Re: Impersonation Issue

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Mar 2007 11:58:29 -0700

Wouldn't it be nice if the various browsers allowed some sort of minimal
customization of the Basic auth dialog that could be configured server side?
That would certainly help scratch this itch. :)

You could use ADFS to accomplish all of this and get sexy forms auth and SSO
as well. It isn't necessarily very easy to get up running, but you wouldn't
have to code anything special in your app once you did, as it takes care of
the Windows logon details for you.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"-Steve-" <nntp@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:u1%23NPA%23ZHHA.4808@xxxxxxxxxxxxxxxxxxxxxxx

Basic auth just isn't sexy enough though ;-)

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Ouo%23MrsZHHA.4684@xxxxxxxxxxxxxxxxxxxxxxx

That's the way it works. The way you are supposed to do this is to use
Windows authentication in the first place and let it do this for you.
Basic auth with SSL is much more simple.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"-Steve-" <nntp@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eHoAsqnZHHA.2320@xxxxxxxxxxxxxxxxxxxxxxx

I'm using asp.net 2.0 login control to authenticate my users against AD.
I'm storing their encrypted password in session state, which I then pass
to the LogonUser method and succesfully impersonate their account.

The problem I'm having is that I have to continually re-impersonate the
user on every postback. Is there a better solution?

Steve

References:
- Impersonation Issue
  - From: -Steve-
- Re: Impersonation Issue
  - From: Joe Kaplan
- Re: Impersonation Issue
  - From: -Steve-

Prev by Date: Re: Impersonation Issue
Next by Date: identity impersonate=true masks the identity of the app pool for trusted sql connections
Previous by thread: Re: Impersonation Issue
Next by thread: Adding attributes in Active Directory
Index(es):
- Date
- Thread

Relevant Pages

Re: Client Certificate Authentication with ADAM
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... can't do this with ADAM users. ...
(microsoft.public.windows.server.active_directory)
Re: AD Attribute change
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
Re: Users container
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
Re: Maximum length of user names?
... My understanding is that sAMAccountName is still limited to 20 characters. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.windows.server.active_directory)
Re: Web Single Sign On
... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... current Windows credentials to the server, ... This common identity is the user's username used to logon to the ...
(microsoft.public.dotnet.framework.aspnet.security)