Re: WindowsIdentity - Invalid token; it cannot be duplicated
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Mar 2007 12:22:37 +0000 (UTC)
Some things strike me odd...
First - you are using WindowsIdentity.GetCurrent() - this implies you are using client impersonation (and also that your code will only work with that setting) - you can always get to the authenticated client name by using Context.User.Identity.Name.
This also means - why do you have to factor that out? The client information is always available..
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Dominik,
Because the login method will be used by asp.net application and also
used
by sharepoint webpart to access some webservice calls, we splited into
two.
So, the login method is common and before that we received the Token,
we are passing the token to Login method and it tries to get the
Priniciple.
Sequence is:
1. SharepointLogin() using
WindowsIdentity wi = WindowsIdentity.GetCurrent();
IntPtr iToken = wi.Token;
and passing this token to LogInUser() method fo Global.ascx.
2. static internal void LogInUser(System.Web.HttpApplication appState,
IntPtr iToken, string domainName, string userName)
which internally calls another method to retreive valid groups list
by passing the iToken again.
3. public string CheckUserGroups(IntPtr iToken, StringCollection
strGroupsCollection)
which uses the following.
System.Security.Principal.WindowsIdentity winIden=new
System.Security.Principal.WindowsIdentity(iToken);
This is where the "Invalid token" problem happens.
I can create a sample application if you like.
Please let me know if there is any best way to accomblish this one.
Thanks
Kamal
"Dominick Baier" wrote:
Hi,
well - frankly, i don't understand what you are doing...
and why do you have to pass tokens around??
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
Hi Domnic,
Thanks for your response. Here the code from Login() webmethod and
the same token will be passed to another method which has the actual
problem.
WindowsIdentity wi = WindowsIdentity.GetCurrent();
IntPtr iToken = wi.Token;
string domainName="";
string userName="";
if (wi.Name != null)
{
string curUser = wi.Name;
if (curUser.Length>0)
{
int sepIndex = curUser.IndexOf(@"\");
if (sepIndex>-1)
{
domainName = curUser.Substring(0,sepIndex);
int len = curUser.Length-domainName.Length;
if (len>0)
{
userName = curUser.Substring(sepIndex+1,len-1);
}
}
else //just in case , no domain
userName=curUser;
}
}
Thanks,
Kamal.
"Dominick Baier" wrote:
Where do you get the token from?
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
I am having invalid token, it cannot be duplicated error 70% of
the time on one machine. We are creating and validating the
current user. The following line of code raise exception.
System.Security.Principal.WindowsIdentity winIden=new
System.Security.Principal.WindowsIdentity(iToken);
Exception:
String Message = "LoginWI() Invalid token; it cannot be
duplicated.
at
RtReports.Security.LocalAuthentication.CheckUserGroups(IntPtr
iToken,
StringCollection strGroupsCollection)
Any help is really appreciated.
Thanks,
Kamal
.
- Follow-Ups:
- References:
- Prev by Date: Re: what encoding does system.xml.xmldocument.save(string path) use to save the xml document if there is no <?xml... in the front of the xml document?
- Next by Date: RijndaelManaged's question, how can I encrypt text more than 16bytes
- Previous by thread: Re: WindowsIdentity - Invalid token; it cannot be duplicated
- Next by thread: Re: WindowsIdentity - Invalid token; it cannot be duplicated
- Index(es):
Relevant Pages
|
