RE: Pass through Windows Identity to Web Service
- From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
- Date: Fri, 16 Nov 2007 04:29:09 GMT
Hi Noremac,
For your scenario, you need to pass the windows identity from the ASP.NET
application to the webservice application without enable impersonate in
ASP.NET web application ,correct?
I assume that your web application and webservice are on the same server
machine(other wise, we can not forward client authenticated user token
across multiple machine boundary--- double hop).
Then, if you do not to imperonate your ASP.NET application through
<web.config>, you can consider the following means:
**use programmatic impersonate. Thus, you can put impersonate code only at
the function where you'll call the webservice. Since you've used "windows"
authentication in ASP.NET web app, you can use the authenticated user
identity(through Context.User.Identity) to perform the impersonate. Here
are two articles that may help you:
#How To: Use Windows Authentication in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998358.aspx
#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998351.aspx
How do you think?
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: =?Utf-8?B?Tm9yZW1hYw==?= <Noremac@xxxxxxxxxxxxxxxxx>
Subject: Pass through Windows Identity to Web Service
Date: Thu, 15 Nov 2007 11:25:04 -0800
it
I have a web site. It's business layer is accessed through another web
service. Both are hosted on IIS.
When this application is deployed on the intranet, we have people access
through their AD accounts. Ideally, we want to pass the Windows Identitythat
is accessing the website through to the business web service layer. Theweb
service layer then grabs the roles from AzMan and returns a customidentity
class (that implements IIdentity).the
The problem I am having is that both the web site and web service have to
have <identity impersonate="true" /> in order for the web service to get
client's identity. We don't want the web site to use the client identity.We
want the web site to run under ASPNET / Network Service (i.e. the identity
assigned for the App Pool).
.
- Follow-Ups:
- RE: Pass through Windows Identity to Web Service
- From: Steven Cheng[MSFT]
- RE: Pass through Windows Identity to Web Service
- Prev by Date: RE: Is soap client proxy that wsdl.exe generates thread safe?
- Next by Date: Re: Is soap client proxy that wsdl.exe generates thread safe?
- Previous by thread: Is soap client proxy that wsdl.exe generates thread safe?
- Next by thread: RE: Pass through Windows Identity to Web Service
- Index(es):
Relevant Pages
|
