Re: identity impersonate=true masks the identity of the app pool for trusted sql connections

On Mar 17, 11:21 pm, Dominick Baier
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
What do you mean with AD id?? The username?

You get that from Context.User.Identity.Name - and no impersonation is required
for that (nor for the token role provider - but i see no value in using that
anyways).

Make sure windows auth is enabled in IIS - and anonymous is turned off..

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)



I have my ASP.NET sites setup to connect to SQL Server using trusted
security and their application pool identities according to this
article:http://msdn2.microsoft.com/en-us/library/ms998292.aspx

Everything is working fine without trouble.

However, now I have a site which requires the identity
impersonate=true web config setting so that it knows the active
directory id of the web user. I have to have the impersonate flag
turned on because I use the AspNetWindowsTokenRoleProvider to
authorize my users.

The problem is that when impoersonate=true, the site no loner connects
to the database with the app pool identity. Instead, it uses either
the user's identity if basic authentication is enabled or some other
local machine account.

How can I accomplish both in the same web site? How can I have the
site use trusted security and connect to my SQL server under the
identity of the app pool AND have impoersonate=true so that I know the
AD id of the user?

Thanks for your help.- Hide quoted text -

- Show quoted text -

Thank you. I was using WindowsIdentity.GetCurrent() which would not
return the account name of the user unless the impersonate flag was
set.

.

Relevant Pages