Re: ASP 2.0, C#, LDAP Login, and Forms impersonation?

Or, I could just start over with a windows authentication login, and after
getting authenticated, open default.aspx wtth the

Click Here to access your User Drive and a logout button, I suppose?

I am new (obviously) to asp, and thought "Why not use this nifty login
control"

Seems like a fairly useless control - i will go back to asp.net 1.x and
windows authentication.

Thanks

karl

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OMImaW12GHA.1292@xxxxxxxxxxxxxxxxxxxxxxx
No, forms auth does not support impersonation like Windows auth does. You
would need to code your own thing to do that. Since you are gathering the
user's credentials, that should be possible, but you'll need to store them
somewhere (like session or something), as you won't have them after the
forms login is processed.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Karl" <karlmitschke@xxxxxxxxxxxx> wrote in message
news:ITAPg.925$ya1.440@xxxxxxxxxxxxxxxx
Will a forms authentication allow me to impersonate a user?

I am working on an application that will run on a kiosk, and allow a user
to
login and view their homedirectory.

I have a form with the new login control which works great.

I get logged in, and find the user's homedirectory.

I then write Click here to access your home directory, and include a file
URL pointing to the homedirectory

All of this works, until the user clicks the link. At this point, a user
cannot access their user drive without logging in again.

So, now I am trying to map a drive using WNetAddConnection2A, and it
fails with an error 5 on my development PC (Access Denied)

I get a formsauthentication ticket via
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

fat.name populates correctly

Then, i call WNetAddConnection2A using the structure of:
dwType= RESOURCETYPE_DISK
lpLocalName = "m:"
lpRemoteName = "\\\\usawvfs04\\userskl\\karlm"
lpProvider= null

My lpPassword is null, my lpUsername I set to fat.name.tostring()
I do not set any dwFlags.

If I hard code my own null terminated username and password, I get an
error 1312 (ERROR_NO_SUCH_LOGON_SESSION)

Here is the relevent code:
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
IIdentity WinId= HttpContext.Current.User.Identity;

try
{
char[] splitter = { '\\' };
string SearchString ="";

// Access resources using the identity of the authenticated
user
DirectoryEntry obEntry = new
DirectoryEntry("LDAP:servername/DC=/DC=/DC=");
SearchString = "anr=" + fi.Ticket.Name.ToString();

DirectorySearcher search = new DirectorySearcher(obEntry,
SearchString);
SearchResult res = search.FindOne();
strUserDrive = (string)res.Properties["homedirectory"][0];

Response.Write("Hello, " +
(string)res.Properties["givenname"][0]+".");
Response.Write("<br/><br/>Your User Drive is now
available.<br/>");

NETRESOURCEA[] n = new NETRESOURCEA[1];
n[0] = new NETRESOURCEA();
n[0].dwType = 1;
int dwFlags = 1;
n[0].lpLocalName = @"m:";
n[0].lpRemoteName =
(string)res.Properties["homedirectory"][0];
n[0].lpProvider = null;

FAILS HERE:
int result = CMyMprTest.WNetAddConnection2A(n, null, fi.Name,
dwFlags);

Response.Write("<br/>Click here to access your <a
href=file://m:> user drive</a>");
Response.Write("<br/><br/>Remember to click Logout when you
are done with your user drive.");





.