473,763 Members | 5,610 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Impersonating and Windows Authentication

Hi :-)

I'm having some trouble with LDAP and Active Directory on Win2k3

I use Windows Authentication and the code
System.Threadin g.Thread.Curren tPrincipal.Iden tity.Name gives me the correct
credentials when logged in.

When I create user in AD i get an error. I have 4 scenarioes - one work and
one don't. I'm very confused:

1) Does not work
- <identity impersonate="tr ue"/in web.config
- No impersonating by code
- No credentials are sent together with LDAP string [new
DirectoryEntry( "mypath")]

Error message: System.Runtime. InteropServices .COMException: An operations
error occurred.
- I can't read from AD

2) Does not work
- <identity impersonate="tr ue"/in web.config
- No impersonating by code
- Credentials are sent together with LDAP string [new
DirectoryEntry( "mypath", "username", "password", AuthenticationT ypes.Secure);]

Error message: An operations error occurred
- I can read from AD

3) Does not work
- <identity impersonate="fa lse"/in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
- No credentials are sent together with LDAP string

Exception Details: The specified directory service attribute or value does
not exist.
- I can't read from AD

4) Works!
- <identity impersonate="fa lse"/in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
Credentials are sent together with LDAP string [new DirectoryEntry( "mypath",
"username", "password", AuthenticationT ypes.Secure);]

What is the difference between <identity impersonate="tr ue"/in web.config
and manual code impersonation?

What is the correct approch for user to manage AD from asp.net loged in with
Windowd credentials ?

--

Jesus Loves You
Jun 27 '08 #1
1 3571
with ntlm there are two types of authentication tokens, primary and an
impersonation tokens. to access a network resource a primary token is
required as ntlm does not allow credential forwarding (one hop rule).

if you use ntlm in iis and <identity impersonate="tr ue"/in web.config, the
the client has the primary token, and the web server has only an
impersonation token. it can be used to access local resources but not network
resources.

if your code creates a login token, then it can be converted to primary and
access network resources. you can can also supply a username and password in
the web config and this will be a primary token.

you have a couple options:

1) set <identity impersonate="fa lse"/and make the app pool service account
a domain account.

2) set <identity impersonate="tr ue"/switch to kerberos (which supports
forwarding) and enable credentials forwarding on the web server and ad
server.

3) do impersonate in code like you are.

4) <identity impersonate="tr ue"
userName="domai n\account"
password="passw ord" />

-- bruce (sqlwork.com)
"subtile" wrote:
Hi :-)

I'm having some trouble with LDAP and Active Directory on Win2k3

I use Windows Authentication and the code
System.Threadin g.Thread.Curren tPrincipal.Iden tity.Name gives me the correct
credentials when logged in.

When I create user in AD i get an error. I have 4 scenarioes - one work and
one don't. I'm very confused:

1) Does not work
- <identity impersonate="tr ue"/in web.config
- No impersonating by code
- No credentials are sent together with LDAP string [new
DirectoryEntry( "mypath")]

Error message: System.Runtime. InteropServices .COMException: An operations
error occurred.
- I can't read from AD

2) Does not work
- <identity impersonate="tr ue"/in web.config
- No impersonating by code
- Credentials are sent together with LDAP string [new
DirectoryEntry( "mypath", "username", "password", AuthenticationT ypes.Secure);]

Error message: An operations error occurred
- I can read from AD

3) Does not work
- <identity impersonate="fa lse"/in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
- No credentials are sent together with LDAP string

Exception Details: The specified directory service attribute or value does
not exist.
- I can't read from AD

4) Works!
- <identity impersonate="fa lse"/in web.config
- I "code-imporsonates" with the _same credentials_ I use for login
Credentials are sent together with LDAP string [new DirectoryEntry( "mypath",
"username", "password", AuthenticationT ypes.Secure);]

What is the difference between <identity impersonate="tr ue"/in web.config
and manual code impersonation?

What is the correct approch for user to manage AD from asp.net loged in with
Windowd credentials ?

--

Jesus Loves You
Jun 27 '08 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
8
3708
Windows authentication
by: Bob Everland | last post by:
I have an application that is ISAPI and the only way to secure it is through NT permissions. I need to have a way to login to windows authentication so that when I get to the ISAPI application no boxes come up. I want an ASP page to sit between the user and the ISAPI application. The rest of my application is using authentication that is database driven and wouldn't want the users to know the userid and password. Is this possible? If so...
ASP / Active Server Pages
1
2134
Need to Change Developers Acct to Windows Authentication
by: sherkozmo | last post by:
I have my SQL 7.0 server set for Mixed security. I see now (finally) the advantages of having windows authentication security for windows groups. I do most of my developing in Access Projects which require a login of some type. I have been using my SQL login to develop with SQL and then when I give it to the user, I set the project to use Windows authentication. I want to be able to have Windows authentication on my domain account but...
Microsoft SQL Server
5
1774
Using Windows Authentication in ASP
by: John | last post by:
I am creating an application that I would like to have the user type in their User ID, password and domain, and it do Windows Authentication to verify they are a valid user. Can someone provide me with any assistance on this by sample code, or a pointer to a site that goes over this? Thanks. JR
ASP / Active Server Pages
4
6807
Intranet and Integrated Windows Authentication
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok. :)
ASP.NET
6
7554
Logout from windows authentication??
by: Kevin Yu | last post by:
is it possible to for user to click a logout button to logout and when the user want to get into the system again, the user have to login again? Kevin
ASP.NET
10
4064
Windows Authentication through Active Directory
by: Hriday | last post by:
Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to Pop up windows Authentication box so that user will give his userId, Password & domain name for authenticaion. After that I want to take these three info of user and make a search in Active Directory.
Visual Basic .NET
7
3029
Windows authentication from ASP.net application to Sql Server
by: Alice Wong | last post by:
I am setting up my Web ASP.net application to connect to Sql server using windows authentication. I set up IIS to have integrated windows authenication and sql to allow Windows authentication. And I trun annonymous login. I use this connection to connect. server={0};database={1};Integrated Security=SSPI where {0} servname and {1} database name
ASP.NET
3
13806
About the web service using Integrated windows authentication
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:
Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web service run in an application pool which runs under a domain user, this domain user has permissions of accessing database and the connection to database is trusted connection. All these work well. The web application will be used in internet (not...
.NET Framework
5
12581
Vista IIS7 write access denied only with windows authentication
by: DotNetDanny | last post by:
Hello Machine: Windows Vista Business, standalone machine (no domain). Installed an old classic ASP webapplication in IIS7, running under a new app.pool with 'NETWORK SERVICE' account (using existing app.pool gives same results). This webapplication tries to write to a log file. Used Process Monitor (from Sysinternals) for monitoring purposes. Logged in to my machine as 'MYPC\danny', a local account that's a member of the administrators...
IIS / Internet Information Server
0
9563
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9386
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10144
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9997
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
8821
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5270
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5405
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
3
3522
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2793
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us