Re: ASP.NET Impersonation in a Windows 2003 non domain member serv



OK - you are talking about delegation. Which is something different.

Yeah - you need domain connectivity for that.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi Dominick,

Thanks a lot for your answer.

I've tried both approaches you mention. They both work very well in a
domain member server but they don't work in a non domain member server
(cause there are no domain controller to authenticate the user). What
I need is a way to call a server component located at the internal
network by passing it a windows identity credential created at the non
domain member server.

Thanks again for your help.

Best regards,

Johann Granados

"Dominick Baier" wrote:

You need Windows authentication enabled for that.

Then you either generally impersonate for the length of the whole
request using the <identity impersonate="true" /> config switch - or
programmatically by calling

using (((WindowsIdentity)Context.User.Identity).Impersonate())
{
}
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi everybody,

Is it possible to do ASP.NET Impersonation in a windows 2003 non
domain member server (locate at the DMZ)? If so, how can I do that?

Thanks in advance for your kind reply

Best regards,

Johann Granados
Staff DotNet


.



Relevant Pages

  • Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
    ... I don't think he can impersonate a domain account on a non-domain member ... machine whether or not he wants to delegate. ... Dominick Baier ... domain member server but they don't work in a non domain member server ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Winform: Impersonating user with no password set
    ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... Is there a way to impersonate to a local account with no password ...
    (microsoft.public.dotnet.security)
  • Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
    ... you can't really do this as you can't create a domain identity to ... impersonate on a non-domain machine. ... That's not the way Windows security ... domain member server but they don't work in a non domain member server ...
    (microsoft.public.dotnet.framework.aspnet.security)