Security Challenge: Runtime impersonation without calling LogonUse
From: Web Developer (WebDeveloper_at_discussions.microsoft.com)
Date: 06/24/05
- Next message: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling LogonUse"
- Previous message: Dam6: "VB Login page problem?"
- Next in thread: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling LogonUse"
- Reply: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling LogonUse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 11:38:02 -0700
I have an ASP.Net web application that uses Integrated Authentication. I'd
like to impersonate the person making the request at RUNTIME instead of
specifying impersonate="true" in the web.config.
Does anyone know how I can get the requesting user's userToken to pass to
the Impersonate method of the
System.Threading.Thread.CurrentPrincipal.Identity?
i.e.
'Retrieve the requesting user's security token
Dim userToken as IntPtr = /Some call here/
Dim MyImpersonationContext As
System.security.Principal.WindowsImpersonationContext
'Temporarily impersonate the requesting user
MyImpersonationContext =
CType(System.Threading.Thread.CurrentPrincipal.Identity(),
System.Security.Principal.WindowsIdentity).Impersonate(userToken)
'Call a web service with using the logged-on user's credentials
'Revert the impersonation
MyImpersonationContext.Undo()
Thanks for your help!
- Next message: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling LogonUse"
- Previous message: Dam6: "VB Login page problem?"
- Next in thread: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling LogonUse"
- Reply: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling LogonUse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
