Re: WindowsIdentity - Invalid token; it cannot be duplicated
- From: Kamal <Kamal@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 14 Mar 2007 10:39:57 -0700
Dominik,
Because the login method will be used by asp.net application and also used
by sharepoint webpart to access some webservice calls, we splited into two.
So, the login method is common and before that we received the Token, we are
passing the token to Login method and it tries to get the Priniciple.
Sequence is:
1. SharepointLogin() using
WindowsIdentity wi = WindowsIdentity.GetCurrent();
IntPtr iToken = wi.Token;
and passing this token to LogInUser() method fo Global.ascx.
2. static internal void LogInUser(System.Web.HttpApplication appState,
IntPtr iToken, string domainName, string userName)
which internally calls another method to retreive valid groups list by
passing the iToken again.
3. public string CheckUserGroups(IntPtr iToken, StringCollection
strGroupsCollection)
which uses the following.
System.Security.Principal.WindowsIdentity winIden=new
System.Security.Principal.WindowsIdentity(iToken);
This is where the "Invalid token" problem happens.
I can create a sample application if you like.
Please let me know if there is any best way to accomblish this one.
Thanks
Kamal
"Dominick Baier" wrote:
Hi,.
well - frankly, i don't understand what you are doing...
and why do you have to pass tokens around??
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Hi Domnic,
Thanks for your response. Here the code from Login() webmethod and
the same token will be passed to another method which has the actual
problem.
WindowsIdentity wi = WindowsIdentity.GetCurrent();
IntPtr iToken = wi.Token;
string domainName="";
string userName="";
if (wi.Name != null)
{
string curUser = wi.Name;
if (curUser.Length>0)
{
int sepIndex = curUser.IndexOf(@"\");
if (sepIndex>-1)
{
domainName = curUser.Substring(0,sepIndex);
int len = curUser.Length-domainName.Length;
if (len>0)
{
userName = curUser.Substring(sepIndex+1,len-1);
}
}
else //just in case , no domain
userName=curUser;
}
}
Thanks,
Kamal.
"Dominick Baier" wrote:
Where do you get the token from?
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
I am having invalid token, it cannot be duplicated error 70% of the
time on one machine. We are creating and validating the current
user. The following line of code raise exception.
System.Security.Principal.WindowsIdentity winIden=new
System.Security.Principal.WindowsIdentity(iToken);
Exception:
String Message = "LoginWI() Invalid token; it cannot be duplicated.
at
RtReports.Security.LocalAuthentication.CheckUserGroups(IntPtr
iToken,
StringCollection strGroupsCollection)
Any help is really appreciated.
Thanks,
Kamal
- Follow-Ups:
- Re: WindowsIdentity - Invalid token; it cannot be duplicated
- From: Dominick Baier
- Re: WindowsIdentity - Invalid token; it cannot be duplicated
- From: Joe Kaplan
- Re: WindowsIdentity - Invalid token; it cannot be duplicated
- References:
- Re: WindowsIdentity - Invalid token; it cannot be duplicated
- From: Dominick Baier
- Re: WindowsIdentity - Invalid token; it cannot be duplicated
- From: Dominick Baier
- Re: WindowsIdentity - Invalid token; it cannot be duplicated
- Prev by Date: WindowsIdentity and EDirectory
- Next by Date: limited account permission and writing to system areas?
- Previous by thread: Re: WindowsIdentity - Invalid token; it cannot be duplicated
- Next by thread: Re: WindowsIdentity - Invalid token; it cannot be duplicated
- Index(es):
Relevant Pages
|
