469,602 Members | 1,989 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,602 developers. It's quick & easy.

impersonating and LogonUser

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account
(I cannot use Windows authentication). If I obtain a token
with LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonation
finishes. When the response re-starts i.e. page is loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.
Nov 18 '05 #1
7 2167
Jason,

I'm not really sure how long that token persists. However, I certainly
wouldn't implement your functionality in this way. Instead, why not just
use Forms Authentication and authenticate against Active Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198854
NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account
(I cannot use Windows authentication). If I obtain a token
with LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonation
finishes. When the response re-starts i.e. page is loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


Nov 18 '05 #2
I actually do that. The problem is that I need to perform
operations on the Active Directory as the logged on user.
Which means I need to either pass the logged on user name
and password to the DirectoryEntry object or impersonate -
that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists. However, I certainlywouldn't implement your functionality in this way. Instead, why not justuse Forms Authentication and authenticate against Active Directory?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198854NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account(I cannot use Windows authentication). If I obtain a tokenwith LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonationfinishes. When the response re-starts i.e. page is loaded,the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


.

Nov 18 '05 #3
Jason,

Do you need to impersonate a specific user just during the execution of a
particular code block? If not and you really just need to ensure that the
app runs under the context of the currently logged on user, you simply need
to deny access to unauthenticated users via the web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 09:41:16 -0800
Lines: 67
Message-ID: <06****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO/CAi0MD771MWTeW4DDpNCftk0g==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198905
NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I actually do that. The problem is that I need to perform
operations on the Active Directory as the logged on user.
Which means I need to either pass the logged on user name
and password to the DirectoryEntry object or impersonate -
that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.

However, I certainly
wouldn't implement your functionality in this way.

Instead, why not just
use Forms Authentication and authenticate against Active

Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:198854NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windowsaccount(I cannot use Windows authentication). If I obtain atokenwith LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, theimpersonationfinishes. When the response re-starts i.e. page isloaded,the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


.


Nov 18 '05 #4
Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication is
selected.

I have to use forms authentication but I validate the user
logging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during the execution of aparticular code block? If not and you really just need to ensure that theapp runs under the context of the currently logged on user, you simply needto deny access to unauthenticated users via the web.config and enableimpersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
I actually do that. The problem is that I need to performoperations on the Active Directory as the logged on user.Which means I need to either pass the logged on user nameand password to the DirectoryEntry object or impersonate -that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.

However, I certainly
wouldn't implement your functionality in this way.

Instead, why not just
use Forms Authentication and authenticate against Active
Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
I have an ASP.NET application with forms

authentication.However, the login details correspond to a Windows

account
(I cannot use Windows authentication). If I obtain a

token
with LogonUser, can I store it in a session variable andperform an impersonation on each page load? How long isthat token valid? If I do an impersonation on each pageload but never an Undo, will it cause problems?

I think that once the response finishes, the

impersonation
finishes. When the response re-starts i.e. page is

loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.
.


.

Nov 18 '05 #5
Jason,

Your understanding of impersonation is correct. The WindowsIdentity in
your case of Forms authentication will be the process account. The
HttpContext.Current.User.Identity will be your user authenticated via Forms
auth. I'm not sure how long the token will be valid before it is expired.
I do know that we timestamp the token for the purposes of preventing
improper token reuse.

I would definitely not take this route however. First of all, there is an
ASP.NET issue whereby an impersonated thread that is returned to the
threadpool without having had RevertToSelf() called is going to retain its
impersonated identity. As soon as someone else grabs that thread from the
pool, it will run under the context of the original user. This is
obviously a bad thing. Therefore, you should ALWAYS undo the
impersonation. (This is a developing issue, so I don't have many
specifics.)

The other thing is just general security practice. You want to minimize
your exposure surface to any attacks. It would then make logical sense
that you would only want to run under elevated priviledges when necessary.
Therefore, a much better option for you would be to store the username and
password in the FormsAuthenticationTicket when it's created and then use
that information to call LogonUser when necessary.

This assumes that you are following our recommendation of encrypting the
ticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198969
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication is
selected.

I have to use forms authentication but I validate the user
logging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during

the execution of a
particular code block? If not and you really just need

to ensure that the
app runs under the context of the currently logged on

user, you simply need
to deny access to unauthenticated users via the

web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.

--------------------
I actually do that. The problem is that I need toperformoperations on the Active Directory as the logged onuser.Which means I need to either pass the logged on usernameand password to the DirectoryEntry object orimpersonate -that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.
However, I certainly
wouldn't implement your functionality in this way.
Instead, why not just
use Forms Authentication and authenticate againstActiveDirectory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
>I have an ASP.NET application with formsauthentication.>However, the login details correspond to a Windows
account
>(I cannot use Windows authentication). If I obtain a
token
>with LogonUser, can I store it in a session variableand>perform an impersonation on each page load? How longis>that token valid? If I do an impersonation on eachpage>load but never an Undo, will it cause problems?
>
>I think that once the response finishes, the
impersonation
>finishes. When the response re-starts i.e. page is
loaded,
>the impersonation can be manually restarted without
>problems. I'm not sure about the lifetime of the token.
>

.


.


Nov 18 '05 #6
Thanks for your help.
I am going to store the password in the encrypted forms
authentication ticket and only impersonate where
neccessary.
-----Original Message-----
Jason,

Your understanding of impersonation is correct. The WindowsIdentity inyour case of Forms authentication will be the process account. TheHttpContext.Current.User.Identity will be your user authenticated via Formsauth. I'm not sure how long the token will be valid before it is expired. I do know that we timestamp the token for the purposes of preventingimproper token reuse.

I would definitely not take this route however. First of all, there is anASP.NET issue whereby an impersonated thread that is returned to thethreadpool without having had RevertToSelf() called is going to retain itsimpersonated identity. As soon as someone else grabs that thread from thepool, it will run under the context of the original user. This isobviously a bad thing. Therefore, you should ALWAYS undo theimpersonation. (This is a developing issue, so I don't have manyspecifics.)

The other thing is just general security practice. You want to minimizeyour exposure surface to any attacks. It would then make logical sensethat you would only want to run under elevated priviledges when necessary. Therefore, a much better option for you would be to store the username andpassword in the FormsAuthenticationTicket when it's created and then usethat information to call LogonUser when necessary.

This assumes that you are following our recommendation of encrypting theticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl>

<#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198969NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication isselected.

I have to use forms authentication but I validate the userlogging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during

the execution of a
particular code block? If not and you really just need

to ensure that the
app runs under the context of the currently logged on

user, you simply need
to deny access to unauthenticated users via the

web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.

--------------------
I actually do that. The problem is that I need to

perform
operations on the Active Directory as the logged on

user.
Which means I need to either pass the logged on user

name
and password to the DirectoryEntry object or

impersonate -
that way, if the logged on user does not have the right,the operation fails.

Unless there is another way?
>-----Original Message-----
>Jason,
>
>I'm not really sure how long that token persists.
However, I certainly
>wouldn't implement your functionality in this way.
Instead, why not just
>use Forms Authentication and authenticate against

Active
Directory?
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Microsoft Product Support Services
>ASP.NET Developer Support
>
>This post is provided "as-is" and confers no rights.
>
>
>--------------------
>>I have an ASP.NET application with forms

authentication.
>>However, the login details correspond to a Windows
account
>>(I cannot use Windows authentication). If I obtain a
token
>>with LogonUser, can I store it in a session variable

and
>>perform an impersonation on each page load? How long

is
>>that token valid? If I do an impersonation on each

page
>>load but never an Undo, will it cause problems?
>>
>>I think that once the response finishes, the
impersonation
>>finishes. When the response re-starts i.e. page is
loaded,
>>the impersonation can be manually restarted without
>>problems. I'm not sure about the lifetime of the token.>>
>
>.
>
.


.

Nov 18 '05 #7
Hi Jason,

Very good. Post back if you encounter problems.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
<01****************************@phx.gbl>
<3D**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Sat, 3 Jan 2004 15:52:03 -0800
Lines: 191
Message-ID: <02****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcPSVJY/IoO+KDe3Tceh4HGBaGENhQ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199523
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Thanks for your help.
I am going to store the password in the encrypted forms
authentication ticket and only impersonate where
neccessary.
-----Original Message-----
Jason,

Your understanding of impersonation is correct. The

WindowsIdentity in
your case of Forms authentication will be the process

account. The
HttpContext.Current.User.Identity will be your user

authenticated via Forms
auth. I'm not sure how long the token will be valid

before it is expired.
I do know that we timestamp the token for the purposes

of preventing
improper token reuse.

I would definitely not take this route however. First of

all, there is an
ASP.NET issue whereby an impersonated thread that is

returned to the
threadpool without having had RevertToSelf() called is

going to retain its
impersonated identity. As soon as someone else grabs

that thread from the
pool, it will run under the context of the original

user. This is
obviously a bad thing. Therefore, you should ALWAYS undo

the
impersonation. (This is a developing issue, so I don't

have many
specifics.)

The other thing is just general security practice. You

want to minimize
your exposure surface to any attacks. It would then make

logical sense
that you would only want to run under elevated

priviledges when necessary.
Therefore, a much better option for you would be to

store the username and
password in the FormsAuthenticationTicket when it's

created and then use
that information to call LogonUser when necessary.

This assumes that you are following our recommendation of

encrypting the
ticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl>

<#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:198969NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authenticationisselected.

I have to use forms authentication but I validate theuserlogging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?
-----Original Message-----
Jason,

Do you need to impersonate a specific user just during
the execution of a
particular code block? If not and you really just need
to ensure that the
app runs under the context of the currently logged on
user, you simply need
to deny access to unauthenticated users via the
web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and
confers no rights.

--------------------
>I actually do that. The problem is that I need to
perform
>operations on the Active Directory as the logged on
user.
>Which means I need to either pass the logged on user
name
>and password to the DirectoryEntry object or
impersonate -
>that way, if the logged on user does not have theright,>the operation fails.
>
>Unless there is another way?
>>-----Original Message-----
>>Jason,
>>
>>I'm not really sure how long that token persists.
>However, I certainly
>>wouldn't implement your functionality in this way.
>Instead, why not just
>>use Forms Authentication and authenticate against
Active
>Directory?
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Microsoft Product Support Services
>>ASP.NET Developer Support
>>
>>This post is provided "as-is" and confers no rights.
>>
>>
>>--------------------
>>>I have an ASP.NET application with forms
authentication.
>>>However, the login details correspond to a Windows
>account
>>>(I cannot use Windows authentication). If I obtain a
>token
>>>with LogonUser, can I store it in a session variable
and
>>>perform an impersonation on each page load? How long
is
>>>that token valid? If I do an impersonation on each
page
>>>load but never an Undo, will it cause problems?
>>>
>>>I think that once the response finishes, the
>impersonation
>>>finishes. When the response re-starts i.e. page is
>loaded,
>>>the impersonation can be manually restarted without
>>>problems. I'm not sure about the lifetime of thetoken.>>>
>>
>>.
>>
>

.


.


Nov 18 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

By using this site, you agree to our Privacy Policy and Terms of Use.