Re: programmatically login using LDAP and impersonation

---

• From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 13 Nov 2006 22:06:53 +0000 (UTC)

---

In Windows 2003 domains you can impersonat an account by using the UPN (user@domain)

e.g.

WindowsIdentity id = new WindowsIdentity(username);
id.Impersonate();

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

I'm on a network system that has some pretty strict policies that I
can not change. My criteria is to use forms login for extranet users,
against a sql server database and impersonate an account that is on an
intranet Active Directory.

Saying it a different way, I need to impersonate an intranet Active
directory account that must be authenticated using Kerberos
authentication.

I'm stuck at this point trying to figure out how to programticly
impersonate the account that will be used to access the sql server. It
will only allow windows authentication, our system uses LDAP windows
auth, that runs thru a kerberos portal.

*sigh* The only thing I can think of is to programaticly log in the
intranet account, get the authentication ticket assign that ticket to
the user, then using the login name and password they provided check
the database and determine authorization from there. Is there another
way, am I missing something? If I'm not missing something where can I
get the information that I need?

EggHeadCafe.com - .NET Developer Portal of Choice
http://www.eggheadcafe.com

.

---

• Follow-Ups:
  • Re: programmatically login using LDAP and impersonation
    • From: Joe Kaplan

• References:
  • programmatically login using LDAP and impersonation
    • From: bob

• Prev by Date: Re: programmatically login using LDAP and impersonation
• Next by Date: Re: programmatically login using LDAP and impersonation
• Previous by thread: Re: programmatically login using LDAP and impersonation
• Next by thread: Re: programmatically login using LDAP and impersonation
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Login failed for ServerGuest ... | guest and the use of the same account/password does not ... |>I think it is not a limitation in Windows 2000. ... |>use same password for Administrator account on both Win2000 and WinXP ... although Windows Authentication is more secure than ... (microsoft.public.sqlserver.connect) Re: User authentication ... With Windows authentication, ... an account is a member of Domain Admins. ... Windows account instead to run backup jobs. ... (microsoft.public.sqlserver.clients) Re: How to use WindowsPrincipal properly?? ... > If you want to check if the user is in the local computers security group ... > used by the general public you have to use Basic Authentication of course. ... You can logon a set account ... > WindowsIndentity which is then used to Impersonate. ... (microsoft.public.dotnet.framework.aspnet.security) Re: User authentication ... Server Agent service account. ... What I want to do is configure scheduled backup. ... However, if possible, I would like to use Windows authentication as opposed ... (microsoft.public.sqlserver.clients) RE: Adding a virtual FTP folder to IIS ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ... (microsoft.public.dotnet.framework)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-11