Re: Impersonation in ASP.NET

From: Raterus (moc.liamtoh_at_suretar.reverse)
Date: 10/20/04 

Date: Wed, 20 Oct 2004 16:17:21 -0400

You have to configure basic authentication in IIS, find the page you are referring to, right-click properties, directory security tab.

"Bonj" <benjtaylor at hotpop d0t com> wrote in message news:eqL2aAutEHA.2804@TK2MSFTNGP14.phx.gbl...
> I've done the 'impersonate with code' bit, but I can't figure out the "make
> the page set up for basic authentication" bit. Any ideas? I mean, what do I
> actually need to configure other than the code I've already written?
>
> The interface does collect their username and password, but it isn't buggy
> because it doesn't store it in session variables, the query string or any
> other form of memory other than the stack.
>
> "Raterus" <moc.liamtoh@suretar.reverse> wrote in message
> news:uA7WcNstEHA.2624@TK2MSFTNGP11.phx.gbl...
> Don't cross post..aspnet.security is the only appropriate group you needed
> to post to.
>
> One thing that should work is to make the page that performs this operation
> set up for "basic authentication", they will be authenticated on IIS first,
> then if this takes place, impersonate with code using the shorter method
> found here. http://support.microsoft.com/default.aspx?scid=kb;en-us;306158
> I don't see why it wouldn't work, and you also won't have to worry about
> coding a potentially buggy interface to gather their username/password.
>
>
> "Bonj" <Bonj@discussions.microsoft.com> wrote in message
> news:AAB3C9B0-4126-479E-B970-56B239C45801@microsoft.com...
> > Hi
> > I would like to know how to use impersonation, in order to write to a file
> > on a network share.
> > The user will be logging on to this web app, and will then click a button
> > which will write to a file on the network share. Currently though, I am
> > getting permissions errors. I don't want to set identity impersonate =
> > "true"
> > because I gather that exposes security weaknesses. Rather, I would like
> > the
> > user to have to actually enter their windows password. I would then call
> > an
> > impersonate method, and then try to do it. But it is not working at the
> > moment, I suspect due to permissions.
> >
> > Here is the code used to impersonate:
> > Public Function Impersonate(ByVal UserName As String, ByVal Domain As
> > String, ByVal Password As String) As Boolean
> > Dim tempWindowsIdentity As WindowsIdentity
> > Dim token As IntPtr
> >
> > Dim tokenDuplicate As IntPtr
> > If LogonUser(UserName, Domain, Password, LOGON32_LOGON_INTERACTIVE, _
> > LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> > tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> > impersonationContext = tempWindowsIdentity.Impersonate()
> >
> > Return Not (impersonationContext Is Nothing)
> > End If
> > End If
> > End Function
> >
> > (written in VB.NET, but equally in C#)
> >
> > Running the same code to write to the text file in a windows forms
> > application works fine.
> > This throws a permissions error in ASP.NET, even though the impersonation
> > method appears to be successful.
> >
> > Any help much appreciated
> >
> > Thanks
>
>