Re: How to run as in a deamon

What would be the conceptual difference between running the scheduled task
as the user your need vs. storing their credentials so you could create a
token for them and impersonate them? Basically, that just means it is your
problem to store the credentials vs. the operating system's.

If the process ran as SYSTEM, the server was 2K3 and the AD domain was 2K3
native, you could create an impersonation token for a user based solely on
their user principal name via S4U/protocol transition. I'm not sure if that
really helps you though.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:9BDFE2D9-B9C7-45EC-91B7-E4C6A1CE7002@xxxxxxxxxxxxxxxx
The problem is that this runs on the server (ASP.NET) and most user's
don't
have (and shouldn't have) login rights on the server.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm




"Joe Kaplan" wrote:

Have them set up the scheduled task to run as the required user. That's
the
most straightforward way to solve this.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:525C4CDD-F65C-4C82-8F63-EE93FDE4D091@xxxxxxxxxxxxxxxx
Hi;

We have this web app that handles security great. For everything we do
we
run as the client so we do not have to store any credentials ourselves
and
it
handles Sql Server access, reading files from the server, everything.

But... we have a deamon program where users can schedule these same
actions.
The problem is, when these deamon programs run, we don't have the
client
user
attached and therefore cannot get their credentials.

Do we need to get their uname/pw and store it to be able to runAs
them -
like services in Windows when running under a user? I hate to store
that
info
because that is the keys to the kingdom.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com

Cubicle Wars - http://www.windwardreports.com/film.htm







.

Relevant Pages

  • Re: LDIFDE Error when trying to change passwords.
    ... Can you show the command line you are trying to use? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... import directly from the server via a command prompt, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Integrated Windows Authentication Timeout?
    ... I'd suggest bumping up the auditing on both the web server and SQL ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I do not use any session data so the session timeout should not be the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Why got error "Only one type of operation can be performed in
    ... you have the full stack trace of the error message? ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... It could be that you have run into an ADSI limitation on Win2K server ...
    (microsoft.public.dotnet.security)
  • Re: how to add "Authorization: Basic" for a web service call
    ... There are two sets of credentials you can supply. ... Proxy property allows you to specify information about the proxy server to ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)
  • Re: Store Passwork within .NET App...?
    ... What I'm saying is that the code the user has cannot connect to the Oracle ... server directly if that code needs plaintext credentials. ... Joe Kaplan-MS MVP Directory Services Programming ...
    (microsoft.public.dotnet.security)