RE: how to have component run in security context of windows user?

From: Tian Min Huang (timhuang_at_online.microsoft.com)
Date: 04/08/04

Next message: MJ: "anyone can provide simple code for printing??VB.NET"
Previous message: Evan Freeman[C++ Samuri]: "Re: remote web server"
In reply to: dave: "how to have component run in security context of windows user?"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 08 Apr 2004 07:35:12 GMT

Hello Dave,

Thanks for your post. As I understand, you want to impersonate a user in
your ASP .NET Web application in order to updates an individual's active
directory information. Please correct me if there is any misunderstanding.
Based on my experience and research, you will need to perform the following
steps:

1. Make sure that the ASP .NET Process Identity is set to System. The
Machine.config file looks like below:
   <system.web>
       <processModel enable="true"
                     userName="System"
                     password="AutoGenerate"/>
   </system.web>

The following MSDN article describes ASP.NET Process Identity in detail:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconConfiguringASPNETProcessIdentity.asp

2. Go to "Control Panel" -> "Administrative Tools" -> "Internet Information
Services Manager", choose the corresponding Web Site, open its Properties
page, choose "Directory Security", uncheck "Enable anonymous access" in
"Authentication and access control".

3. Impersonate the authenticating user in your code:

        Dim impersonationContext As
System.Security.Principal.WindowsImpersonationContext
        Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

        currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
        impersonationContext = currentWindowsIdentity.Impersonate()

        'Insert your code that runs under the security context of the
authenticating user here.

        impersonationContext.Undo()

Please refer to the following KB article for detailed information:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?ID=306158

Please check it on your side, and let me know the result.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Next message: MJ: "anyone can provide simple code for printing??VB.NET"
Previous message: Evan Freeman[C++ Samuri]: "Re: remote web server"
In reply to: dave: "how to have component run in security context of windows user?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Anonymous connection to a remote server
... I think it's OK since ASP will impersonate the authenticated user by ... we can still keep the IIS's anonymous account as a ...
(microsoft.public.sqlserver.connect)
Under which credentials COM makes calls from another process?
... ASP. ... Is it possible somehow to execute all the methods under specific ... Impersonate() and Revertwhich impersonate current ...
(microsoft.public.platformsdk.security)
Under which credentials COM makes calls from another process?
... ASP. ... Is it possible somehow to execute all the methods under specific ... Impersonate() and Revertwhich impersonate current ...
(microsoft.public.win2000.developer)
Under which credentials COM makes calls from another process?
... ASP. ... Is it possible somehow to execute all the methods under specific ... Impersonate() and Revertwhich impersonate current ...
(microsoft.public.windows.server.security)