RE: confused about credentials in impersonation

From: Daniel Larson (www.portalbuilder.org) (daniel_at_larsontechnology.spamfree.com)
Date: 02/04/05 

Date: Fri, 4 Feb 2005 11:25:04 -0800

Don't modify the web.config impersonation tag... leave it on impersonate=true
unless you REALLY have a reason.

If you want to make a call (to a database, webservice, whatever) as the
application pool identity you can drop the impersonation like this:

WindowsImpersonationContext wic =
        WindowsIdentity.Impersonate(IntPtr.Zero);
try
{
        // do a call under the app pool identity here...
}
finally
{
        wic.Undo();
}

Using this approach you can impersonate the user and make db calls under a
known user and use Windows Authentication on your SQL Server or whatever
else, restricting access to the application's identity rather than the user's
identity.

Daniel Larson
http://www.portalbuilder.org

"silentsoldier" wrote:

> what kind of credential are passed for impersonating an account i am confused
> about credentials ie whose user name password and domain is required client's
> account or server's accounts or server's administration account or domain
> account can some one guide abt this issue

Relevant Pages

  • Re: SetPassword access denied
    ... safely invoke SetPassword etc..... ... impersonation or using the process token without impersonation) is NOT ... account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: VS.NET 2005 and the "allowDefinition=MachineToApplication" error
    ... Your description of impersonation is great. ... If you want to use the default configured account, eliminate that entry, or configure it as: ... The easiest way to assign correct permissions to all required directories is to run: ... I re-started IIS and tried to access my ASPX page again -- same ...
    (microsoft.public.dotnet.framework.aspnet)
  • [Full-disclosure] Maybe nothing so shady; depends on the motive.
    ... There may be no impersonation going on. ... attempted use of a disabled account would produce messages about "account foo login fail" ... SecureWorks was still reading email addressed to David Maynor. ...
    (Full-Disclosure)
  • Re: SetPassword access denied
    ... That said, I think one thing worth pointing out is that in both cases here, your code is supplying credentials to the DirectoryEntry constructor. ... the identity of the current thread (established either via impersonation or using the process token without impersonation) is NOT the account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: Impersonation
    ... impersonation, unless you actually need to be userX for some file operation, ... I also wonder why folks always talk about using a seperate account DB. ... I know the diference between IIS and WSE authentication mecanism. ... >>> where I need to check password in UsernameTokenManager for that I need ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
Loading