Re: confused about credentials in impersonation

From: Andre Strik (anonymous_at_newgroups.microsoft.com)
Date: 02/04/05 

Date: Fri, 4 Feb 2005 14:28:26 -0000

As in a traditional ASP.Net application the logged in user making the
request from the web browser is the principle that is impersonated.
Therefore when you do something like HttpContext.User.Identity.Name in your
code you will be returned the name of the currently logged in user making
the request. In order for this to work you must have the following setting
in your web.config file:

<identity impersonate="true"/>

If impersonation is not turned on then the user credentials that will be
accessing your app is the anonymous user that is defined for your virtual
directory.

However having something like the following in your web.config file will not
only ensure impersonation is on, but also any services that run under the
application are accessed with those credentials, an example might be where
the user WebUserLogon in the Domain is the principle used when making
connections to a database.

<identity impersonate="true" userName="WebApps\WebUserLogon"
password="pass01"/>

Therefore the user accessing your database for example will be
WebApps\WebUserLogon, but the user accessing your site is the currently
logged in user.

"silentsoldier" <silentsoldier@discussions.microsoft.com> wrote in message
news:2E67F350-999B-4219-8A05-2C3DC116B5D9@microsoft.com...
> what kind of credential are passed for impersonating an account i am
confused
> about credentials ie whose user name password and domain is required
client's
> account or server's accounts or server's administration account or domain
> account can some one guide abt this issue

Relevant Pages

  • Re: SetPassword access denied
    ... That said, I think one thing worth pointing out is that in both cases here, your code is supplying credentials to the DirectoryEntry constructor. ... the identity of the current thread (established either via impersonation or using the process token without impersonation) is NOT the account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Login failure when using ActiveDirectoryMembershipProvider
    ... The AD membership provider disables impersonation when it does its DS ... default credentials, you need to change the credentials in your processModel ... in machine.config to a domain account for testing purposes. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.NET and integrated Authentication
    ... credentials when using impersonation unless you enable kerberos ... The credentials make one hop from the browser to a remote ... application uinder a domain account instead of the local ASPNET ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows authentication for web service client??
    ... I have a web service that make a webDav request to Exchange. ... I have impersonation on but when I use the defaultCredentials in the web ... credentials have rights to make this request and I'm at my wits end trying ... >>> The ASPNET account is a local account, so the other machine or domain ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: SetPassword access denied
    ... safely invoke SetPassword etc..... ... impersonation or using the process token without impersonation) is NOT ... account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services ...
    (microsoft.public.windows.server.active_directory)