Re: NT based roles using forms authentication

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Scott Allen (bitmask_at_[nospam)
Date: 08/13/04 

Date: Fri, 13 Aug 2004 11:27:53 -0400

Hi Sharat:

I'm not sure what the requirements are for your application, but I'm
thinking you could save yourself a good deal of code if you let
Windows manage the authentication and impersonation with a web.config
along the lines of:

<system.web>
    <authentication mode="Windows"/>
    <identity impersonate="true"/>
    <authorization>
        <deny users="?"/>
        <allow users="*"/>
    </authorization>
 </system.web>

This will avoid you having to use LogonUser in your code. If you do go
this way - you need to use the token given out by LogonUser to do the
impersonation, and pass the token to CloseHandle for proper cleanup
afterwards. 

--
Scott
http://www.OdeToCode.com
On 13 Aug 2004 08:12:33 -0700, sharat.koya@addenbrookes.nhs.uk (Sharat
Koya) wrote:
>Please can you help with a problem I am having.
>
>My web config is set to...
><authorization><deny users="?"/>
><authentication mode="Forms"> 
><forms name=".COOKIE" loginUrl="login.aspx" protection="All"
>timeout="5" path="/"/>
></authentication>
><identity impersonate="true"/>
>
>login.aspx uses advapi32.dll to create the token and authenticate the
>user
>using the code..
>if(LogonUser(TextBoxUsername.Text,
>				"HILLSRD",
>				TextBoxPassword.Text,
>				LOGON32_LOGON_INTERACTIVE,
>				LOGON32_PROVIDER_DEFAULT,
>				ref token) != 0)
>			{	
>				
>				FormsAuthentication.RedirectFromLoginPage(TextBoxUsername.Text,
>CBoxRememberMe.Checked);
>				
>			}
>
>but when I want to enable NT group security but when I go to access
>User.IsInRole   it always returns false? I digged a little deeper by
>live debugging and found that m_roles array is always empty. What am I
>doing wrong - why aren't the roles avaialble that are on the domain?
>
>
>many thanks for any help on this.
>
>Sharat Koya

Relevant Pages

  • Re: NT based roles using forms authentication
    ... them selves and change between users without logging off the account. ... > Windows manage the authentication and impersonation with a web.config ... > This will avoid you having to use LogonUser in your code. ... >>Sharat Koya ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How to use WindowsPrincipal properly??
    ... the administrators in the computer e.g. win2k ... I am basically confused with the role base authentication and the ... impersonation, not sure what exactly is the difference. ... > string ONLY returns the string "Administrator", ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: impersonation problem - any good resources ?
    ... "The LogonUser function attempts to log a user on to the local computer. ... > allow ' proper execution presents a security risk. ... > Imports System.Runtime.InteropServices ... It seems to me that it means that if the impersonation took, ...
    (microsoft.public.dotnet.security)
  • Re: System.IO.Directoryinfo throwing exception
    ... With basic authentication and impersonation you need to ... use a domain account which can delegate and you can check how to mark your ... ASP.NET MVP ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Access denied ( From one site to another, that is in another server)
    ... server. ... you can implement impersonation through code and revert ... This posting is provided "AS IS", with no warranties, and confers no rights. ... | Integrated Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)