473,396 Members | 1,929 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > forms authentication and active directory

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Forms Authentication and Active Directory

I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run
as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #1
7 1691
Here is how you will need to do it, scroll down to "Impersonate a Specific User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run
as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


Nov 18 '05 #2
That appears to be what I want to do.

I'm implementing the "Impersonate the Authenticating User in Code" and I
have one small problem.

The second line of code is (this is in C#)
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

What the heck is User.Identity? I can't find the type or namespace? Is
this simply the username that is logged in. Should I be using
HttpContext.Current.User.Identity.Name
--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:uC**************@tk2msftngp13.phx.gbl...
Here is how you will need to do it, scroll down to "Impersonate a Specific
User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was using IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run
as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #3
I think you are looking at the wrong example, you're looking at code for IIS authenticated users, not Forms Authenticated users. You'd essentially be impersonating the already impersonated user! That line of code you mentioned is equilavent to <identity impersonate="true"> in web.config, and yes User.Identity is HttpContext.Current.User.Identity.

But none of that really matters for Forms Authentication. For you, you need to scroll down to the little bit more messy code, "Impersonate a Specific User in Code". You'll have the username/password they used to log onto your website, so just plug it in and have at it.

--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message news:eZ**************@TK2MSFTNGP09.phx.gbl...
That appears to be what I want to do.

I'm implementing the "Impersonate the Authenticating User in Code" and I
have one small problem.

The second line of code is (this is in C#)
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

What the heck is User.Identity? I can't find the type or namespace? Is
this simply the username that is logged in. Should I be using
HttpContext.Current.User.Identity.Name


--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


"Raterus" <ra*****@spam.org> wrote in message
news:uC**************@tk2msftngp13.phx.gbl...
Here is how you will need to do it, scroll down to "Impersonate a Specific
User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was

using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run
as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


Nov 18 '05 #4
Well I can get there username with HttpContexct.Current.User.Identity.Name,
but how can I get their password? Remember I'm using forms based
authentication against my AD. If I can read their password somehow in plain
text then I'm home free. I had it in plain text back at the logon.aspx
page, but is there a safe way to send that over to another page or store it
somewhere that I can retrieve?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I think you are looking at the wrong example, you're looking at code for IIS
authenticated users, not Forms Authenticated users. You'd essentially be
impersonating the already impersonated user! That line of code you
mentioned is equilavent to <identity impersonate="true"> in web.config, and
yes User.Identity is HttpContext.Current.User.Identity.

But none of that really matters for Forms Authentication. For you, you need
to scroll down to the little bit more messy code, "Impersonate a Specific
User in Code". You'll have the username/password they used to log onto your
website, so just plug it in and have at it.

--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:eZ**************@TK2MSFTNGP09.phx.gbl...
That appears to be what I want to do.

I'm implementing the "Impersonate the Authenticating User in Code" and I
have one small problem.

The second line of code is (this is in C#)
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

What the heck is User.Identity? I can't find the type or namespace? Is
this simply the username that is logged in. Should I be using
HttpContext.Current.User.Identity.Name
--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:uC**************@tk2msftngp13.phx.gbl...
Here is how you will need to do it, scroll down to "Impersonate a Specific
User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was

using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


Nov 18 '05 #5
Oh also I tried to use the Authenticating User in Code section and where I
was having troubles compiling I simply but
HttpContexct.Current.User.Identity. It compiled fine but during runtime I'm
told that it's an invalid cast.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I think you are looking at the wrong example, you're looking at code for IIS
authenticated users, not Forms Authenticated users. You'd essentially be
impersonating the already impersonated user! That line of code you
mentioned is equilavent to <identity impersonate="true"> in web.config, and
yes User.Identity is HttpContext.Current.User.Identity.

But none of that really matters for Forms Authentication. For you, you need
to scroll down to the little bit more messy code, "Impersonate a Specific
User in Code". You'll have the username/password they used to log onto your
website, so just plug it in and have at it.

--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:eZ**************@TK2MSFTNGP09.phx.gbl...
That appears to be what I want to do.

I'm implementing the "Impersonate the Authenticating User in Code" and I
have one small problem.

The second line of code is (this is in C#)
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

What the heck is User.Identity? I can't find the type or namespace? Is
this simply the username that is logged in. Should I be using
HttpContext.Current.User.Identity.Name
--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:uC**************@tk2msftngp13.phx.gbl...
Here is how you will need to do it, scroll down to "Impersonate a Specific
User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was

using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


Nov 18 '05 #6
Save their password in the session right after they log in, it's safe there.

"- Steve -" <se****@foundation.sdsu.edu> wrote in message news:Ol****************@tk2msftngp13.phx.gbl...
Well I can get there username with HttpContexct.Current.User.Identity.Name,
but how can I get their password? Remember I'm using forms based
authentication against my AD. If I can read their password somehow in plain
text then I'm home free. I had it in plain text back at the logon.aspx
page, but is there a safe way to send that over to another page or store it
somewhere that I can retrieve?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708


"Raterus" <ra*****@spam.org> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I think you are looking at the wrong example, you're looking at code for IIS
authenticated users, not Forms Authenticated users. You'd essentially be
impersonating the already impersonated user! That line of code you
mentioned is equilavent to <identity impersonate="true"> in web.config, and
yes User.Identity is HttpContext.Current.User.Identity.

But none of that really matters for Forms Authentication. For you, you need
to scroll down to the little bit more messy code, "Impersonate a Specific
User in Code". You'll have the username/password they used to log onto your
website, so just plug it in and have at it.

--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:eZ**************@TK2MSFTNGP09.phx.gbl...
That appears to be what I want to do.

I'm implementing the "Impersonate the Authenticating User in Code" and I
have one small problem.

The second line of code is (this is in C#)
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

What the heck is User.Identity? I can't find the type or namespace? Is
this simply the username that is logged in. Should I be using
HttpContext.Current.User.Identity.Name
--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:uC**************@tk2msftngp13.phx.gbl...
Here is how you will need to do it, scroll down to "Impersonate a Specific
User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for
authentication.

I have a web page that creates a user in active directory. When I was

using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to run as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708



Nov 18 '05 #7
Now you've got me confused.

Over at the logon.aspx.cs I can access tbPassword.Text and get the plaint
text password.

Now I can store that in viewstate in logon.aspx.cs but then how would I
access it over at my createAccount.aspx.cs file?

Thanks for all the help by the way.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:OE**************@tk2msftngp13.phx.gbl...
Save their password in the session right after they log in, it's safe there.

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:Ol****************@tk2msftngp13.phx.gbl...
Well I can get there username with HttpContexct.Current.User.Identity.Name, but how can I get their password? Remember I'm using forms based
authentication against my AD. If I can read their password somehow in plain text then I'm home free. I had it in plain text back at the logon.aspx
page, but is there a safe way to send that over to another page or store it somewhere that I can retrieve?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
I think you are looking at the wrong example, you're looking at code for IIS authenticated users, not Forms Authenticated users. You'd essentially be
impersonating the already impersonated user! That line of code you
mentioned is equilavent to <identity impersonate="true"> in web.config, and yes User.Identity is HttpContext.Current.User.Identity.

But none of that really matters for Forms Authentication. For you, you need to scroll down to the little bit more messy code, "Impersonate a Specific
User in Code". You'll have the username/password they used to log onto your website, so just plug it in and have at it.

--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:eZ**************@TK2MSFTNGP09.phx.gbl...
That appears to be what I want to do.

I'm implementing the "Impersonate the Authenticating User in Code" and I
have one small problem.

The second line of code is (this is in C#)
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

What the heck is User.Identity? I can't find the type or namespace? Is
this simply the username that is logged in. Should I be using
HttpContext.Current.User.Identity.Name
--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <ra*****@spam.org> wrote in message
news:uC**************@tk2msftngp13.phx.gbl...
Here is how you will need to do it, scroll down to "Impersonate a Specific User in Code"

http://support.microsoft.com/default...b;en-us;306158
--Michael

"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:OB**************@TK2MSFTNGP09.phx.gbl...
I have forms based authentication working, using my Active Directory for authentication.

I have a web page that creates a user in active directory. When I was

using
IIS authentication it worked fine, now it doesn't. I'm assuming it's
running in the context of the IIS anonymous user. How can I get it to

run as the user that logged in with the forms based authentication?

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708



Nov 18 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
.NET Framework
3
Combine Forms Authentication with Windows
by: Nick | last post by:
I am working a new application...well actually a series of applications for my company. They want internal users to be able to go to a site and everything regarding security is transparent,...
.NET Framework
1
Impersonation failure with Index Server and Forms Authentication with Active Directory
by: techfuzz | last post by:
I'm posting my problem experience and solution I found here for other ASP.NET developers. I have a web application that uses Forms Authentication with Active Directory to control access. In...
ASP.NET
4
Forms Authentication +Active Directory +Roles
by: Marty Underwood | last post by:
Okay the subject line explains a scenario I just had to tackle but I am looking for a better way. The current way: 1) Use forms authentication. 2) Query Active Directory and bind to a user...
ASP.NET
6
Forms Authentication with AD
by: dhnriverside | last post by:
Hi there I'm using Windows Authentication to automatically recognise users in my web app. However, I want directory to be password protected, so if they try to visit the page in there, they MUST...
ASP.NET
4
ASP.NET 1.1 Application Pool Identity and user authentication problem with AD (Active Directory)
by: pjdouillard | last post by:
Hello all, Here is the context of my problem: We have an ASP.NET 1.1 application that has its own application pool setup and that runs under the identity of a NT Domain service account (this...
ASP.NET
0
Windows Authentication through Active Directory
by: Hriday | last post by:
Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to...
Visual Basic .NET
18
Sun Java System Directory Server Authentication
by: troywalker | last post by:
I am new to LDAP and Directory Services, and I have a project that requires me to authenticate users against a Sun Java System Directory Server in order to access the application. I have found...
C# / C Sharp
2
Forms Authentication with AD storage for credentials.
by: Max2006 | last post by:
Hi, We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application; however we have to use Active Directory for user name and password storage. Is that possible? Is there any sample...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!