Re: accessing remote resources from ASP.NET app
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 01/13/05
- Next message: Royston: "IIS Reset thru Web access denied in Window 2003"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Requesting web page from SSL site fails"
- In reply to: Gianluca Torta: "accessing remote resources from ASP.NET app"
- Next in thread: Gianluca Torta: "Re: accessing remote resources from ASP.NET app"
- Reply: Gianluca Torta: "Re: accessing remote resources from ASP.NET app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jan 2005 19:26:34 -0600
You could also disable impersonation and set up your process account to use
an account that access the remote resource. Lots of people do that. The
steps are different between IIS5 and 6, but the basic idea is the same.
If you need impersonation at the same time, you can do some trickery by
p/invoking RevertToSelf and then restoring the impersonated token when you
are done with your remote call.
Otherwise, I think COM+ is good if you don't mind writing a serviced
component and dealing with all the COM stuff. LogonUser is easy on XP and
2003, but has security restrictions on 2000 that make it much less
attractive.
HTH,
Joe K.
"Gianluca Torta" <giatorta@hotmail.com> wrote in message
news:a2d601fc.0501121608.6983da75@posting.google.com...
> Hi all,
>
> I know this issue has already been discussed in several threads of the
> newsgroup and I read several of them
>
> However, I would appreciate very much to have suggestions specific to
> my particular scenario.
>
> I have an ASP.NET application MYAPP running on machine MYMACH
>
> Such application needs to access a remote database MYDB and a remote
> Web Service MYSVC using the credentials of a specific Windows User
> MYMACH\MYUSER (i.e. a user local to MYMACH)
>
> The use of <identity impersonate="true"> in the Web.config file seems
> to fail for the reasons explained in other threads, i.e. impersonation
> only works for accessing resources local to MYMACH
>
> I would like to avoid using delegation and serviced components, since
> they seem quite complicated to set up.
>
> Similarly, I would like to avoid calling LogonUser() because it is a
> non-managed API and moreover other threads report that many users had
> problems using it.
>
> My question is then: how is it possible to get what I want (which
> seems very simple) in a simple way?
> And, if there is no such "simple way", what is the best way among
> delegation, serviced components, LogonUser() etc. etc.?
>
> Many thanks in advance!
> -Gianluca
- Next message: Royston: "IIS Reset thru Web access denied in Window 2003"
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Requesting web page from SSL site fails"
- In reply to: Gianluca Torta: "accessing remote resources from ASP.NET app"
- Next in thread: Gianluca Torta: "Re: accessing remote resources from ASP.NET app"
- Reply: Gianluca Torta: "Re: accessing remote resources from ASP.NET app"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
