473,466 Members | 1,451 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

impersonating and LogonUser

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account
(I cannot use Windows authentication). If I obtain a token
with LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonation
finishes. When the response re-starts i.e. page is loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.
Nov 18 '05 #1
7 2365
Jason,

I'm not really sure how long that token persists. However, I certainly
wouldn't implement your functionality in this way. Instead, why not just
use Forms Authentication and authenticate against Active Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198854
NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account
(I cannot use Windows authentication). If I obtain a token
with LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonation
finishes. When the response re-starts i.e. page is loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


Nov 18 '05 #2
I actually do that. The problem is that I need to perform
operations on the Active Directory as the logged on user.
Which means I need to either pass the logged on user name
and password to the DirectoryEntry object or impersonate -
that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists. However, I certainlywouldn't implement your functionality in this way. Instead, why not justuse Forms Authentication and authenticate against Active Directory?
Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198854NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windows account(I cannot use Windows authentication). If I obtain a tokenwith LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, the impersonationfinishes. When the response re-starts i.e. page is loaded,the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


.

Nov 18 '05 #3
Jason,

Do you need to impersonate a specific user just during the execution of a
particular code block? If not and you really just need to ensure that the
app runs under the context of the currently logged on user, you simply need
to deny access to unauthenticated users via the web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 09:41:16 -0800
Lines: 67
Message-ID: <06****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO/CAi0MD771MWTeW4DDpNCftk0g==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198905
NNTP-Posting-Host: tk2msftngxa08.phx.gbl 10.40.1.160
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I actually do that. The problem is that I need to perform
operations on the Active Directory as the logged on user.
Which means I need to either pass the logged on user name
and password to the DirectoryEntry object or impersonate -
that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.

However, I certainly
wouldn't implement your functionality in this way.

Instead, why not just
use Forms Authentication and authenticate against Active

Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
Subject: impersonating and LogonUser
Date: Tue, 30 Dec 2003 07:09:52 -0800
Lines: 12
Message-ID: <0a****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPO5vn/DZ4sZUF0TVKQjDolroRyKQ==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:198854NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

I have an ASP.NET application with forms authentication.
However, the login details correspond to a Windowsaccount(I cannot use Windows authentication). If I obtain atokenwith LogonUser, can I store it in a session variable and
perform an impersonation on each page load? How long is
that token valid? If I do an impersonation on each page
load but never an Undo, will it cause problems?

I think that once the response finishes, theimpersonationfinishes. When the response re-starts i.e. page isloaded,the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.


.


Nov 18 '05 #4
Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication is
selected.

I have to use forms authentication but I validate the user
logging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during the execution of aparticular code block? If not and you really just need to ensure that theapp runs under the context of the currently logged on user, you simply needto deny access to unauthenticated users via the web.config and enableimpersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
I actually do that. The problem is that I need to performoperations on the Active Directory as the logged on user.Which means I need to either pass the logged on user nameand password to the DirectoryEntry object or impersonate -that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.

However, I certainly
wouldn't implement your functionality in this way.

Instead, why not just
use Forms Authentication and authenticate against Active
Directory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
I have an ASP.NET application with forms

authentication.However, the login details correspond to a Windows

account
(I cannot use Windows authentication). If I obtain a

token
with LogonUser, can I store it in a session variable andperform an impersonation on each page load? How long isthat token valid? If I do an impersonation on each pageload but never an Undo, will it cause problems?

I think that once the response finishes, the

impersonation
finishes. When the response re-starts i.e. page is

loaded,
the impersonation can be manually restarted without
problems. I'm not sure about the lifetime of the token.
.


.

Nov 18 '05 #5
Jason,

Your understanding of impersonation is correct. The WindowsIdentity in
your case of Forms authentication will be the process account. The
HttpContext.Current.User.Identity will be your user authenticated via Forms
auth. I'm not sure how long the token will be valid before it is expired.
I do know that we timestamp the token for the purposes of preventing
improper token reuse.

I would definitely not take this route however. First of all, there is an
ASP.NET issue whereby an impersonated thread that is returned to the
threadpool without having had RevertToSelf() called is going to retain its
impersonated identity. As soon as someone else grabs that thread from the
pool, it will run under the context of the original user. This is
obviously a bad thing. Therefore, you should ALWAYS undo the
impersonation. (This is a developing issue, so I don't have many
specifics.)

The other thing is just general security practice. You want to minimize
your exposure surface to any attacks. It would then make logical sense
that you would only want to run under elevated priviledges when necessary.
Therefore, a much better option for you would be to store the username and
password in the FormsAuthenticationTicket when it's created and then use
that information to call LogonUser when necessary.

This assumes that you are following our recommendation of encrypting the
ticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198969
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication is
selected.

I have to use forms authentication but I validate the user
logging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during

the execution of a
particular code block? If not and you really just need

to ensure that the
app runs under the context of the currently logged on

user, you simply need
to deny access to unauthenticated users via the

web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.

--------------------
I actually do that. The problem is that I need toperformoperations on the Active Directory as the logged onuser.Which means I need to either pass the logged on usernameand password to the DirectoryEntry object orimpersonate -that way, if the logged on user does not have the right,
the operation fails.

Unless there is another way?
-----Original Message-----
Jason,

I'm not really sure how long that token persists.
However, I certainly
wouldn't implement your functionality in this way.
Instead, why not just
use Forms Authentication and authenticate againstActiveDirectory?

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Product Support Services
ASP.NET Developer Support

This post is provided "as-is" and confers no rights.
--------------------
>I have an ASP.NET application with formsauthentication.>However, the login details correspond to a Windows
account
>(I cannot use Windows authentication). If I obtain a
token
>with LogonUser, can I store it in a session variableand>perform an impersonation on each page load? How longis>that token valid? If I do an impersonation on eachpage>load but never an Undo, will it cause problems?
>
>I think that once the response finishes, the
impersonation
>finishes. When the response re-starts i.e. page is
loaded,
>the impersonation can be manually restarted without
>problems. I'm not sure about the lifetime of the token.
>

.


.


Nov 18 '05 #6
Thanks for your help.
I am going to store the password in the encrypted forms
authentication ticket and only impersonate where
neccessary.
-----Original Message-----
Jason,

Your understanding of impersonation is correct. The WindowsIdentity inyour case of Forms authentication will be the process account. TheHttpContext.Current.User.Identity will be your user authenticated via Formsauth. I'm not sure how long the token will be valid before it is expired. I do know that we timestamp the token for the purposes of preventingimproper token reuse.

I would definitely not take this route however. First of all, there is anASP.NET issue whereby an impersonated thread that is returned to thethreadpool without having had RevertToSelf() called is going to retain itsimpersonated identity. As soon as someone else grabs that thread from thepool, it will run under the context of the original user. This isobviously a bad thing. Therefore, you should ALWAYS undo theimpersonation. (This is a developing issue, so I don't have manyspecifics.)

The other thing is just general security practice. You want to minimizeyour exposure surface to any attacks. It would then make logical sensethat you would only want to run under elevated priviledges when necessary. Therefore, a much better option for you would be to store the username andpassword in the FormsAuthenticationTicket when it's created and then usethat information to call LogonUser when necessary.

This assumes that you are following our recommendation of encrypting theticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl>

<#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:198969NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authentication isselected.

I have to use forms authentication but I validate the userlogging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?

-----Original Message-----
Jason,

Do you need to impersonate a specific user just during

the execution of a
particular code block? If not and you really just need

to ensure that the
app runs under the context of the currently logged on

user, you simply need
to deny access to unauthenticated users via the

web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.

--------------------
I actually do that. The problem is that I need to

perform
operations on the Active Directory as the logged on

user.
Which means I need to either pass the logged on user

name
and password to the DirectoryEntry object or

impersonate -
that way, if the logged on user does not have the right,the operation fails.

Unless there is another way?
>-----Original Message-----
>Jason,
>
>I'm not really sure how long that token persists.
However, I certainly
>wouldn't implement your functionality in this way.
Instead, why not just
>use Forms Authentication and authenticate against

Active
Directory?
>
>Jim Cheshire, MCSE, MCSD [MSFT]
>Microsoft Product Support Services
>ASP.NET Developer Support
>
>This post is provided "as-is" and confers no rights.
>
>
>--------------------
>>I have an ASP.NET application with forms

authentication.
>>However, the login details correspond to a Windows
account
>>(I cannot use Windows authentication). If I obtain a
token
>>with LogonUser, can I store it in a session variable

and
>>perform an impersonation on each page load? How long

is
>>that token valid? If I do an impersonation on each

page
>>load but never an Undo, will it cause problems?
>>
>>I think that once the response finishes, the
impersonation
>>finishes. When the response re-starts i.e. page is
loaded,
>>the impersonation can be manually restarted without
>>problems. I'm not sure about the lifetime of the token.>>
>
>.
>
.


.

Nov 18 '05 #7
Hi Jason,

Very good. Post back if you encounter problems.

Jim Cheshire, MCSE, MCSD [MSFT]
ASP.NET
Developer Support
ja******@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl> <#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
<01****************************@phx.gbl>
<3D**************@cpmsftngxa07.phx.gbl>Subject: RE: impersonating and LogonUser
Date: Sat, 3 Jan 2004 15:52:03 -0800
Lines: 191
Message-ID: <02****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcPSVJY/IoO+KDe3Tceh4HGBaGENhQ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.framework.aspnet:199523
NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Thanks for your help.
I am going to store the password in the encrypted forms
authentication ticket and only impersonate where
neccessary.
-----Original Message-----
Jason,

Your understanding of impersonation is correct. The

WindowsIdentity in
your case of Forms authentication will be the process

account. The
HttpContext.Current.User.Identity will be your user

authenticated via Forms
auth. I'm not sure how long the token will be valid

before it is expired.
I do know that we timestamp the token for the purposes

of preventing
improper token reuse.

I would definitely not take this route however. First of

all, there is an
ASP.NET issue whereby an impersonated thread that is

returned to the
threadpool without having had RevertToSelf() called is

going to retain its
impersonated identity. As soon as someone else grabs

that thread from the
pool, it will run under the context of the original

user. This is
obviously a bad thing. Therefore, you should ALWAYS undo

the
impersonation. (This is a developing issue, so I don't

have many
specifics.)

The other thing is just general security practice. You

want to minimize
your exposure surface to any attacks. It would then make

logical sense
that you would only want to run under elevated

priviledges when necessary.
Therefore, a much better option for you would be to

store the username and
password in the FormsAuthenticationTicket when it's

created and then use
that information to call LogonUser when necessary.

This assumes that you are following our recommendation of

encrypting the
ticket.

Jim Cheshire, MCSE, MCSD [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and

confers no rights.


--------------------
Content-Class: urn:content-classes:message
From: "Jason" <an*******@discussions.microsoft.com>
Sender: "Jason" <an*******@discussions.microsoft.com>
References: <0a****************************@phx.gbl>

<#R**************@cpmsftngxa07.phx.gbl>
<06****************************@phx.gbl>
<#t**************@cpmsftngxa07.phx.gbl>
Subject: RE: impersonating and LogonUser
Date: Tue, 30 Dec 2003 13:01:06 -0800
Lines: 97
Message-ID: <01****************************@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcPPGArOEJZUmCWqTvWaK6UCxhVpMw==
Newsgroups: microsoft.public.dotnet.framework.aspnet
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gblmicrosoft.public.dotnet.framework.aspnet:198969NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet

Maybe I'm missing something with my understanding of
impersonation.

I thought impersonation either ran as the user specified
in the web.config or as the account configured in IIS or
as the windows identity user if windows authenticationisselected.

I have to use forms authentication but I validate theuserlogging on against active directory. I retrieve their
username and password from a login screen.

Is it possible to have the application run as the user
once they have been verified using forms authentication?
-----Original Message-----
Jason,

Do you need to impersonate a specific user just during
the execution of a
particular code block? If not and you really just need
to ensure that the
app runs under the context of the currently logged on
user, you simply need
to deny access to unauthenticated users via the
web.config and enable
impersonation.

Jim Cheshire [MSFT]
Microsoft Developer Support
ASP.NET
ja******@online.microsoft.com

This post is provided as-is with no warranties and
confers no rights.

--------------------
>I actually do that. The problem is that I need to
perform
>operations on the Active Directory as the logged on
user.
>Which means I need to either pass the logged on user
name
>and password to the DirectoryEntry object or
impersonate -
>that way, if the logged on user does not have theright,>the operation fails.
>
>Unless there is another way?
>>-----Original Message-----
>>Jason,
>>
>>I'm not really sure how long that token persists.
>However, I certainly
>>wouldn't implement your functionality in this way.
>Instead, why not just
>>use Forms Authentication and authenticate against
Active
>Directory?
>>
>>Jim Cheshire, MCSE, MCSD [MSFT]
>>Microsoft Product Support Services
>>ASP.NET Developer Support
>>
>>This post is provided "as-is" and confers no rights.
>>
>>
>>--------------------
>>>I have an ASP.NET application with forms
authentication.
>>>However, the login details correspond to a Windows
>account
>>>(I cannot use Windows authentication). If I obtain a
>token
>>>with LogonUser, can I store it in a session variable
and
>>>perform an impersonation on each page load? How long
is
>>>that token valid? If I do an impersonation on each
page
>>>load but never an Undo, will it cause problems?
>>>
>>>I think that once the response finishes, the
>impersonation
>>>finishes. When the response re-starts i.e. page is
>loaded,
>>>the impersonation can be manually restarted without
>>>problems. I'm not sure about the lifetime of thetoken.>>>
>>
>>.
>>
>

.


.


Nov 18 '05 #8
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
is vb.net impersonating impersonation?
by: h | last post by:
Hello all, Scenario: I have developed a vb.net windows service to log on to exchange via impersonation. Exchange system is version 2000 on WIndows 2000. Development platform win xp framework 1.1...
Visual Basic .NET
0
is vb.net impersonating impersonation?
by: h | last post by:
Hello all, Scenario: I have developed a vb.net windows service to log on to exchange via impersonation. Exchange system is version 2000 on WIndows 2000. Development platform win xp framework 1.1...
Visual Basic .NET
5
Impersonating doesn't work on Win2003
by: fab | last post by:
Hello, i'm trying to browse a UNC share through an ASP.NET application and i've got a problem : i've tried some examples from MSDN or other web sites (using LogonUser from Win32 API) and it...
ASP.NET
11
Remote call to COM impersonating another user
by: JCav | last post by:
I need to call a COM object from a remote machine using C#. I also need to pass on a different userID and password to the call. Has anyone done this? I've used Java to do this using JIntegra, but...
C# / C Sharp
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us