Re: Can't get impersonation to work

From: Fernando Vicaria [MSFT] (fvicaria_at_online.microsoft.com)
Date: 06/23/04

• Next message: Cindy Liu: "Re: How to get the WindowsIdentity of the caller of my excutable?"
• Previous message: Fernando Vicaria [MSFT]: "Re: StrongNameIdentityPermission error"
• In reply to: ECrawford: "Can't get impersonation to work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 23 Jun 2004 13:29:23 -0700

Check out this article:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetimpersonation.asp

Your code will probably require FullTrust trust independently of the user
you impersonate.

Let me know if you still have problems after that.

"ECrawford" <ECrawford@discussions.microsoft.com> wrote in message
news:7B66AC2D-EC0C-45F7-B94E-B001AD42C46B@microsoft.com...
>I have a .Net application and one of my ASP pages exports a Crystal Reports
>file to a network drive. The problem is that when Crystal exports the file,
>it uses the ASPNET user account, which doesn't have access rights to the
>network drive.
>
> I want to impersonate the authenticated user when I do the export, but it
> doesn't seem to work. When I run the app, FileMon shows that it is still
> using ASPNET.
>
> I have tried adding the <identity impersonate="true" userName="validuser"
> password="validpass"/> to my web.config file, but that doesn't work
> either. I did think I had this working yesterday, but today it doesn't
> seem to be ?!?!
>
> I have also tried the following code:
>
> currentWindowsIdentity =
> CType(User.Identity,System.Security.Principal.WindowsIdentity)
> impersonationcontext = currentWindowsIdentity.Impersonate()
>
> ReportName.Export()
>
> impersonationcontext.Undo()
>
> This shows the impersonation elements to be the same as the authenticated
> user, but the app still blows up and FileMon still shows ASPNET as the
> user.
>
> What am I doing wrong?!?!?!
>
> THanks,
> Ed
>

---

• Next message: Cindy Liu: "Re: How to get the WindowsIdentity of the caller of my excutable?"
• Previous message: Fernando Vicaria [MSFT]: "Re: StrongNameIdentityPermission error"
• In reply to: ECrawford: "Can't get impersonation to work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages IUSR_machinename vs ASPNET ... privileges, between the Internet Guest User Account (IUSR_machinename, ... where machinename is the name of your computer) vs. the ASPNET user ... (ASP.NET machine account). ... One of the things you can do is set the impersonate ... (microsoft.public.dotnet.general) Re: <identity impersonate="true"> question ... The default setup used to be to run the ASPNET worker ... Does your app actually need to create categories? ... Windows authentication, and impersonate the authenticating user? ... (microsoft.public.dotnet.framework.aspnet.security) Re: impersonation in a sub thread ... A COM+ server runs outside the ASPNET context and can assume any identity ... > security context of the parent process. ... > E.g. when a webapplication that is set to impersonate ... > After giving that privilege to ASPNET, ... (microsoft.public.dotnet.framework.aspnet.security) Re: IUSR_machinename vs ASPNET ... "Andrew J Fortune" ... > where machinename is the name of your computer) vs. the ASPNET user ... > visiting user can impersonate that specific account. ... (microsoft.public.dotnet.general) Re: Impersonation in threads in web application ... Perhaps you could try to change the user that aspnet uses to SYSTEM. ... guessing you are running under the MACHINE user. ... > thread - it is created under ASPNET user and when I try to impersonate it ... (microsoft.public.dotnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-06