Re: LogonUser from ASP.NET

From: Paul Clement (UseAdddressAtEndofMessage_at_swspectrum.com)
Date: 01/25/05

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: LogonUser from ASP.NET" 
    Date: Tue, 25 Jan 2005 14:59:54 -0600

    On Tue, 25 Jan 2005 10:37:39 -0600, "laimis" <simulai@NOSPAMiit.edu> wrote:

    ¤ Hello everybody,
    ¤
    ¤ this is rather complicated, but intriguing problem that I have been having.
    ¤ What I want to do is: after user connects to my asp.net application, I want
    ¤ to elevate the thread's user from ASPNET to let's say administrator so that
    ¤ priviledged operation could be performed. I don't want to change account
    ¤ under which ASP.NET runs. My idea is to impersonate in COM+ app that runs
    ¤ under priviledged account.
    ¤
    ¤ Currently here is how I have it implemented.
    ¤
    ¤ 1. HttpModule intercepts the request for the application.
    ¤ 2. Module calls COM+ app that runs with priviledged account
    ¤ 3. COM+ app calls LogonUser to obtain security handle which later is used in
    ¤ creating windows identity and impersonaiting the identity, thus receiving
    ¤ context.
    ¤ 4. Context is returned to the module
    ¤ 5. Module uses it to assign to the current context of the executing thread
    ¤
    ¤ All of the steps work just fine. I call LogonUser, I can see in the security
    ¤ log the succesful audit event. However, the context assigned doesn't make a
    ¤ difference to the running thread and the thread's user still returns ASPNET.
    ¤
    ¤ Does anyone see a problem with my method?
    ¤

    Not sure if I understand your configuration completely. Is the privileged operation being performed
    by the COM+ application? From your description is appears that the COM+ application is already
    running under a privileged account.

    Paul ~~~ pclement@ameritech.net
    Microsoft MVP (Visual Basic)

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: LogonUser from ASP.NET"