RE: impersonation

---

• From: "Salvador" <Salvador@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 18 Apr 2005 03:01:08 -0700

---

Hi,

There are several ways:

1)if you are using IIS5.1 you can change the user that is impersonate on the
webservice, you can go to the machine.config file and remove the default
ASPNET user, this has some implications related to security, because it will
change the default user for all your sites on the server. (This is not the
account that the client will use, that is a different layer and will still
use IUSR_MachineName). If you want to do it per website you can paste that
code on your web.config file (note: I haven't tried this, I know that some
properties can be set on the web.config but others are ignored and read it
from machine.config, check the help for this)

2)If you are using IIS6 you can easily change that on the website
properties, so its per website, same behaviour as above.

3)If you are going to impersonate remember that only works on Wind2K3 and
XP, for Win2K you need to change the policy settings in order to do this
opening a whole on the security environment.

I prefer the option 1 cause I have more control, but check your requirements
and choose your best approach.

Best regards
Salva



"Ohad Young" wrote:

> Hi,
>
> I need to connect to a remote SQL server from a webservice. The webservice
> (IIS) and SQL server are running on different machines. I'd like to use
> windows authentication rather than SQL one.
> How can I achieve this? through impersonation? what are the implications of
> using impersonation? is there a better way?
>
> Thanks, Ohad
>
> --
> Ohad Young
> Medical Informatics Research Center
> Ben Gurion University
> Information System Eng
> Office Phone: 972-8-6477160
> Cellular Phone: 972-54-518301
> E-Mail: ohadyn@xxxxxxxxxxxxxxxxx
>
>
>
.

---

• Follow-Ups:
  • RE: impersonation
    • From: Ohad Young

• References:
  • impersonation
    • From: Ohad Young

• Prev by Date: RE: Dynamic CacheDuration
• Next by Date: Re: Calling a batch file from a web service
• Previous by thread: impersonation
• Next by thread: RE: impersonation
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: client impersonation ... While you are able to retrieve the login names of all current ... Why not create a simple client autostart ... tool that makes a request to the webservice with the user's login ... impersonate the client user to have the appropriate rights on the ... (microsoft.public.win32.programmer.tapi) RE: Pass through Windows Identity to Web Service ... you need to pass the windows identity from the ASP.NET ... I assume that your web application and webservice are on the same server ... **use programmatic impersonate. ... Microsoft MSDN Online Support Lead ... (microsoft.public.dotnet.framework.aspnet.webservices) Re: anonymous access + impersonation ... You have to enable Windows integrated auth and disable anonymous access in IIS ... - configure the webservice to run as anonymous access, ... but then Impersonate() doesnt work. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Credentials being lost between servers - out of ideas! ... set the webservice to authenticate using Windows auth, ... You have setup the webservice to impersonate using windows auth. ... The same error message is ... (microsoft.public.dotnet.framework.aspnet.security) Re: Impersonation ASPNET SQL Server ... I think you need to impersonate those user accounts in asp.net ... !Subject: Re: Impersonation ASPNET SQL Server ... Authentication, and Secure Communication is just one ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.webservices  > 2005-04