RE: Pass through Windows Identity to Web Service

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Noremac,

Have you got any further idea on this issue? If you need any other help,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.




--------------------
From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
Organization: Microsoft
Date: Fri, 16 Nov 2007 04:29:09 GMT
Subject: RE: Pass through Windows Identity to Web Service


Hi Noremac,

For your scenario, you need to pass the windows identity from the ASP.NET
application to the webservice application without enable impersonate in
ASP.NET web application ,correct?

I assume that your web application and webservice are on the same server
machine(other wise, we can not forward client authenticated user token
across multiple machine boundary--- double hop).

Then, if you do not to imperonate your ASP.NET application through
<web.config>, you can consider the following means:

**use programmatic impersonate. Thus, you can put impersonate code only at
the function where you'll call the webservice. Since you've used "windows"
authentication in ASP.NET web app, you can use the authenticated user
identity(through Context.User.Identity) to perform the impersonate. Here
are two articles that may help you:

#How To: Use Windows Authentication in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998358.aspx

#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998351.aspx

How do you think?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#noti
f
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.








--------------------
From: =?Utf-8?B?Tm9yZW1hYw==?= <Noremac@xxxxxxxxxxxxxxxxx>
Subject: Pass through Windows Identity to Web Service
Date: Thu, 15 Nov 2007 11:25:04 -0800


I have a web site. It's business layer is accessed through another web
service. Both are hosted on IIS.

When this application is deployed on the intranet, we have people access
it
through their AD accounts. Ideally, we want to pass the Windows Identity
that
is accessing the website through to the business web service layer. The
web
service layer then grabs the roles from AzMan and returns a custom
identity
class (that implements IIdentity).

The problem I am having is that both the web site and web service have to
have <identity impersonate="true" /> in order for the web service to get
the
client's identity. We don't want the web site to use the client identity.
We
want the web site to run under ASPNET / Network Service (i.e. the
identity
assigned for the App Pool).






.

Relevant Pages

  • Re: strange security role issue
    ... BTW, If you by any chance receive some feedback form about us, ... Microsoft MSDN Online Support Lead ... As for the authorization, here is the setting (from web.config in the ...
    (microsoft.public.vsnet.general)
  • Re: DIME WSE 2.0 in .NET 2.0
    ... \par Microsoft MSDN Online Support Lead ... We do not have any control over the web services, ... \par support DIME in WSE 3.0? ... \par> Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WCF webservice over SSL and without
    ... \par Microsoft MSDN Online Support Lead ... \par Subject: Re: WCF webservice over SSL and without ... this is just https that's the problem... ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: WCF webservice over SSL and without
    ... this is just https that's the problem... ... \par> Based on my research, for IIS hosted WCF environment, it will be hard to ... \par> Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: WCF webservice over SSL and without
    ... The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support ... \par> Microsoft MSDN Online Support Lead ... \par> Subject: Re: WCF webservice over SSL and without ... Yes I am going to use the IIS method and I do have it ...
    (microsoft.public.dotnet.framework.webservices)