asp.net impersonation

From: Steve <smason@xxxxxxxxxxx>
Date: Mon, 3 Mar 2008 09:10:26 -0800 (PST)

When a Web Service is configured to use windows authentication with no
impersonation the client can successfully assess the web service.

web.config that works:
<system.web>
<authentication mode="Windows"/>

<authorization>
</authorization>
</system.web>

When I turn on impersonation and add authorization for user domain
\web1 I get the error "The request failed with HTTP status 401:
Unauthorized". User domain\web1 as full access to the web site
directories.

web.config that does not work:
<system.web>
<authentication mode="Windows"/>
<identity impersonate="true"/>

<authorization>
<deny users="*" />
<allow users="domain\web1" />
</authorization>
</system.web>

What do I need to do to get impersonation to work?

.

Follow-Ups:
- Re: asp.net impersonation
  - From: Dominick Baier

Prev by Date: Re: Using AD to grant page and directory accesss
Next by Date: RE: Reconnect to a session and authenticate.
Previous by thread: RE: Using AD to grant page and directory accesss
Next by thread: Re: asp.net impersonation
Index(es):
- Date
- Thread

Relevant Pages

Re: Problem with authentication using DefaultCredentials
... you do not actually need any impersonation within ... you will be given the ASPNET proccess account instead of your account. ... to perform the authorization against those. ... The credentials are forward as part of your web service call ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: asp.net impersonation
... the deny entry should be the last in the authorization element. ... impersonation the client can successfully assess the web service. ... When I turn on impersonation and add authorization for user domain ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: ASPNET and Impersonation
... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ...
(microsoft.public.dotnet.security)
Re: ASPNET and Impersonation
... > not through any additional configuration using the ... > file (instead of being localized to the single Web Service ... > using Impersonation or changing the process identity, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Active Directory authorization
... AD should be fine as a source for authentication for your web service. ... The easiest way to use AD for authentication is to just use the transport layer authentication schemes built in to IIS. ... For app level authorization, I'd suggest checking out Microsoft's Authorization Manager framework. ... every applications. ...
(microsoft.public.windows.server.active_directory)