Re: ASP 2.0, C#, LDAP Login, and Forms impersonation?

No, forms auth does not support impersonation like Windows auth does. You
would need to code your own thing to do that. Since you are gathering the
user's credentials, that should be possible, but you'll need to store them
somewhere (like session or something), as you won't have them after the
forms login is processed.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Karl" <karlmitschke@xxxxxxxxxxxx> wrote in message
news:ITAPg.925$ya1.440@xxxxxxxxxxxxxxxx
Will a forms authentication allow me to impersonate a user?

I am working on an application that will run on a kiosk, and allow a user
to
login and view their homedirectory.

I have a form with the new login control which works great.

I get logged in, and find the user's homedirectory.

I then write Click here to access your home directory, and include a file
URL pointing to the homedirectory

All of this works, until the user clicks the link. At this point, a user
cannot access their user drive without logging in again.

So, now I am trying to map a drive using WNetAddConnection2A, and it fails
with an error 5 on my development PC (Access Denied)

I get a formsauthentication ticket via
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

fat.name populates correctly

Then, i call WNetAddConnection2A using the structure of:
dwType= RESOURCETYPE_DISK
lpLocalName = "m:"
lpRemoteName = "\\\\usawvfs04\\userskl\\karlm"
lpProvider= null

My lpPassword is null, my lpUsername I set to fat.name.tostring()
I do not set any dwFlags.

If I hard code my own null terminated username and password, I get an
error 1312 (ERROR_NO_SUCH_LOGON_SESSION)

Here is the relevent code:
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
IIdentity WinId= HttpContext.Current.User.Identity;

try
{
char[] splitter = { '\\' };
string SearchString ="";

// Access resources using the identity of the authenticated
user
DirectoryEntry obEntry = new
DirectoryEntry("LDAP:servername/DC=/DC=/DC=");
SearchString = "anr=" + fi.Ticket.Name.ToString();

DirectorySearcher search = new DirectorySearcher(obEntry,
SearchString);
SearchResult res = search.FindOne();
strUserDrive = (string)res.Properties["homedirectory"][0];

Response.Write("Hello, " +
(string)res.Properties["givenname"][0]+".");
Response.Write("<br/><br/>Your User Drive is now
available.<br/>");

NETRESOURCEA[] n = new NETRESOURCEA[1];
n[0] = new NETRESOURCEA();
n[0].dwType = 1;
int dwFlags = 1;
n[0].lpLocalName = @"m:";
n[0].lpRemoteName = (string)res.Properties["homedirectory"][0];
n[0].lpProvider = null;

FAILS HERE:
int result = CMyMprTest.WNetAddConnection2A(n, null, fi.Name,
dwFlags);

Response.Write("<br/>Click here to access your <a
href=file://m:> user drive</a>");
Response.Write("<br/><br/>Remember to click Logout when you are
done with your user drive.");



.