473,396 Members | 2,030 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > windowsprincipal and windowsidentity.

Join Bytes to post your question to a community of 473,396 software developers and data experts.

WindowsPrincipal and WindowsIdentity.

This is more of a solution that raised a question.

I have a Web service that does not allow anonymous users.
For debugging I put in the following lines in my Web
Service:

WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
wi.Impersonate();

My question was the the first WindowsIdentity returned
from GetCurrent shows MACHINE\ASPNET (MACHINE is the name
of the machine) yet the WindowsIdentity returned from
CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name
of the domain I am logged in as a domain user when I am
running this). The Web service needs to access a database
and the ASPNET account cannot be used to access the
database. It seems that Impersonate() makes the
identity "correct". My question is why is GetCurrent and
CurrentPrincipal different? Under what conditions will
they be different? Why does Impersonate make them the
same?

Thank you for your help in understanding this.

Kevin Burton
rk**********@charter.net
Nov 18 '05 #1
3 4270
asp.net broke out the authenication identity (who called this page -
Principle) from the security identity used by the thread servicing the page.
the default is for the page threads to run under the asp.net account.

you can achieve the same result without code by specifing in you web.config:

<identity impersonate="true" />

note: if the user hitting the site is is not logged on the local machine
(try hitting you site from another box) the Impersonated identity is not a
primmary token, so can not be used to access resources (say a sqlserver) on
another box.

-- bruce (sqlwork.com)
"Kevin Burton" <an*******@discussions.microsoft.com> wrote in message
news:07****************************@phx.gbl...
This is more of a solution that raised a question.

I have a Web service that does not allow anonymous users.
For debugging I put in the following lines in my Web
Service:

WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
wi.Impersonate();

My question was the the first WindowsIdentity returned
from GetCurrent shows MACHINE\ASPNET (MACHINE is the name
of the machine) yet the WindowsIdentity returned from
CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name
of the domain I am logged in as a domain user when I am
running this). The Web service needs to access a database
and the ASPNET account cannot be used to access the
database. It seems that Impersonate() makes the
identity "correct". My question is why is GetCurrent and
CurrentPrincipal different? Under what conditions will
they be different? Why does Impersonate make them the
same?

Thank you for your help in understanding this.

Kevin Burton
rk**********@charter.net

Nov 18 '05 #2
Thank you for your reply. It was most helpful.

One more question.

If I just have the <identitiy> token in the web.config I
still get an error:

WebException: 'The request failed with HTTP status 401:
Access Denied.'
Status: 'ProtocolError'
at
System.Web.Services.Protocols.SoapHttpClientProtoc ol.ReadR
esponse(SoapClie
ntMessage message, WebResponse response, Stream
responseStream, Boolean asyncCal
l)

Unless before the Web Service call I add credentials as:

WService webService = new WService();
webService.Credentials =
CredentialCache.DefaultCredentials;

I don't quite understand the reason for this.

Kevin
-----Original Message-----
asp.net broke out the authenication identity (who called this page -Principle) from the security identity used by the thread servicing the page.the default is for the page threads to run under the asp.net account.
you can achieve the same result without code by specifing in you web.config:
<identity impersonate="true" />

note: if the user hitting the site is is not logged on the local machine(try hitting you site from another box) the Impersonated identity is not aprimmary token, so can not be used to access resources (say a sqlserver) onanother box.

-- bruce (sqlwork.com)
"Kevin Burton" <an*******@discussions.microsoft.com> wrote in messagenews:07****************************@phx.gbl...
This is more of a solution that raised a question.

I have a Web service that does not allow anonymous users. For debugging I put in the following lines in my Web
Service:

WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
wi.Impersonate();

My question was the the first WindowsIdentity returned
from GetCurrent shows MACHINE\ASPNET (MACHINE is the name of the machine) yet the WindowsIdentity returned from
CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name of the domain I am logged in as a domain user when I am
running this). The Web service needs to access a database and the ASPNET account cannot be used to access the
database. It seems that Impersonate() makes the
identity "correct". My question is why is GetCurrent and CurrentPrincipal different? Under what conditions will
they be different? Why does Impersonate make them the
same?

Thank you for your help in understanding this.

Kevin Burton
rk**********@charter.net

.

Nov 18 '05 #3
More permission questions.

If I change IIS to allow anonymous login and I change the
<identity> token to the following:

<identity impersonate="true"
userName="domain\domainuser"
password="0123456"
/>

I get an HTML error:

<b> Parser Error Message: </b>Could not
create Windows user token fr
om the credentials specified in the config file. Error
from the operating system
'A required privilege is not held by the client.
'<br><br>

I have checked and the user name, domain, and password
are all correct. Do I need some extra permission just to
impersonate?

Thank you.

Kevin
-----Original Message-----
asp.net broke out the authenication identity (who called this page -Principle) from the security identity used by the thread servicing the page.the default is for the page threads to run under the asp.net account.
you can achieve the same result without code by specifing in you web.config:
<identity impersonate="true" />

note: if the user hitting the site is is not logged on the local machine(try hitting you site from another box) the Impersonated identity is not aprimmary token, so can not be used to access resources (say a sqlserver) onanother box.

-- bruce (sqlwork.com)
"Kevin Burton" <an*******@discussions.microsoft.com> wrote in messagenews:07****************************@phx.gbl...
This is more of a solution that raised a question.

I have a Web service that does not allow anonymous users. For debugging I put in the following lines in my Web
Service:

WindowsIdentity wi = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = Thread.CurrentPrincipal as
WindowsPrincipal;
wi = wp.Identity as WindowsIdentity;
wi.Impersonate();

My question was the the first WindowsIdentity returned
from GetCurrent shows MACHINE\ASPNET (MACHINE is the name of the machine) yet the WindowsIdentity returned from
CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name of the domain I am logged in as a domain user when I am
running this). The Web service needs to access a database and the ASPNET account cannot be used to access the
database. It seems that Impersonate() makes the
identity "correct". My question is why is GetCurrent and CurrentPrincipal different? Under what conditions will
they be different? Why does Impersonate make them the
same?

Thank you for your help in understanding this.

Kevin Burton
rk**********@charter.net

.

Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
ArgumentException when call WindowsPrincipal.IsInRole
by: Dan Kelley | last post by:
I receive multiple (handled) ArgumentExceptions when I call WindowsPrinciple.IsInRole. The exception text is: A first chance exception of type 'System.ArgumentException' occurred in mscorlib.dll...
C# / C Sharp
8
WindowsIdentity.Impersonate() vs ImpersonateLoggedOnUser()
by: BLiTZWiNG | last post by:
After playing with the code shown and utilising Willy Denyottes' help, I have come to the conclusion that there is some form of difference between the managed WindowsIdentity.Impersonate() over the...
C# / C Sharp
0
CurrentPrincipal, WindowsPrincipal
by: Mark | last post by:
Hello Friends Please check following Code Dim x As System.Security.Principal.WindowsPrincipal x = System.Threading.Thread.CurrentPrincipal Response.Write...
ASP.NET
1
Sending the WindowsPrincipal object
by: Johan Johansson (Sweden) | last post by:
I am writing a webService that is going to be accessed anonymously (I don't want to "configurable" depend on windows integrated authentication). But I still want to authenticate the client (or...
.NET Framework
13
Authenticate to a webservice by WindowsIdentity
by: ALI-R | last post by:
I know how to authenticate to a webservice using either of these ways(Assuming that rService represents the webservice): 1) rService.Credentials = new...
.NET Framework
0
FileSecurity - Test if WindowsIdentity has write access?
by: Ed Sutton | last post by:
Is there a FileSecurity method that can determine if the current WindowsIdentity has write access to a file? I can get the current windows identity and use FileSecurity to return the ...
ASP.NET
0
security using windowsprincipal class
by: wk6pack | last post by:
Hi, I'm trying to get my application to authenticate using role based when the user runs the application. When the user logs on and is in the security group "school", the user gets into the...
.NET Framework
1
WindowsPrincipal.IsInRole fails when there is Whitespace in role n
by: =?Utf-8?B?RjVGNUY1?= | last post by:
I use the following function to ascertain if the current user is in ann AD security group. It appears to work, except if the group contains any space characters, it always returns false. For...
C# / C Sharp
1
WindowsPrincipal.IsInRole actually check roles and NOT groups?
by: Andy | last post by:
Hi, I currently have my application setup and built using Windows Authentication (WindowsPrincipal). For security checks, I simply do an IsInRole call on the Principal. The role permissions...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!