By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,740 Members | 844 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,740 IT Pros & Developers. It's quick & easy.

Impersonation issue

P: n/a
We have an Authentication COM component written using SSPI functions . The
component provides methods to Impersonate and Revert back to original
security context. When use this component in an ASP page to Authenticate and
then Impersonate the authenticated user, the identity is correctly set to
the impersonated user. Then we are able to successfully read the
impersonated identity from another COM component running in the ASP page.
The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
option and then retrieves the SID of the impersonated user account.
Now here's our problem. When try to do the same in an ASP.NET application
using Interop's it doesn't work. One interop is for the Authentication
component and another is for the component which reads the current identity.
The second Interop fails to read the impersonated identity and it returns
always the ASPNET user. OpenThreadToken() fails and returns Error Code :
1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
token that does not exist.

As you know we are not dependant on ASP.NET built-in impersonation and the
Web.Config settings doesn't matter here.

Any ideas will be of great help.
--

Regards,
Sajan.

PS: Please don't send me direct emails, use the newsroom.
Nov 18 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Hi Sajan:

If the components you are using run in an STA, you'll need to add
AspCompat="true" to your @Page directive. To check the threading model
look in HKCR\CLSID\yourclsid\InprocServer32\ThreadingModel .

The asp.net pages run in an MTA by default, meaning any STA component
will be executing on a different thread that is not impersonating.

HTH,

--
Scott
http://www.OdeToCode.com

On Thu, 13 May 2004 15:33:42 -0500, "Kallely Sajan [MVP]"
<sa*****@hotmail.com> wrote:
We have an Authentication COM component written using SSPI functions . The
component provides methods to Impersonate and Revert back to original
security context. When use this component in an ASP page to Authenticate and
then Impersonate the authenticated user, the identity is correctly set to
the impersonated user. Then we are able to successfully read the
impersonated identity from another COM component running in the ASP page.
The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
option and then retrieves the SID of the impersonated user account.
Now here's our problem. When try to do the same in an ASP.NET application
using Interop's it doesn't work. One interop is for the Authentication
component and another is for the component which reads the current identity.
The second Interop fails to read the impersonated identity and it returns
always the ASPNET user. OpenThreadToken() fails and returns Error Code :
1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
token that does not exist.

As you know we are not dependant on ASP.NET built-in impersonation and the
Web.Config settings doesn't matter here.

Any ideas will be of great help.


Nov 18 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.