain.com/DC=mydomain,DC=com";
> LdapAuthentication adAuth = new LdapAuthentication(adPath);
> if(true == adAuth.IsAuthenticated(txtDomainName.Text,
> txtUserName.Text, txtPassword.Text))
> {
> FormsAuthenticationTicket authTicket =
> new FormsAuthenticationTicket(1,
> txtUserName.Text,
> DateTime.Now,
> DateTime.Now.AddMinutes(60),
> false, "");
> string encryptedTicket =
> FormsAuthentication.Encrypt(authTicket);
> HttpCookie authCookie =
> new HttpCookie(FormsAuthentication.FormsCookieName,
> encryptedTicket);
> Response.Cookies.Add(authCookie);
> System.Security.Principal.WindowsImpersonationContext
> impersonationContext;
> impersonationContext =
>
> ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
> }
>
> As you may recognise, this code has been cribbed from
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q306158 and it
> may help diagnosis to know that the code from the "Impersonate a
> Specific User in Code" section is working fine, but presumably this
> approach would require me to carry the username and password around,
> in the session say, and re-authenticate on every page_load.
>
> Once the user has logged I want every page to be executed in the
> context of their AD account, so should perhaps there's some altogether
> better way of achieving this that I'm missing.
>
> Cheers,
> Mike.
- Next message: Magdelin: "ASP.NET Impersonation / delegation"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation of forms-authenticated Active Directory user"
- In reply to: Mike Swift: "Impersonation of forms-authenticated Active Directory user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
