Re: Security Challenge: Runtime impersonation without calling LogonUse

From: Joseph Bittman MCAD (RyanBittman_at_msn.com)
Date: 06/24/05 

Date: Fri, 24 Jun 2005 12:56:29 -0700

June 24, 2005

   From what I understand, you are looking to create an impersonation
context from the web application's USER and Not the local web application's
service account. In this case, the easiest way would be to disable anonymous
auth in IIS & enable Windows Int. Auth and to disable anonymous auth in the
web.config. You do Not need to put the impersonation=true element in though.
Then use the code:

Dim context as windowsimpersonationcontext
context = USER.identity.impersonate
'do something
context.undo

User is a WindowsPrincipal object which contains the web application's user
identity and Not the service account of the application. You can use the
Identity.impersonate from it. I'm not quite sure what the usertoken you are
wanting is needed for, but I do believe that somewhere under User.Identity.
there is a usertoken property. This should work, and I hope this helps! :-)
Let me know how it turns out! 

-- 
                 Joseph Bittman
Microsoft Certified Application Developer
"Web Developer" <WebDeveloper@discussions.microsoft.com> wrote in message 
news:9989FB8F-D192-40C8-ADA7-B057D2943659@microsoft.com...
>I have an ASP.Net web application that uses Integrated Authentication.  I'd
> like to impersonate the person making the request at RUNTIME instead of
> specifying impersonate="true" in the web.config.
>
> Does anyone know how I can get the requesting user's userToken to pass to
> the Impersonate method of the
> System.Threading.Thread.CurrentPrincipal.Identity?
>
> i.e.
> 'Retrieve the requesting user's security token
> Dim userToken as IntPtr = /Some call here/
>
> Dim MyImpersonationContext As
> System.security.Principal.WindowsImpersonationContext
>
> 'Temporarily impersonate the requesting user
> MyImpersonationContext =
> CType(System.Threading.Thread.CurrentPrincipal.Identity(),
> System.Security.Principal.WindowsIdentity).Impersonate(userToken)
>
> 'Call a web service with using the logged-on user's credentials
>
> 'Revert the impersonation
> MyImpersonationContext.Undo()
>
> Thanks for your help!

Relevant Pages

  • Re: How to Stop a Service From Impersonating Other Users
    ... The service is set up to run with a user's context. ... take the returned context and run in that context through the impersonate ... infrastructure and that are configured to run under a specific account" ... > find is that when an account logs into the machine, ...
    (microsoft.public.windows.server.security)
  • Re: How to Stop a Service From Impersonating Other Users
    ... off something running in that user context, ... > take the returned context and run in that context through the impersonate ... > and lets users authenticate using their normal domain accounts. ... > infrastructure and that are configured to run under a specific account" ...
    (microsoft.public.windows.server.security)
  • Re: Impersonation problem in Sharepoint 2007
    ... tested a lot of things to impersonate our current user but nothing ... Impersonate method with RevertToSelf: ... WindowsIdentity impersonatedUserIdentity = ... the WindowsIdendity associated to the context ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Impersonation
    ... That sentence 'If you impersonate on the main ... around with trying to impersonate the logged-on user from your windows ... > change the process security context once a process is started. ... >> Richard. ...
    (microsoft.public.dotnet.framework)
  • Re: LDAP lookup: fails on remote computers -- Please help
    ... > the query from a client however the query fails to run. ... > 'Impersonate the Windows AD user running the application ... > Dim impersonationContext As ... > An unhandled exception was generated during the execution of the ...
    (microsoft.public.dotnet.framework.aspnet)