By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,608 Members | 3,801 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,608 IT Pros & Developers. It's quick & easy.

User Impresonation in Global.asax OnStart

P: n/a
It looks as if user imporsonation doesn't work in the Global.asax OnStart event. What this means is that if I have application configured to use "AlexUser" as the user for all ASP.NET stuff, that works for everything within my application EXCEPT that code executed in the OnStart in global.asax goes out as the "ASPNET" user

This is a real problem because it means that I have to giver database permissions to the ASPNET user if I want to make any DB calls from instide global.asax. I REALLY don't want to do that

Any ideas?
Nov 18 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi,

From your description you have some db manipulation which need to be
finished in your web application's
Application_Start event. However you found in the Application_Start event,
the impersonate not work which make the connecting to dbserver failed, yes?

As for this problem, I think it is because in Application_Start event, the
whole Application is initializing and the Some ASP.NET buildin object such
as Request, Response ... haven't be constructed or initialized yet. And the
ASP.NET's impersonate mechanism depend on the User's credential passed from
IIS which is stored in the HttpContext.Current.User.Identity
However, this info seems invaliable in Application_Start Event. That's why
the such operations depend on impersonation will failed in
Application_Start.

As for your situation, you need to do db manipulation in Application_Start,
I think you may consider the following means:
1. Use SQLServer login rather than integrated windows to connect to
SQLServer db. That means use speicfy the connect username/password in
connection string. If you don't want to contain the username/password as
clear text in connectionstring directly which will be embeded in assembly,
you can store then in registry instead. Here is a KB which discussing on
this:
#HOW TO: Use the ASP.NET Utility to Encrypt Credentials and Session State
Connection Strings
http://support.microsoft.com/?id=329290

2. Manually impersonate via code in Application_Start or build a Utility
class to perform such operations.
Below is a kb article and a former thread which dicussing on this means:
#INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?id=306158

#Subject: Re: How do I set the new thread principal?
http://groups.google.com/groups?hl=e...readm=e41KuAAG
EHA.2976%40TK2MSFTNGP10.phx.gbl&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3
DUTF-8%26oe%3DUTF-8%26q%3D%2522How%2Bdo%2BI%2Bset%2Bthe%2Bnew%2Bthre ad%2Bpri
ncipal%253F%2522

Hope helps. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #2

P: n/a
Hi,

From your description you have some db manipulation which need to be
finished in your web application's
Application_Start event. However you found in the Application_Start event,
the impersonate not work which make the connecting to dbserver failed, yes?

As for this problem, I think it is because in Application_Start event, the
whole Application is initializing and the Some ASP.NET buildin object such
as Request, Response ... haven't be constructed or initialized yet. And the
ASP.NET's impersonate mechanism depend on the User's credential passed from
IIS which is stored in the HttpContext.Current.User.Identity
However, this info seems invaliable in Application_Start Event. That's why
the such operations depend on impersonation will failed in
Application_Start.

As for your situation, you need to do db manipulation in Application_Start,
I think you may consider the following means:
1. Use SQLServer login rather than integrated windows to connect to
SQLServer db. That means use speicfy the connect username/password in
connection string. If you don't want to contain the username/password as
clear text in connectionstring directly which will be embeded in assembly,
you can store then in registry instead. Here is a KB which discussing on
this:
#HOW TO: Use the ASP.NET Utility to Encrypt Credentials and Session State
Connection Strings
http://support.microsoft.com/?id=329290

2. Manually impersonate via code in Application_Start or build a Utility
class to perform such operations.
Below is a kb article and a former thread which dicussing on this means:
#INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?id=306158

#Subject: Re: How do I set the new thread principal?
http://groups.google.com/groups?hl=e...readm=e41KuAAG
EHA.2976%40TK2MSFTNGP10.phx.gbl&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3
DUTF-8%26oe%3DUTF-8%26q%3D%2522How%2Bdo%2BI%2Bset%2Bthe%2Bnew%2Bthre ad%2Bpri
ncipal%253F%2522

Hope helps. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Nov 18 '05 #3

P: n/a
Hi,

Have you had a chance to check out the suggestions in my last reply or have
you got any further ideas on this issue? If you have anything unclear or if
there're anything else we can help, please feel free to post here. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.