472,353 Members | 1,028 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

home > topics > asp.net > questions > impersonating and logonuser

Join Bytes to post your question to a community of 472,353 software developers and data experts.

impersonating and LogonUser

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account
(I cannot use Windows authentication). If I obtain a token
with LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonation
finishes. When the response re-starts i.e. page is loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.
Nov 18 '05 #1
7 2286
Jason,

I'm not really sure how long that token persists. However, I certainly
wouldn't implement your functionality in this way. Instead, why not just
use Forms Authentication and authenticate against Active Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198854
NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account
(I cannot use Windows authentication). If I obtain a token
with LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonation
finishes. When the response re-starts i.e. page is loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


Nov 18 '05 #2
I actually do that. The problem is that I need to perform
operations on the Active Directory as the logged on user.
Which means I need to either pass the logged on user name
and password to the DirectoryEntry object or impersonate -
that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists. However, I certainlywouldn't implement your functionality in this way. Instead, why not justuse Forms Authentication and authenticate against Active Directory?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198854NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account(I cannot use Windows authentication). If I obtain a tokenwith LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonationfinishes. When the response re-starts i.e. page is loaded,the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


.

Nov 18 '05 #3
Jason,

Do you need to impersonate a specific user just during the execution of a
particular code block? If not and you really just need to ensure that the
app runs under the context of the currently logged on user, you simply need
to deny access to unauthenticated users via the web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 09:41:16 -0800
Lines: 67
Message-ID: <06****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO/CAi0MD771MWTeW4DDpNCftk0g==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198905
NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I actually do that. The problem is that I need to perform
operations on the Active Directory as the logged on user.
Which means I need to either pass the logged on user name
and password to the DirectoryEntry object or impersonate -
that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.

However, I certainly
wouldn't implement your functionality in this way.

Instead, why not just
use Forms Authentication and authenticate against Active

Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:198854NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windowsaccount(I cannot use Windows authentication). If I obtain atokenwith LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, theimpersonationfinishes. When the response re-starts i.e. page isloaded,the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


.


Nov 18 '05 #4
Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication is
selected.

I have to use forms authentication but I validate the user
logging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during the execution of aparticular code block? If not and you really just need to ensure that theapp runs under the context of the currently logged on user, you simply needto deny access to unauthenticated users via the web.config and enableimpersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
I actually do that. The problem is that I need to performoperations on the Active Directory as the logged on user.Which means I need to either pass the logged on user nameand password to the DirectoryEntry object or impersonate -that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.

However, I certainly
wouldn't implement your functionality in this way.

Instead, why not just
use Forms Authentication and authenticate against Active
Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
I have an ASP.NET application with forms

authentication.However, the login details correspond to a Windows

account
(I cannot use Windows authentication). If I obtain a

token
with LogonUser, can I store it in a session variable andperform an impersonation on each page load? How long isthat token valid? If I do an impersonation on each pageload but never an Undo, will it cause problems?

I think that once the response finishes, the

impersonation
finishes. When the response re-starts i.e. page is

loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.
.


.

Nov 18 '05 #5
Jason,

Your understanding of impersonation is correct. The WindowsIdentity in
your case of Forms authentication will be the process account. The
HttpContext.Current.User.Identity will be your user authenticated via Forms
auth. I'm not sure how long the token will be valid before it is expired.
I do know that we timestamp the token for the purposes of preventing
improper token reuse.

I would definitely not take this route however. First of all, there is an
ASP.NET issue whereby an impersonated thread that is returned to the
threadpool without having had RevertToSelf() called is going to retain its
impersonated identity. As soon as someone else grabs that thread from the
pool, it will run under the context of the original user. This is
obviously a bad thing. Therefore, you should ALWAYS undo the
impersonation. (This is a developing issue, so I don't have many
specifics.)

The other thing is just general security practice. You want to minimize
your exposure surface to any attacks. It would then make logical sense
that you would only want to run under elevated priviledges when necessary.
Therefore, a much better option for you would be to store the username and
password in the FormsAuthenticationTicket when it's created and then use
that information to call LogonUser when necessary.

This assumes that you are following our recommendation of encrypting the
ticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198969
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication is
selected.

I have to use forms authentication but I validate the user
logging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during

the execution of a
particular code block? If not and you really just need

to ensure that the
app runs under the context of the currently logged on

user, you simply need
to deny access to unauthenticated users via the

web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.

--------------------
I actually do that. The problem is that I need toperformoperations on the Active Directory as the logged onuser.Which means I need to either pass the logged on usernameand password to the DirectoryEntry object orimpersonate -that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.
However, I certainly
wouldn't implement your functionality in this way.
Instead, why not just
use Forms Authentication and authenticate againstActiveDirectory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
>I have an ASP.NET application with formsauthentication.>However, the login details correspond to a Windows
account
>(I cannot use Windows authentication). If I obtain a
token
>with LogonUser, can I store it in a session variableand>perform an impersonation on each page load? How longis>that token valid? If I do an impersonation on eachpage>load but never an Undo, will it cause problems?
>
>I think that once the response finishes, the
impersonation
>finishes. When the response re-starts i.e. page is
loaded,
>the impersonation can be manually restarted without
>problems. I'm not sure about the lifetime of the token.
>

.


.


Nov 18 '05 #6
Thanks for your help.
I am going to store the password in the encrypted forms
authentication ticket and only impersonate where
neccessary.
-----Original Message-----
Jason,

Your understanding of impersonation is correct. The WindowsIdentity inyour case of Forms authentication will be the process account. TheHttpContext.Current.User.Identity will be your user authenticated via Formsauth. I'm not sure how long the token will be valid before it is expired. I do know that we timestamp the token for the purposes of preventingimproper token reuse.

I would definitely not take this route however. First of all, there is anASP.NET issue whereby an impersonated thread that is returned to thethreadpool without having had RevertToSelf() called is going to retain itsimpersonated identity. As soon as someone else grabs that thread from thepool, it will run under the context of the original user. This isobviously a bad thing. Therefore, you should ALWAYS undo theimpersonation. (This is a developing issue, so I don't have manyspecifics.)

The other thing is just general security practice. You want to minimizeyour exposure surface to any attacks. It would then make logical sensethat you would only want to run under elevated priviledges when necessary. Therefore, a much better option for you would be to store the username andpassword in the FormsAuthenticationTicket when it's created and then usethat information to call LogonUser when necessary.

This assumes that you are following our recommendation of encrypting theticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl>

<#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198969NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication isselected.

I have to use forms authentication but I validate the userlogging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during

the execution of a
particular code block? If not and you really just need

to ensure that the
app runs under the context of the currently logged on

user, you simply need
to deny access to unauthenticated users via the

web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.

--------------------
I actually do that. The problem is that I need to

perform
operations on the Active Directory as the logged on

user.
Which means I need to either pass the logged on user

name
and password to the DirectoryEntry object or

impersonate -
that way, if the logged on user does not have the right,the operation fails.

Unless there is another way?
>-----Original Message-----
>Jason,
>
>I'm not really sure how long that token persists.
However, I certainly
>wouldn't implement your functionality in this way.
Instead, why not just
>use Forms Authentication and authenticate against

Active
Directory?
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Microsoft Product Support Services
>ASP.NET Developer Support
>
>This post is provided "as-is" and confers no rights.
>
>
>--------------------
>>I have an ASP.NET application with forms

authentication.
>>However, the login details correspond to a Windows
account
>>(I cannot use Windows authentication). If I obtain a
token
>>with LogonUser, can I store it in a session variable

and
>>perform an impersonation on each page load? How long

is
>>that token valid? If I do an impersonation on each

page
>>load but never an Undo, will it cause problems?
>>
>>I think that once the response finishes, the
impersonation
>>finishes. When the response re-starts i.e. page is
loaded,
>>the impersonation can be manually restarted without
>>problems. I'm not sure about the lifetime of the token.>>
>
>.
>
.


.

Nov 18 '05 #7
Hi Jason,

Very good. Post back if you encounter problems.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
<01****************************@phx.gbl>
<3D**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Sat, 3 Jan 2004 15:52:03 -0800
Lines: 191
Message-ID: <02****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcPSVJY/IoO+KDe3Tceh4HGBaGENhQ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199523
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Thanks for your help.
I am going to store the password in the encrypted forms
authentication ticket and only impersonate where
neccessary.
-----Original Message-----
Jason,

Your understanding of impersonation is correct. The

WindowsIdentity in
your case of Forms authentication will be the process

account. The
HttpContext.Current.User.Identity will be your user

authenticated via Forms
auth. I'm not sure how long the token will be valid

before it is expired.
I do know that we timestamp the token for the purposes

of preventing
improper token reuse.

I would definitely not take this route however. First of

all, there is an
ASP.NET issue whereby an impersonated thread that is

returned to the
threadpool without having had RevertToSelf() called is

going to retain its
impersonated identity. As soon as someone else grabs

that thread from the
pool, it will run under the context of the original

user. This is
obviously a bad thing. Therefore, you should ALWAYS undo

the
impersonation. (This is a developing issue, so I don't

have many
specifics.)

The other thing is just general security practice. You

want to minimize
your exposure surface to any attacks. It would then make

logical sense
that you would only want to run under elevated

priviledges when necessary.
Therefore, a much better option for you would be to

store the username and
password in the FormsAuthenticationTicket when it's

created and then use
that information to call LogonUser when necessary.

This assumes that you are following our recommendation of

encrypting the
ticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl>

<#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:198969NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authenticationisselected.

I have to use forms authentication but I validate theuserlogging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?
-----Original Message-----
Jason,

Do you need to impersonate a specific user just during
the execution of a
particular code block? If not and you really just need
to ensure that the
app runs under the context of the currently logged on
user, you simply need
to deny access to unauthenticated users via the
web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and
confers no rights.

--------------------
>I actually do that. The problem is that I need to
perform
>operations on the Active Directory as the logged on
user.
>Which means I need to either pass the logged on user
name
>and password to the DirectoryEntry object or
impersonate -
>that way, if the logged on user does not have theright,>the operation fails.
>
>Unless there is another way?
>>-----Original Message-----
>>Jason,
>>
>>I'm not really sure how long that token persists.
>However, I certainly
>>wouldn't implement your functionality in this way.
>Instead, why not just
>>use Forms Authentication and authenticate against
Active
>Directory?
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Microsoft Product Support Services
>>ASP.NET Developer Support
>>
>>This post is provided "as-is" and confers no rights.
>>
>>
>>--------------------
>>>I have an ASP.NET application with forms
authentication.
>>>However, the login details correspond to a Windows
>account
>>>(I cannot use Windows authentication). If I obtain a
>token
>>>with LogonUser, can I store it in a session variable
and
>>>perform an impersonation on each page load? How long
is
>>>that token valid? If I do an impersonation on each
page
>>>load but never an Undo, will it cause problems?
>>>
>>>I think that once the response finishes, the
>impersonation
>>>finishes. When the response re-starts i.e. page is
>loaded,
>>>the impersonation can be manually restarted without
>>>problems. I'm not sure about the lifetime of thetoken.>>>
>>
>>.
>>
>

.


.


Nov 18 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
is vb.net impersonating impersonation?
by: h | last post by:
Hello all, Scenario: I have developed a vb.net windows service to log on to exchange via impersonation. Exchange system is version 2000 on...
Visual Basic .NET
0
is vb.net impersonating impersonation?
by: h | last post by:
Hello all, Scenario: I have developed a vb.net windows service to log on to exchange via impersonation. Exchange system is version 2000 on...
Visual Basic .NET
5
Impersonating doesn't work on Win2003
by: fab | last post by:
Hello, i'm trying to browse a UNC share through an ASP.NET application and i've got a problem : i've tried some examples from MSDN or other web...
ASP.NET
11
Remote call to COM impersonating another user
by: JCav | last post by:
I need to call a COM object from a remote machine using C#. I also need to pass on a different userID and password to the call. Has anyone done...
C# / C Sharp
1
Benefits of Blockchain App Development for Enterprise Businesses
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
General
0
jalbright99669
https redirect with reverse proxy
by: jalbright99669 | last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
IIS / Internet Information Server
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
General
0
How to layout php header location with a variable as the location?
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
PHP
0
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computer
by: AndyPSV | last post by:
HOW CAN I CREATE AN AI with an .executable file that would suck all files in the folder and on my computerHOW CAN I CREATE AN AI with an .executable...
General
0
How do I view Redshift db tables in Alteryx
by: Arjunsri | last post by:
I have a Redshift database that I need to use as an import data source. I have configured the DSN connection using the server, port, database, and...
General
0
hi
by: WisdomUfot | last post by:
It's an interesting question you've got about how Gmail hides the HTTP referrer when a link in an email is clicked. While I don't have the specific...
General
0
BLUEPANDA
Join our open community on Discord to learn programming, SEO, and marketing
by: BLUEPANDA | last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS...
General
0
Mastering Python: A Versatile Programming Language for All
by: Rahul1995seven | last post by:
Introduction: In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy

Sitemap

Follow us! Get the Latest Bytes Updates