anonymous access + impersonation

---

• From: yonido@xxxxxxxxx
• Date: 30 Jan 2006 05:53:05 -0800

---

Hello,

I'm writing a web method which calls a COM+ method, which I need to
call with the user that logged on to windows and invoked the WebMethod
(impersonation).

Simple impersonation works (impersonte=true in web.config) - however, i
need that only a certain part of the code will run in this context. For
other parts, i need different grant opions.

So that where code-impersonation comes in (using
HttpContext.Current.User.Indetity and calling Impersonate()).

For example:

[WebMethod]
public void ConfusedMethod()
{
// This lines will need some powerful grants
WriteSomethingToEventLog();
OpenFileInSystemDirectory();

// This lines should be run with the user
DoImpersonation();
CallComComponent();
UndoImpersonation();
}

THE PROBLEM IS:
i need the first lines to run with a differnet user. i dont want to use
2 impersonations.
i want all the other parts - which are not in the impersonation scope -
to run with a user ill configure in IIS (NOT "network service"!)

tried the following:
1 - configure the webservice to run as anonymous access, with a certain
user. but then Impersonate() doesnt work (exception - cant impersonate
with an anonymous user).

2 - configure the webservice as windows-integrated security. now i
want to decide which user will run the "default lines". so the only way
i see - is create an application pool with identity=MyDefaultUser.
when doing this, i get an http 401 error (unauthorized) if i try to
call the web service. the only user which works is if i call the
webservice with MyDefaultUser.

I DO set the credentials for the webservice (defaultCredentials) - so
thats not the problem.

whats the correct way to accomplish that?

.

---

• Follow-Ups:
  • Re: anonymous access + impersonation
    • From: Dominick Baier [DevelopMentor]

• Prev by Date: Re: Good .NET 2.0 security books?
• Next by Date: Re: anonymous access + impersonation
• Previous by thread: Re: Good .NET 2.0 security books?
• Next by thread: Re: anonymous access + impersonation
• Index(es):
  • Date
  • Thread

---

Relevant Pages anonymous access + impersonation ... call with the user that logged on to windows and invoked the WebMethod ... Simple impersonation works - however, ... - configure the webservice as windows-integrated security. ... (microsoft.public.dotnet.framework.aspnet.webservices) Re: Remote control of windows service with windows 2003 server ... Impersonation is more difficult in forms authentication. ... you are passing the username and password for a windows account. ... (microsoft.public.dotnet.framework.aspnet) Re: Starting up Windows Program from a webform with current userss authentication ... On the other hand i have a windows applications that uses windows ... (with authenticated user impersonation), and navigate to the right record. ... application with the "ASPNET" account. ... > appropriate rights on the directory housing the windows application. ... (microsoft.public.dotnet.framework.aspnet) RE: Impersonation on Windows Server 2003 ... Impersonating a windowsidentity did not help the process using the new windows credential. ... credentials of aspnet_wp.exe, typically ASPNET. ... Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As ... !For example, when under this impersonation context, I cannot access the ... (microsoft.public.dotnet.framework.aspnet.security) Cryptographic service provider (CSP) could not be found for this algorithm. ... The ASP.Net application uses impersonation (windows domain account). ... Cryptographic service provider could not be found for this algorithm. ... An unhandled exception occurred during the execution of the ... (microsoft.public.win2000.developer)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)