Re: ASP.NET Impersonation in a Windows 2003 non domain member serv

---

• From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 20 Apr 2007 21:06:09 +0000 (UTC)

---

OK - you are talking about delegation. Which is something different.

Yeah - you need domain connectivity for that.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi Dominick,

Thanks a lot for your answer.

I've tried both approaches you mention. They both work very well in a
domain member server but they don't work in a non domain member server
(cause there are no domain controller to authenticate the user). What
I need is a way to call a server component located at the internal
network by passing it a windows identity credential created at the non
domain member server.

Thanks again for your help.

Best regards,

Johann Granados

"Dominick Baier" wrote:

You need Windows authentication enabled for that.

Then you either generally impersonate for the length of the whole
request using the <identity impersonate="true" /> config switch - or
programmatically by calling

using (((WindowsIdentity)Context.User.Identity).Impersonate())
{
}
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi everybody,

Is it possible to do ASP.NET Impersonation in a windows 2003 non
domain member server (locate at the DMZ)? If so, how can I do that?

Thanks in advance for your kind reply

Best regards,

Johann Granados
Staff DotNet

.

---

• Follow-Ups:
  • Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
    • From: Joe Kaplan

• Prev by Date: Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
• Next by Date: Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
• Previous by thread: Re: ASP.NET Impersonation in a Windows 2003 non domain member server
• Next by thread: Re: ASP.NET Impersonation in a Windows 2003 non domain member serv
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ASP.NET Impersonation in a Windows 2003 non domain member serv ... I don't think he can impersonate a domain account on a non-domain member ... machine whether or not he wants to delegate. ... Dominick Baier ... domain member server but they don't work in a non domain member server ... (microsoft.public.dotnet.framework.aspnet.security) Re: Winform: Impersonating user with no password set ... Dominick Baier ... Developing More Secure Microsoft ASP.NET 2.0 Applications ... Is there a way to impersonate to a local account with no password ... (microsoft.public.dotnet.security) Re: ASP.NET Impersonation in a Windows 2003 non domain member serv ... you can't really do this as you can't create a domain identity to ... impersonate on a non-domain machine. ... That's not the way Windows security ... domain member server but they don't work in a non domain member server ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-04