Asynchronous Web Services calls with Impersonation

---

• From: Dave <davidhomer@xxxxxxxxxx>
• Date: Sat, 28 Jul 2007 10:49:21 -0700

---

Hello,

I have a problem with Impersonation with ASPX pages running with
Impersonation that call Web Services Asynchonously that the
Impersonated credentials are not passed to the Web Service when called
with the Begin... method, however they are when the Web Service is
called normally.

Microsoft .NET 2, Visual Studio 2005 Pro

-- SAMPLE ASPX Page --
Dim oService As New samplews.SampleService
oService.Credentials =
System.Net.CredentialCache.DefaultCredentials
oService.BeginWhoAmI(AddressOf callback, Nothing)


-- SNIPPET FROM THE SAMPLE WEB SERVICE --
<WebMethod()> _
Public Sub WhoAmI()
Dim oSR As New System.IO.StreamWriter("c:\temp
\wswhoami.txt", True)
oSR.WriteLine(My.User.Name)
oSR.Close()
End Sub


The subroutine - when run on Windows XP reports back as
COMPUTERNAME\ASPNET.


I can work around the problem by editing the ASPNET.CONFIG file,
however I don't like this idea as this will effect all applications
and the application I develop may well have to run alongside other Web
Applications (I got the idea to try this from
http://www.leastprivilege.com/WhatIsAspnetconfig.aspx)


<configuration>
<runtime>
<alwaysFlowImpersonationPolicy enabled="true"/>
<legacyImpersonationPolicy enabled="false"/>
</runtime>
</configuration>


Is there another way to pass my current credentials to the Web Service
when run Asyncronously? If I could send the Web Service my
System.Security.Principal.WindowsIdentity.GetCurrent() I could
run .Impersonate against it but I'm not sure how to send this Object
to the Web Service


Help!



Regards,



David Homer

.

---

• Prev by Date: ByPass Windows Identity to one server to another server
• Previous by thread: ByPass Windows Identity to one server to another server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ASPNET and Impersonation ... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ... (microsoft.public.dotnet.security) Re: ASPNET and Impersonation ... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ... (microsoft.public.dotnet.framework.aspnet.security) Re: Windows authentication for web service client?? ... I have a web service that make a webDav request to Exchange. ... I have impersonation on but when I use the defaultCredentials in the web ... credentials have rights to make this request and I'm at my wits end trying ... >>> The ASPNET account is a local account, so the other machine or domain ... (microsoft.public.dotnet.framework.aspnet.webservices) Can it work...? - ASP.NET Impersonation with Remoting ... I have an ASP.NET Web Page / Web Service that runs on IIS and uses ... Server expects a Principal token not a cheapo Impersonation token ... request it do the work (The Service will check the credentials and ... (microsoft.public.dotnet.framework.remoting) Asynchronous Web Services calls with Impersonation ... Impersonation that call Web Services Asynchonously that the ... Impersonated credentials are not passed to the Web Service when called ... however I don't like this idea as this will effect all applications ... (microsoft.public.dotnet.framework.aspnet.webservices)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)