Under which credentials COM makes calls from another process?

From: Antonio (antoniopassado_at_hotmail.com)
Date: 07/07/04

• Next message: Jonathan Cossio: "Re: User log on lock out policy does not function correctly in 2003"
• Previous message: Arek Iskra [MVP]: "Re: have no one be able to delete parent folder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 7 Jul 2004 15:54:10 +0200

Hello everybody,

We are trying to access some objects hosted by our service application from
ASP (IIS). Is it possible somehow to execute all the methods under specific
user account? NOTE: We can not put impersonation code into each method, we
want to be able to impersonate once in ASP, call required methods on
required objects and then revert if needed. How can this be implemented?

In our service application we also have access to objects that represent
clients connections authenticated via SSPI. Those objects have methods
Impersonate() and Revert() (accessible from ASP) which impersonate current
thread with the credentials of particular authenticated client and revert
this impersonation appropriately. Can we use these methods somehow for
described above scenario? It seems that when we just call Impersonate() we
impersonate a thread inside our application's process but we can not be sure
that the next call will be executed in exactly the same thread. Therefore we
see that sometimes following calls are executed under SYSTEM account and
sometimes under authenticated one.

A relative question: when COM marshals call from one process to another,
does it also save somehow information under whose credentials this call was
made? Can we for example impersonate thread inside ASP and make a COM call
from it?

Thanks in advance,
Antonio

---

• Next message: Jonathan Cossio: "Re: User log on lock out policy does not function correctly in 2003"
• Previous message: Arek Iskra [MVP]: "Re: have no one be able to delete parent folder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Under which credentials COM makes calls from another process? ... ASP. ... Is it possible somehow to execute all the methods under specific ... Impersonate() and Revertwhich impersonate current ... (microsoft.public.platformsdk.security) Under which credentials COM makes calls from another process? ... ASP. ... Is it possible somehow to execute all the methods under specific ... Impersonate() and Revertwhich impersonate current ... (microsoft.public.win2000.developer) Re: Anonymous connection to a remote server ... I think it's OK since ASP will impersonate the authenticated user by ... we can still keep the IIS's anonymous account as a ... (microsoft.public.sqlserver.connect) RE: how to have component run in security context of windows user? ... your ASP .NET Web application in order to updates an individual's active ... Make sure that the ASP .NET Process Identity is set to System. ... Impersonate the authenticating user in your code: ... (microsoft.public.dotnet.general) RE: Impersonate Global.asax ... impersonate a specific user to execute this code but there is no setting. ... If you want to impersonate a specific user please see the following KB ... This posting is provided “AS IS” with no warranties, and confers no rights. ... >>special access rights to specific resources on the server. ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)