Re: ASP.NET Impersonation in a Windows 2003 non domain member serv

I don't think he can impersonate a domain account on a non-domain member
machine whether or not he wants to delegate. He wouldn't be delegating if
he was using S4U or called LogonUser, but I don't think he can get that
logon token and impersonate it no matter what. Is that your understanding
of how it works?

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:51eb3048e2958c951b79ddb6eb0@xxxxxxxxxxxxxxxxxxxxx
OK - you are talking about delegation. Which is something different.

Yeah - you need domain connectivity for that.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi Dominick,

Thanks a lot for your answer.

I've tried both approaches you mention. They both work very well in a
domain member server but they don't work in a non domain member server
(cause there are no domain controller to authenticate the user). What
I need is a way to call a server component located at the internal
network by passing it a windows identity credential created at the non
domain member server.

Thanks again for your help.

Best regards,

Johann Granados

"Dominick Baier" wrote:

You need Windows authentication enabled for that.

Then you either generally impersonate for the length of the whole
request using the <identity impersonate="true" /> config switch - or
programmatically by calling

using (((WindowsIdentity)Context.User.Identity).Impersonate())
{
}
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi everybody,

Is it possible to do ASP.NET Impersonation in a windows 2003 non
domain member server (locate at the DMZ)? If so, how can I do that?

Thanks in advance for your kind reply

Best regards,

Johann Granados
Staff DotNet




.

Relevant Pages

  • Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
    ... you can't really do this as you can't create a domain identity to ... impersonate on a non-domain machine. ... That's not the way Windows security ... domain member server but they don't work in a non domain member server ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
    ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... domain member server but they don't work in a non domain member server ... Then you either generally impersonate for the length of the whole ...
    (microsoft.public.dotnet.framework.aspnet.security)