The pest of Impersonation
- From: Cliff <Junk@xxxxxxxxxxxxx>
- Date: Mon, 24 Sep 2007 16:43:03 -0000
I have an ASP Website setup which presents some data, then posts
changes to that data to another webpage (whcih is java based) by using
variables on the URL Line, the Java website trapps the user's details
and places some information against the closed call, such as who
closed it.
This works ok....and here's the code
string number = ((CloseParams)o).number;
string CloseText = ((CloseParams)o).closecomment;
WebClient wc = new WebClient();
wc.UseDefaultCredentials = true;
Uri uri = new Uri("http://callsite/getservices/
view_specific_update_action.cfm?number="
+ number + "&Resolution=" +
HttpUtility.UrlEncode(CloseText) + "&subclose=" +
HttpUtility.UrlEncode("Close Ticket"));
string result = wc.DownloadString(uri);
The website on the other side of this (callsite) is supposed to be
trapping the currently logged on user (through integrated
authentication) and placing the logged on user details on the call.
if you access the callsite through ie everything works fine.
However...by accessing my site wihch is in ASP.NET that information
does not get passed through.
If in my code I do
Debug.WriteLine(this.User.Identity.Name.ToString());
I get the username of the currently logged on user to my asp.net
site....which is what I would expect. That user should be what is
passing across to the other site....surely???
The guys who own the Java site are saying they are seeing the server
that my site is running on as the account that is closing tickets..
I've made a few changes to things
I've tried setting Impersonate = true and false in web.config.
I've tried changing the identity in the App Pool to Local Service and
Local System
I've tried changing the code to run the old fashioned way:
HttpWebRequest req =
(HttpWebRequest)WebRequest.Create(uri.ToString());
string username =
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
EventLog.WriteEntry("AutoGen close tool", "User " + username +
"\n" + "Executed the URL: " +
uri.ToString());
WebResponse response = req.GetResponse();
StreamReader sr = new
StreamReader(response.GetResponseStream());
string tmp = sr.ReadToEnd();
i.e. using Webrequest instead of WebClient
I've also tried doing an explicit impersonation
HttpWebRequest req =
(HttpWebRequest)WebRequest.Create(uri.ToString());
System.Security.Principal.WindowsImpersonationContext
impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
string username =
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
EventLog.WriteEntry("AutoGen close tool", "User " + username +
"\n" + "Executed the URL: " + uri.ToString());
WebResponse response = req.GetResponse();
StreamReader sr = new
StreamReader(response.GetResponseStream());
string tmp = sr.ReadToEnd();
but none of that works!
How can I put the call across to the Callsite website using the
credentials of the user thats accessing my website?
Cliff.
.
- Follow-Ups:
- Re: The pest of Impersonation
- From: Joe Kaplan
- Re: The pest of Impersonation
- Prev by Date: Re: Are XML Signatures secure?
- Next by Date: Re: The pest of Impersonation
- Previous by thread: Are XML Signatures secure?
- Next by thread: Re: The pest of Impersonation
- Index(es):
Relevant Pages
|
|
