Re: Impersonation headache
From: James Pemberton (james.pemberton_at_devro-casings.com)
Date: 10/26/04
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Previous message: Nikolay Petrov: "Re: Authorization problem"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Oct 2004 12:57:37 -0400
I actually did get this to work, without using delegation on the users and
hardware in AD, using the example from:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306158
Hopefully one last question though. I am currently hardcoding the user
name, password, and domain into the code and really don't like doing that.
I know I can retrieve the domain and username from the
WindowsIdentity.Getcurrent.Name, but is there anyway to exacting the users
password without having them type it in on a logon screen?
Thanks
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OOPj1upuEHA.272@TK2MSFTNGP15.phx.gbl...
> These both sound like double-hop delegation issues. The fact that it
> works when you specify specific credentials in your impersonate tag but
> doesn't work when you use Window Integrated Authentication (WIA) and try
> to access resources on a different machine than the IIS box suggests this.
> The impersonation token that WIA creates cannot hop to another machine on
> the network (like your file server or AD) unless Kerberos delegation has
> been enabled and working.
>
> I'd suggest you read up on that first and then come back here if you can't
> get it to work or need a different approach.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
>
> You'll find even more links with a little searching.
>
> Cheers,
>
> Joe K.
>
> "James Pemberton" <james.pemberton@devro-casings.com> wrote in message
> news:eD9ilYpuEHA.2172@TK2MSFTNGP14.phx.gbl...
>>I have been fighting with impersonation for quite sometime now and now
>>matter what I have tried it just won't work.
>>
>> I am trying to get information on two items:
>>
>> 1) I'd like to retrieve a file listing from a directory on our file
>> server.
>>
>> As with most cases I have read about, it works fine on my development PC,
>> XP OS, but when ran off of the web server, I receive <error: an exception
>> of type: {System.UnauthorizedAccessException} occurred>.
>>
>> The only way I can get it to work is to set impersonation=true and set
>> the username and password as out system administrator. I did try to set
>> the user name and password as an AD user we created with full access to
>> the directory, but to no avail.
>>
>> On IIS I have just Integrated Windows Authentication checked.
>>
>> Web.config is as follows: <identity impersonate="true" />
>>
>> Code:
>> Private Sub LoadFiles()
>>
>> Dim impersonationContext As WindowsImpersonationContext
>>
>> Dim currentWindowsIdentity As WindowsIdentity
>>
>> currentWindowsIdentity = CType(WindowsIdentity.GetCurrent,
>> WindowsIdentity)
>>
>> impersonationContext = currentWindowsIdentity.Impersonate()
>>
>> Dim dt As DataTable = New DataTable
>>
>> Dim dr As DataRow
>>
>> dt.Columns.Add("linkname")
>>
>> dt.Columns.Add("textname")
>>
>> Dim di As System.IO.DirectoryInfo
>>
>> 'Dim DirectoryDefault As String =
>> "\\ussfs01\private\Manufacturing\ProductRequest\" & intRequestNbr & "\"
>>
>> Dim DirectoryDefault As String = "\\ussfs01\ProductRequest\" &
>> intRequestNbr & "\"
>>
>> di = New System.IO.DirectoryInfo(DirectoryDefault)
>>
>> If di.Exists Then
>>
>> For Each filename As System.IO.FileInfo In di.GetFiles()
>>
>> dr = dt.NewRow()
>>
>> dr("linkname") = DirectoryDefault & filename.Name
>>
>> dr("textname") = filename.Name
>>
>> dt.Rows.Add(dr)
>>
>> Next
>>
>> Dim dv As DataView = New DataView(dt)
>>
>> dlAttachments.DataSource = dv
>>
>> dlAttachments.DataBind()
>>
>> dlAttachments.Visible = True
>>
>> End If
>>
>> impersonationContext.Undo()
>>
>> End Sub
>>
>>
>> 2) In the same program I have been trying to retrive the users
>> fullname, displayname, or given name from our AD. Once again this works
>> fine on my Development PC, but on the web server I can't even retrieve
>> those attributes.
>>
>> I have tried the following code to no avail:
>>
>> Dim userkey As String = WindowsIdentity.GetCurrent.Name.Substring(3)
>>
>> Dim dse As New DirectoryEntry("LDAP://US")
>>
>> Dim dsearch As DirectorySearcher = New DirectorySearcher(dse)
>>
>> dsearch.Filter = "(&(objectclass=user)(cn=" & userkey & "))"
>>
>> dsearch.PropertiesToLoad.Add("displayname")
>>
>> Dim sr As SearchResult = dsearch.FindOne
>>
>> If Not (sr Is Nothing) Then
>>
>> Dim rp As ResultPropertyCollection = sr.Properties
>>
>> UserName = rp.Item("displayname").Item(0)
>>
>> Else
>>
>> UserName = Nothing
>>
>> End If
>>
>> I have tried the following code to no avail:
>>
>> Any help would be greatly appreciated!
>>
>> James Pemberton
>>
>>
>
>
- Next message: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Previous message: Nikolay Petrov: "Re: Authorization problem"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Impersonation headache"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
