Re: Impersonation

From: richlm (rich_lm_at_h0tmai1.com)
Date: 03/17/04

Next message: Jason Shohet: "Astra QuickTest or Rational Robot for asp.net?"
Previous message: hb: "Re: How to disable autocomplete in Text box"
In reply to: Willy Denoyette [MVP]: "Re: Impersonation"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 17 Mar 2004 21:34:30 +0100

Yes - I agree. Thanks Willy! That sentence 'If you impersonate on the main
thread...' is totally wrong/misleading.
The main thread gets the identity of the process initially; if you
impersonate on the main thread only the main thread - not the process -
impersonates.

Chris - it just occurred to me you are expecting a user to be logged on -
but a service can be running with no user logged on (or >1 user remotely on
a server).
Would another design perspective be to start a separate process when the
user logs on (which will automatically run in the context of the user) and
have that communicate with the service? That way you don't have to fiddle
around with trying to impersonate the logged-on user from your windows
service.

Richard.

"Willy Denoyette [MVP]" <willy.denoyette@pandora.be> wrote in message
news:efmaPODDEHA.3024@tk2msftngp13.phx.gbl...
> This is not true, when impersonating, only the calling thread (whatever
> thread that may be) uses the impersonating security token, you can never
> change the process security context once a process is started.
>
> Willy.
>
> "richlm" <rich_lm@h0tmai1.com> wrote in message
> news:u9mRPs5CEHA.2560@TK2MSFTNGP12.phx.gbl...
> > Impersonation happens at the thread level.
> > If you impersonate on the main thread, you are effectively impersonating
> > the
> > process.
> > But if you spawn a new thread (System.Threading) and impersonate there,
> > your
> > main thread should remain in the original context.
> > As far as I know you can't do this directly by appdomain.
> >
> > Hope this helps.
> > Richard.
> >
>
>

Next message: Jason Shohet: "Astra QuickTest or Rational Robot for asp.net?"
Previous message: hb: "Re: How to disable autocomplete in Text box"
In reply to: Willy Denoyette [MVP]: "Re: Impersonation"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: How to Stop a Service From Impersonating Other Users
... The service is set up to run with a user's context. ... take the returned context and run in that context through the impersonate ... infrastructure and that are configured to run under a specific account" ... > find is that when an account logs into the machine, ...
(microsoft.public.windows.server.security)
Re: How to Stop a Service From Impersonating Other Users
... off something running in that user context, ... > take the returned context and run in that context through the impersonate ... > and lets users authenticate using their normal domain accounts. ... > infrastructure and that are configured to run under a specific account" ...
(microsoft.public.windows.server.security)
Re: Security Challenge: Runtime impersonation without calling LogonUse
... Dim context as windowsimpersonationcontext ... I'd> like to impersonate the person making the request at RUNTIME instead of> specifying impersonate="true" in the web.config. ... > Does anyone know how I can get the requesting user's userToken to pass to> the Impersonate method of the ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Impersonation problem in Sharepoint 2007
... tested a lot of things to impersonate our current user but nothing ... Impersonate method with RevertToSelf: ... WindowsIdentity impersonatedUserIdentity = ... the WindowsIdendity associated to the context ...
(microsoft.public.sharepoint.portalserver.development)
Impersonating IIS User in Global.asax methods
... I am attempting to impersonate as the IIS user in the Global.asax ... Richard ...
(microsoft.public.dotnet.framework.aspnet.security)