Re: anonymous access + impersonation

• From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 30 Jan 2006 14:16:31 +0000 (UTC)

this should do it.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hello,

I'm writing a web method which calls a COM+ method, which I need to
call with the user that logged on to windows and invoked the WebMethod
(impersonation).

Simple impersonation works (impersonte=true in web.config) - however,
i need that only a certain part of the code will run in this context.
For other parts, i need different grant opions.

So that where code-impersonation comes in (using
HttpContext.Current.User.Indetity and calling Impersonate()).
For example:

[WebMethod]
public void ConfusedMethod()
{
// This lines will need some powerful grants
WriteSomethingToEventLog();
OpenFileInSystemDirectory();
// This lines should be run with the user
DoImpersonation();
CallComComponent();
UndoImpersonation();
}
THE PROBLEM IS:
i need the first lines to run with a differnet user. i dont want to
use
2 impersonations.
i want all the other parts - which are not in the impersonation scope
-
to run with a user ill configure in IIS (NOT "network service"!)
tried the following:
1 - configure the webservice to run as anonymous access, with a
certain
user. but then Impersonate() doesnt work (exception - cant impersonate
with an anonymous user).
2  - configure the webservice as windows-integrated security. now i
want to decide which user will run the "default lines". so the only
way
i see - is create an application pool with identity=MyDefaultUser.
when doing this, i get an http 401 error (unauthorized) if i try to
call the web service. the only user which works is if i call the
webservice with MyDefaultUser.
I DO set the credentials for the webservice (defaultCredentials) - so
thats not the problem.

whats the correct way to accomplish that?

.

• Follow-Ups:
  • Re: anonymous access + impersonation
    • From: yonido

• References:
  • anonymous access + impersonation
    • From: yonido

• Prev by Date: anonymous access + impersonation
• Next by Date: Re: anonymous access + impersonation
• Previous by thread: anonymous access + impersonation
• Next by thread: Re: anonymous access + impersonation
• Index(es):
  • Date
  • Thread

Relevant Pages RE: How do I: Configure WebService Permissions ... Normally I would uncheck anonymous access for Exclusive Windows only ... > How can I set permissions, so my webservice will run, without entering my ... > I have created a WebService, and then added a Web reference to a Windows ... (microsoft.public.dotnet.framework.webservices) Re: Credentials being lost between servers - out of ideas! ... set the webservice to authenticate using Windows auth, ... You have setup the webservice to impersonate using windows auth. ... The same error message is ... (microsoft.public.dotnet.framework.aspnet.security) Save File to Server on Different Domain ... The file server is on a different domain than the web server. ... Sometimes you might need to obtain a Windows NT account token to impersonate ... Imports System.Collections ... (microsoft.public.dotnet.framework.aspnet.security) Save File to Different Domain - 2nd Post ... Sometimes you might need to obtain a Windows NT account token to impersonate ... Imports System.Collections ... (microsoft.public.dotnet.framework.aspnet.security) Re: Save File to Different Domain - 2nd Post ... maybe the user doesn't have logon permissions on the server ... > impersonate a user with the proper permissions on the file server: ... > Sometimes you might need to obtain a Windows NT account token to ... > Imports System.Collections ... (microsoft.public.dotnet.framework.aspnet.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint