Re: Security Challenge: Runtime impersonation without calling Logo
From: Joseph Bittman MCAD (RyanBittman_at_msn.com)
Date: 06/25/05
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Security Challenge: Runtime impersonation without calling Logo"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Security Challenge: Runtime impersonation without calling Logo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 16:04:53 -0700
June 24, 2005
It is perfectly understandable that he doesn't want to use
impersonate=true. If the user is an Administrator, it would not be as secure
by having the entire request be under that account. Instead as an
application security best practice, you should impersonate right before and
ONLY during the sensitive task time period...... :-)
--
Joseph Bittman
Microsoft Certified Application Developer
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:uhsrQFQeFHA.2700@tk2msftngp13.phx.gbl...
> If you are using IWA in IIS, you will need Kerberos delegation to get this
> scenario to work since it is a double hop. The code you are using is
> actually correct. It is actually easier to just use impersonate="true",
> but there may be some reason why you don't want impersonation on for the
> whole request.
>
> I'd suggest reading some of the documentation on Kerberos delegation to
> figure out what it is that you need to do and how to troubleshoot it.
> http://msdn.microsoft.com/vstudio/using/building/web/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT05.asp?FRAME=true#ImplementKerberos
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
>
> Joe K.
>
> "Web Developer" <WebDeveloper@discussions.microsoft.com> wrote in message
> news:58F38410-21E9-428C-B191-B36039D0430D@microsoft.com...
>> Thanks for your reply Joseph.
>>
>> What I'm trying to do is make a web service call from my web application
>> using the credentials of the authenticated user. After I call "context =
>> USER.identity.impersonate", I call "MyWebServiceProxyInstance.Credentials
>> =
>> System.Net.CredentialCache.DefaultCredentials" to add the authenticated
>> user's credentials to the web service proxy. However, the
>> DefaultCredentials
>> are null.
>>
>> Do you know how I can pass the credentials of the authenticated user to
>> the
>> web service proxy?
>>
>> Thank you again.
>
>
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Security Challenge: Runtime impersonation without calling Logo"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Security Challenge: Runtime impersonation without calling Logo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
