Impersonate User

From: Novice (6tc1ATqlinkDOTqueensuDOTca)
Date: 03/17/04

Date: Wed, 17 Mar 2004 11:41:20 -0800

Hi all, I have three real questions (in addition to a couple of trivial ones) that are really perplexing me concerning "impersonating users" in .NET.

The first question has to do with a problem I was having finding all the details on a user through their DirectoryEntry in WinNT. Currently, I'm using the following code to simply get all the properties associate with a particular user:
The following is included in one of my .aspx pages:
Private Function GetUserDetails() as String
   Dim arrName() as String
   Dim FullName as string, LogonName as String, objUser as new DirectoryEntry
   LogonName = trim(User.Identity.Name)
   logonName = LogonName.Replace("\", "/")
   objUser.Path = "WinNT://" + logonName

   Dim collectionOfProperties As System.DirectoryServices.PropertyCollection
   collectionOfProperties = objUser.Properties
   Dim dEnumerator as IDictionaryEnumerator
   dEnumerator = collectionOfProperties.GetEnumerator
   while (dEnumerator.MoveNext = True)
     FullName = FullName + "<br>"+ dEnumerator.Key + ": " + (collectionOfProperties.Item(dEnumerator.Key)).Value().toString()
   End While

   Return FullName
End Function
In addition, the following has to be at the top of the aspx page:
<%@ Assembly name="System.DirectoryServices, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"%><%@ Import Namespace="System.DirectoryServices" %>

An additional small question is:
4. How do I translate this:
<%@ Assembly name="System.DirectoryServices, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"%>

into the VB code (in the aspx.vb file) that is running behind my .aspx files? I.E. how do I import the System.DirectoryServices namespace in a aspx.vb file without getting a compiler error (Namespace cannot be found)?
The first "real" question I have is:
1. Why do I get the following run-time exception:

Exception Details: System.Runtime.InteropServices.COMException: The
network path was not found

if I don't enable "impersonate-user" by putting the following in my web.config file:
<identity impersonate="true"/>

It can't be a result of the ASP.NET account having insufficient privileges because I have tried removing the above string fom my web.config file and increasing the ASP.NET account to FULL privileges and still I get the above run-time error/exception.

Is it because Windows does not allow me to get all the details of the above user unless I'm able to switch the current httpcontext user Principal to the user accessing the website?
2. The second "real" question I have is in what context (in either a web application or a stand-alone application) am I likely to want to impersonate a user (other than the one above)?

I gave it some thought and I couldn't think of any reason why I would want to impersonate a user in a web application, unless it was to do exactly what I'm doing in my function at the beginning of this post and that is to get all the details of that user's account.
3. The third "real" question is why do users not residing on the machine hosting the aspx files get a "Enter Network Password" dialog box when they view the aspx files? They can just click on "OK" without entering their username, password or domain and it works fine. But I want to stop the server from prompting them with those dialog boxes. I realize they are coming up because I've chosen "windows integrated" authentication, but since they don't need to enter any details to have the server httpcontext "impersonate" them, then I would rather them not be prompted with the dialog box in the first place. If I try accessing the aspx files from the server machine, I do not get the dialog box prompting.