Re: declarative security and impersonation

From: lloyd (lloydspamsodoff_at_slow30.com)
Date: 04/28/05 

Date: Thu, 28 Apr 2005 08:14:30 -0700

I'm using the Microsoft.Samples.Runtime.Remoting.Security library, this is a
console application hosting remoted objects. The calling application is
also a console app where i change its user with LogonUser before remoting
(really just so i can test). FWIW i guess the Microsoft.Samples.. etc
doesnt have much effect because I also have this same behavior when i set up
the remoting with just a simple tcpchannel programmatically. I dont think
the thread / impersonation behavior you mention is happening here, the
impersonation happens after the thread is created. thanks for the reply
btw.

Lloyd Christopher
SLOW30

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:315684632502849780322224@news.microsoft.com...
> Hello lloyd,
>
> What kind of application is that? asp.net / desktop / nt service
> How are you starting the new thread?
>
> Generally, all that [PrincipalPermission] does is calling IsInRole on
> Thread.CurrentPrincipal - regardless of impersonation or whatever -
> another point to note is - if you impersonate and AFTER that start a new
> thread - the impersonation token will not get copied to the new thread and
> you end up with Process Identity again....
>
> If you give me more info we should be able to troubleshoot that problem
>
> HTH
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>> I'm trying to use declarative security on an impersonated thread but
>> i'm getting "System.Security.SecurityException: Request for principal
>> permission failed". Here is the code, havent had any luck finding
>> anything on google so far.
>>
>> Dim currentIdentity As WindowsIdentity =
>> DirectCast(Thread.CurrentPrincipal.Identity, WindowsIdentity)
>> Dim windowsImpersonationContext As WindowsImpersonationContext =
>> currentIdentity.Impersonate
>> Console.WriteLine(String.Format("1 thread {0:S}, user1 {1:S}, user2
>> {2:S}",
>> _
>> AppDomain.GetCurrentThreadId.ToString,
>> Thread.CurrentPrincipal.Identity.Name,
>> WindowsIdentity.GetCurrent.Name))
>> If Thread.CurrentPrincipal.IsInRole("LLOYDATLARGE\GRS") Then
>> TestInternal()
>> End if
>> the WriteLine statement outputs the correct impersonated username for
>> both, but when when it calls TestInternal (obviously indicating that i
>> do have that group), i get the exception. here is TestInternal.
>>
>> <System.Security.Permissions.PrincipalPermission(Permissions.SecurityA
>> ction.Demand,
>> Role:="LLOYDLATLARGE\GRS")> _
>> Public Sub TestInternal() As String
>> Console.WriteLine("testing.")
>> End Sub
>> same if i replace the call to TestInternal() with
>>
>> Dim ppPrincPermis As New
>> System.Security.Permissions.PrincipalPermission(Nothing,
>> "LLOYDATLARGE\grs") ppPrincPermis.Demand
>>
>> any ideas? probably something dumb and i've just been staring at this
>> too long.. thanks
>>
>> Lloyd Christopher
>> SLOW30
>
>
>

Relevant Pages

  • Re: declarative security and impersonation
    ... > application is also a console app where i change its user with ... > LogonUser before remoting. ... I dont think the thread / impersonation ... > Lloyd Christopher ...
    (microsoft.public.dotnet.security)
  • Re: Fatal Execution Engine Error while creating a DataTable on a new Windows 2003 Server
    ... My app is already a console app. ... server in a state where my app cannot create a DataTable! ... Before the impersonation, ... but at least this tells me the problem is a permissions issue. ...
    (microsoft.public.dotnet.framework)
  • Re: Proxy auth with default credentials
    ... Well I've got it working in the console app, ... you have to request the credential for the URI you're trying to request ... System.Net.CredentialCache cache = new System.Net.CredentialCache; ... I'm going to give up with impersonation for now and ...
    (microsoft.public.dotnet.framework.aspnet.security)