Re: Hybrid sql server and asp.net windows authentication
From: Onur Gorur (onur_at_gorur.com)
Date: 11/12/04
- Next message: Chris Leffer: "A question about windows accounts"
- Previous message: Chris Mohan: "RE: Site Config Question"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Hybrid sql server and asp.net windows authentication"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Hybrid sql server and asp.net windows authentication"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Hybrid sql server and asp.net windows authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Nov 2004 23:11:19 -0800
The only reason that I impersonate the current user is to get his NT login
name. After I get the login name, I do not need the impersonation to this
current account anymore. when i run the process with the trusted sql account
(with integrated security=sspi), then as far as I know, correct me pls if I
am wrong, when I get the identity of the user, i will get sql account's
loginname and not the current user's or not?
and also I think I should change the process's account from machine.config?
or can it be changed from web.config? will it also affect other running web
applications?
I will be glad if you can give some code examples and elaborate on what you
mean by "you could manually impersonate by casting Content.User.Identity to a
WindowsIdentity and then creating the impersonation context from there."
Thanks,
Onur
"Joe Kaplan (MVP - ADSI)" wrote:
> Couldn't you just set up your process model run as the trusted SQL account
> and then disable impersonation in ASP.NET? In that case, the SQL calls will
> be made with the process account, but users will still log in to the site as
> normal. If you needed to impersonate the current user for some reason
> (local file security or something), then you could manually impersonate by
> casting Content.User.Identity to a WindowsIdentity and then creating the
> impersonation context from there.
>
> Another option would be to put the db access code in a COM+ component and
> run it under a different identity.
>
> Joe K.
>
> "Onur Gorur" <onur@gorur.com> wrote in message
> news:9D160A7D-6C0A-4FC0-B95D-95B88D62850F@microsoft.com...
> >I have an asp.net web application that executes stored procedures on SQL
> > Server 2000 on the backend and displays the results of this stored procs
> > on a
> > grid. I use integrated windows authentication on IIS, asp.net and SQL
> > Server.
> > Here is what I want to do:
> >
> > - When a user starts to use the application I want to get the credentials
> > of
> > the user. (This can be done by web.config:: <identity impersonate="true">)
> > - After I get the user info, I would like to run the stored procedures
> > with
> > a different specific NT user's credentials, one that I will give all SQL
> > Server accesses. So, I will not give any application user SQL Server
> > direct
> > query access but only this specific user account. (This can be done by
> > impersonating this specific user in the web.config)
> >
> > I want both of this, but I could not find a way to accomplish both. One
> > method I thought would be having one asp.net application and another web
> > service application both running with different credentials: First, with
> > the
> > logged in user and second with my sql server account)
> >
> > Any other ideas? Help wanted!
> >
> > Thanks in advance
> >
> >
> > --
> > Onur Gorur, MCSD
> > Microsoft Turkey
> > Mid-Market Programs Manager
>
>
>
- Next message: Chris Leffer: "A question about windows accounts"
- Previous message: Chris Mohan: "RE: Site Config Question"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Hybrid sql server and asp.net windows authentication"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Hybrid sql server and asp.net windows authentication"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Hybrid sql server and asp.net windows authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
