By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,795 Members | 1,235 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,795 IT Pros & Developers. It's quick & easy.

Error casting User.Identity to WindowsIdentity

P: n/a
Hi,

I have a class which basically do Impersonation in my web application. From
MS KB sample:-

++++++++++++++++++++code starts
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

'Insert your code that runs under the security context of the authenticating
user here.

impersonationContext.Undo()
+++++++++++++++++++++code ends

since I need to implement this code in class.vb, I have to change the line:-

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

to:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

But that produces error 'Specified cast is not valid.'. Is there anything
that I miss here? Please help!

Thank you
----------------------------------------------------------------------------
---- -----------------------------------------------------------------------
---------
Nov 18 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
I am not sure what you're trying to do with impersonation so it's hard to
tell you exactly how to do it but the User object in your web app is
equivelent to a System.Security.Principal.IPrincipal object and not a
WindowsPrincipal object.

Likewise, the User.Identity is an IIdentity and not a WindowsIdenity object.

Can you post more about what you're trying to do?

Dale
"Razak" <ra***@mmsc.com.my> wrote in message
news:#O**************@TK2MSFTNGP10.phx.gbl...
Hi,

I have a class which basically do Impersonation in my web application. From MS KB sample:-

++++++++++++++++++++code starts
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

'Insert your code that runs under the security context of the authenticating user here.

impersonationContext.Undo()
+++++++++++++++++++++code ends

since I need to implement this code in class.vb, I have to change the line:-
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

to:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

But that produces error 'Specified cast is not valid.'. Is there anything
that I miss here? Please help!

Thank you
-------------------------------------------------------------------------- -- ---- --------------------------------------------------------------------- -- ---------

Nov 18 '05 #2

P: n/a
Sorry for late reply.. I took a day off yesterday.

I'm new to .NET and want to learn by creating my personal website using
ASP.NET and VB.NET. In my application, I have photo galleries where I can
upload photos of certain events (galleries) into a folder in the images
folder. Every events have their own folder to keep the photos. I have no
problem creating folders. But when it comes to deleting them, i got 'Access
denied' which probably because of security issues. I don't want to change
anything on the server side, and resort to using impersonation.

From the samples given by MS KB at
http://support.microsoft.com/default...b;EN-US;306158, i have no
problem impersonating as the administrator account (I maintain the server in
the office), that is, the fourth example on the link titled 'Impersonate a
Specific User in Code'. I came across the third example titled 'Impersonate
the Authenticating User in Code', (the code is given in my original post)
and would like to try that method. That's when the error occurs.

Hope that you understand what I'm trying to say here. It's just the purpose
of learning. I believe it should work somehow.

Thanks.

----------------------------------------------------------------------------
---- -----------------------------------------------------------------------
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:eB**************@TK2MSFTNGP10.phx.gbl...
I am not sure what you're trying to do with impersonation so it's hard to
tell you exactly how to do it but the User object in your web app is
equivelent to a System.Security.Principal.IPrincipal object and not a
WindowsPrincipal object.

Likewise, the User.Identity is an IIdentity and not a WindowsIdenity object.
Can you post more about what you're trying to do?

Dale
"Razak" <ra***@mmsc.com.my> wrote in message
news:#O**************@TK2MSFTNGP10.phx.gbl...
Hi,

I have a class which basically do Impersonation in my web application.

From
MS KB sample:-

++++++++++++++++++++code starts
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

'Insert your code that runs under the security context of the

authenticating
user here.

impersonationContext.Undo()
+++++++++++++++++++++code ends

since I need to implement this code in class.vb, I have to change the

line:-

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

to:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

But that produces error 'Specified cast is not valid.'. Is there anything that I miss here? Please help!

Thank you


--------------------------------------------------------------------------
--

---- ---------------------------------------------------------------------
--
---------


Nov 18 '05 #3

P: n/a
Remember that by impersonating a specific user, you have to include username
and password your code. This is not a good idea except in very controlled
environments.

Set Anonymous Access off on the virtual folder in IIS, click Basic
Authentication off, and click Windows Integrated Authentication on.

And, of course, make sure your ACLs are set properly on the files and
folders for the users you want to have access.

Next, in the <system.web> section of your web.config for your web app,
include the following:

<identity impersonate="true" />

Now, your file access will be determined by the windows user from your
domain who is logged in.

You can also customize the access in code by using the
User.Identity.IsInRole("SomeSecurityUserOrGroupNam e") method - accepting or
rejecting the request based on the results.

Hope this helps,

Dale Preston
MCAD, MCSE, MCDBA
"Razak" <ra***@mmsc.com.my> wrote in message
news:#L*************@TK2MSFTNGP11.phx.gbl...
Sorry for late reply.. I took a day off yesterday.

I'm new to .NET and want to learn by creating my personal website using
ASP.NET and VB.NET. In my application, I have photo galleries where I can
upload photos of certain events (galleries) into a folder in the images
folder. Every events have their own folder to keep the photos. I have no
problem creating folders. But when it comes to deleting them, i got 'Access denied' which probably because of security issues. I don't want to change
anything on the server side, and resort to using impersonation.

From the samples given by MS KB at
http://support.microsoft.com/default...b;EN-US;306158, i have no
problem impersonating as the administrator account (I maintain the server in the office), that is, the fourth example on the link titled 'Impersonate a
Specific User in Code'. I came across the third example titled 'Impersonate the Authenticating User in Code', (the code is given in my original post)
and would like to try that method. That's when the error occurs.

Hope that you understand what I'm trying to say here. It's just the purpose of learning. I believe it should work somehow.

Thanks.

-------------------------------------------------------------------------- -- ---- --------------------------------------------------------------------- -- ---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:eB**************@TK2MSFTNGP10.phx.gbl...
I am not sure what you're trying to do with impersonation so it's hard to
tell you exactly how to do it but the User object in your web app is
equivelent to a System.Security.Principal.IPrincipal object and not a
WindowsPrincipal object.

Likewise, the User.Identity is an IIdentity and not a WindowsIdenity

object.

Can you post more about what you're trying to do?

Dale
"Razak" <ra***@mmsc.com.my> wrote in message
news:#O**************@TK2MSFTNGP10.phx.gbl...
Hi,

I have a class which basically do Impersonation in my web application.

From
MS KB sample:-

++++++++++++++++++++code starts
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

'Insert your code that runs under the security context of the

authenticating
user here.

impersonationContext.Undo()
+++++++++++++++++++++code ends

since I need to implement this code in class.vb, I have to change the

line:-

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

to:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

But that produces error 'Specified cast is not valid.'. Is there

anything that I miss here? Please help!

Thank you


--------------------------------------------------------------------------
--


---- ---------------------------------------------------------------------
--
---------



Nov 18 '05 #4

P: n/a
Thanks for the tip. I'll try it tomorrow and see how it goes.

----------------------------------------------------------------------------
---- -----------------------------------------------------------------------
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
Remember that by impersonating a specific user, you have to include username and password your code. This is not a good idea except in very controlled
environments.

Set Anonymous Access off on the virtual folder in IIS, click Basic
Authentication off, and click Windows Integrated Authentication on.

And, of course, make sure your ACLs are set properly on the files and
folders for the users you want to have access.

Next, in the <system.web> section of your web.config for your web app,
include the following:

<identity impersonate="true" />

Now, your file access will be determined by the windows user from your
domain who is logged in.

You can also customize the access in code by using the
User.Identity.IsInRole("SomeSecurityUserOrGroupNam e") method - accepting or rejecting the request based on the results.

Hope this helps,

Dale Preston
MCAD, MCSE, MCDBA
"Razak" <ra***@mmsc.com.my> wrote in message
news:#L*************@TK2MSFTNGP11.phx.gbl...
Sorry for late reply.. I took a day off yesterday.

I'm new to .NET and want to learn by creating my personal website using
ASP.NET and VB.NET. In my application, I have photo galleries where I can
upload photos of certain events (galleries) into a folder in the images
folder. Every events have their own folder to keep the photos. I have no
problem creating folders. But when it comes to deleting them, i got 'Access
denied' which probably because of security issues. I don't want to change anything on the server side, and resort to using impersonation.

From the samples given by MS KB at
http://support.microsoft.com/default...b;EN-US;306158, i have no problem impersonating as the administrator account (I maintain the server in
the office), that is, the fourth example on the link titled 'Impersonate

a Specific User in Code'. I came across the third example titled

'Impersonate
the Authenticating User in Code', (the code is given in my original post) and would like to try that method. That's when the error occurs.

Hope that you understand what I'm trying to say here. It's just the

purpose
of learning. I believe it should work somehow.

Thanks.


--------------------------------------------------------------------------
--

---- ---------------------------------------------------------------------
--
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:eB**************@TK2MSFTNGP10.phx.gbl...
I am not sure what you're trying to do with impersonation so it's hard

to tell you exactly how to do it but the User object in your web app is
equivelent to a System.Security.Principal.IPrincipal object and not a
WindowsPrincipal object.

Likewise, the User.Identity is an IIdentity and not a WindowsIdenity

object.

Can you post more about what you're trying to do?

Dale
"Razak" <ra***@mmsc.com.my> wrote in message
news:#O**************@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> I have a class which basically do Impersonation in my web application. From
> MS KB sample:-
>
> ++++++++++++++++++++code starts
> Dim impersonationContext As
> System.Security.Principal.WindowsImpersonationCont ext
> Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity >
> currentWindowsIdentity = CType(User.Identity,
> System.Security.Principal.WindowsIdentity)
> impersonationContext = currentWindowsIdentity.Impersonate()
>
> 'Insert your code that runs under the security context of the
authenticating
> user here.
>
> impersonationContext.Undo()
> +++++++++++++++++++++code ends
>
> since I need to implement this code in class.vb, I have to change the line:-
>
> currentWindowsIdentity = CType(User.Identity,
> System.Security.Principal.WindowsIdentity)
>
> to:-
>
> currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
> System.Security.Principal.WindowsIdentity)
>
> But that produces error 'Specified cast is not valid.'. Is there

anything
> that I miss here? Please help!
>
> Thank you


--------------------------------------------------------------------------
--


---- ---------------------------------------------------------------------
--
> ---------
>
>



Nov 18 '05 #5

P: n/a
Duh, I don't know what I was thinking.

IsInRole is actually a method of the User object - well, actually the
IPrincipal object upon which the User is based.

Dale

"Razak" <ra***@mmsc.com.my> wrote in message
news:Ow**************@TK2MSFTNGP10.phx.gbl...
Thanks for the tip. I'll try it tomorrow and see how it goes.

-------------------------------------------------------------------------- -- ---- --------------------------------------------------------------------- -- ---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
Remember that by impersonating a specific user, you have to include username
and password your code. This is not a good idea except in very controlled
environments.

Set Anonymous Access off on the virtual folder in IIS, click Basic
Authentication off, and click Windows Integrated Authentication on.

And, of course, make sure your ACLs are set properly on the files and
folders for the users you want to have access.

Next, in the <system.web> section of your web.config for your web app,
include the following:

<identity impersonate="true" />

Now, your file access will be determined by the windows user from your
domain who is logged in.

You can also customize the access in code by using the
User.Identity.IsInRole("SomeSecurityUserOrGroupNam e") method - accepting

or
rejecting the request based on the results.

Hope this helps,

Dale Preston
MCAD, MCSE, MCDBA
"Razak" <ra***@mmsc.com.my> wrote in message
news:#L*************@TK2MSFTNGP11.phx.gbl...
Sorry for late reply.. I took a day off yesterday.

I'm new to .NET and want to learn by creating my personal website using ASP.NET and VB.NET. In my application, I have photo galleries where I can upload photos of certain events (galleries) into a folder in the images folder. Every events have their own folder to keep the photos. I have no problem creating folders. But when it comes to deleting them, i got

'Access
denied' which probably because of security issues. I don't want to change anything on the server side, and resort to using impersonation.

From the samples given by MS KB at
http://support.microsoft.com/default...b;EN-US;306158, i have no problem impersonating as the administrator account (I maintain the server
in
the office), that is, the fourth example on the link titled 'Impersonate a Specific User in Code'. I came across the third example titled

'Impersonate
the Authenticating User in Code', (the code is given in my original post) and would like to try that method. That's when the error occurs.

Hope that you understand what I'm trying to say here. It's just the

purpose
of learning. I believe it should work somehow.

Thanks.


--------------------------------------------------------------------------
--


---- ---------------------------------------------------------------------
--
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:eB**************@TK2MSFTNGP10.phx.gbl...
> I am not sure what you're trying to do with impersonation so it's
hard to
> tell you exactly how to do it but the User object in your web app is
> equivelent to a System.Security.Principal.IPrincipal object and not

a > WindowsPrincipal object.
>
> Likewise, the User.Identity is an IIdentity and not a WindowsIdenity
object.
>
> Can you post more about what you're trying to do?
>
> Dale
>
>
> "Razak" <ra***@mmsc.com.my> wrote in message
> news:#O**************@TK2MSFTNGP10.phx.gbl...
> > Hi,
> >
> > I have a class which basically do Impersonation in my web

application. > From
> > MS KB sample:-
> >
> > ++++++++++++++++++++code starts
> > Dim impersonationContext As
> > System.Security.Principal.WindowsImpersonationCont ext
> > Dim currentWindowsIdentity As

System.Security.Principal.WindowsIdentity
> >
> > currentWindowsIdentity = CType(User.Identity,
> > System.Security.Principal.WindowsIdentity)
> > impersonationContext = currentWindowsIdentity.Impersonate()
> >
> > 'Insert your code that runs under the security context of the
> authenticating
> > user here.
> >
> > impersonationContext.Undo()
> > +++++++++++++++++++++code ends
> >
> > since I need to implement this code in class.vb, I have to change the > line:-
> >
> > currentWindowsIdentity = CType(User.Identity,
> > System.Security.Principal.WindowsIdentity)
> >
> > to:-
> >
> > currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
> > System.Security.Principal.WindowsIdentity)
> >
> > But that produces error 'Specified cast is not valid.'. Is there
anything
> > that I miss here? Please help!
> >
> > Thank you
>


--------------------------------------------------------------------------
> --
>


---- ---------------------------------------------------------------------
> --
> > ---------
> >
> >
>
>



Nov 18 '05 #6

P: n/a
Dale,

Maybe we are a bit off from the main question of my post which was why the
statement:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

in code-behind produces error while

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

in aspx page does not.

----------------------------------------------------------------------------
---- -----------------------------------------------------------------------
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:er**************@TK2MSFTNGP11.phx.gbl...
Duh, I don't know what I was thinking.

IsInRole is actually a method of the User object - well, actually the
IPrincipal object upon which the User is based.

Dale

"Razak" <ra***@mmsc.com.my> wrote in message
news:Ow**************@TK2MSFTNGP10.phx.gbl...
Thanks for the tip. I'll try it tomorrow and see how it goes.

--------------------------------------------------------------------------
--

---- ---------------------------------------------------------------------
--
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
Remember that by impersonating a specific user, you have to include

username
and password your code. This is not a good idea except in very controlled environments.

Set Anonymous Access off on the virtual folder in IIS, click Basic
Authentication off, and click Windows Integrated Authentication on.

And, of course, make sure your ACLs are set properly on the files and
folders for the users you want to have access.

Next, in the <system.web> section of your web.config for your web app,
include the following:

<identity impersonate="true" />

Now, your file access will be determined by the windows user from your
domain who is logged in.

You can also customize the access in code by using the
User.Identity.IsInRole("SomeSecurityUserOrGroupNam e") method - accepting
or
rejecting the request based on the results.

Hope this helps,

Dale Preston
MCAD, MCSE, MCDBA
"Razak" <ra***@mmsc.com.my> wrote in message
news:#L*************@TK2MSFTNGP11.phx.gbl...
> Sorry for late reply.. I took a day off yesterday.
>
> I'm new to .NET and want to learn by creating my personal website using > ASP.NET and VB.NET. In my application, I have photo galleries where
I
can
> upload photos of certain events (galleries) into a folder in the images > folder. Every events have their own folder to keep the photos. I
have no > problem creating folders. But when it comes to deleting them, i got
'Access
> denied' which probably because of security issues. I don't want to change
> anything on the server side, and resort to using impersonation.
>
> From the samples given by MS KB at
> http://support.microsoft.com/default...b;EN-US;306158, i
have no
> problem impersonating as the administrator account (I maintain the

server
in
> the office), that is, the fourth example on the link titled 'Impersonate
a
> Specific User in Code'. I came across the third example titled
'Impersonate
> the Authenticating User in Code', (the code is given in my original

post)
> and would like to try that method. That's when the error occurs.
>
> Hope that you understand what I'm trying to say here. It's just the
purpose
> of learning. I believe it should work somehow.
>
> Thanks.
>


-------------------------------------------------------------------------- --


---- ---------------------------------------------------------------------
--
> ---------
> "Dale" <da************@msndotcomNot.Net> wrote in message
> news:eB**************@TK2MSFTNGP10.phx.gbl...
> > I am not sure what you're trying to do with impersonation so it's hard to
> > tell you exactly how to do it but the User object in your web app
is > > equivelent to a System.Security.Principal.IPrincipal object and not a > > WindowsPrincipal object.
> >
> > Likewise, the User.Identity is an IIdentity and not a
WindowsIdenity > object.
> >
> > Can you post more about what you're trying to do?
> >
> > Dale
> >
> >
> > "Razak" <ra***@mmsc.com.my> wrote in message
> > news:#O**************@TK2MSFTNGP10.phx.gbl...
> > > Hi,
> > >
> > > I have a class which basically do Impersonation in my web

application.
> > From
> > > MS KB sample:-
> > >
> > > ++++++++++++++++++++code starts
> > > Dim impersonationContext As
> > > System.Security.Principal.WindowsImpersonationCont ext
> > > Dim currentWindowsIdentity As
System.Security.Principal.WindowsIdentity
> > >
> > > currentWindowsIdentity = CType(User.Identity,
> > > System.Security.Principal.WindowsIdentity)
> > > impersonationContext = currentWindowsIdentity.Impersonate()
> > >
> > > 'Insert your code that runs under the security context of the
> > authenticating
> > > user here.
> > >
> > > impersonationContext.Undo()
> > > +++++++++++++++++++++code ends
> > >
> > > since I need to implement this code in class.vb, I have to change the
> > line:-
> > >
> > > currentWindowsIdentity = CType(User.Identity,
> > > System.Security.Principal.WindowsIdentity)
> > >
> > > to:-
> > >
> > > currentWindowsIdentity =

CType(HttpContext.Current.User.Identity, > > > System.Security.Principal.WindowsIdentity)
> > >
> > > But that produces error 'Specified cast is not valid.'. Is there
> anything
> > > that I miss here? Please help!
> > >
> > > Thank you
> >
>


-------------------------------------------------------------------------- > > --
> >
>


---- ---------------------------------------------------------------------
> > --
> > > ---------
> > >
> > >
> >
> >
>
>



Nov 18 '05 #7

P: n/a
Could it be related to where you are placing this in both the .aspx and
code behind? As more of an apples to apples comparison, did you code
this within a Page_Load() event handler first in your aspx page, then in
your code behind? Or, did you place them in different methods
altogether? If so, first start by ensuring that you have that apples to
apples comparison.

Otherwise, it is likely that the current user property is not yet set by
the .NET presentation framework depending on where you are trying to
access it from within your code behind. That would be my first guess.
The MSDN may have some tips on when this property is set. You may want
to look up HttpApplication and see if your code behind logic is getting
accessed after the appropriate HttpApplication AuthenticateRequest event
has been fired (or AuthorizeRequest)...

Also, ensure that you have System.Web in your using list in your code
behind. Hopefully that helps

Shan Plourde

Razak wrote:
Dale,

Maybe we are a bit off from the main question of my post which was why the
statement:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

in code-behind produces error while

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

in aspx page does not.

----------------------------------------------------------------------------
---- -----------------------------------------------------------------------
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:er**************@TK2MSFTNGP11.phx.gbl...

Duh, I don't know what I was thinking.

IsInRole is actually a method of the User object - well, actually the
IPrincipal object upon which the User is based.

Dale

"Razak" <ra***@mmsc.com.my> wrote in message
news:Ow**************@TK2MSFTNGP10.phx.gbl...

Thanks for the tip. I'll try it tomorrow and see how it goes.

--------------------------------------------------------------------------
--

---- ---------------------------------------------------------------------
--

---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
Remember that by impersonating a specific user, you have to include
username
and password your code. This is not a good idea except in very

controlled

environments.

Set Anonymous Access off on the virtual folder in IIS, click Basic
Authentication off, and click Windows Integrated Authentication on.

And, of course, make sure your ACLs are set properly on the files and
folders for the users you want to have access.

Next, in the <system.web> section of your web.config for your web app,
include the following:

<identity impersonate="true" />

Now, your file access will be determined by the windows user from your
domain who is logged in.

You can also customize the access in code by using the
User.Identity.IsInRole("SomeSecurityUserOrGrou pName") method -

accepting

or
rejecting the request based on the results.

Hope this helps,

Dale Preston
MCAD, MCSE, MCDBA
"Razak" <ra***@mmsc.com.my> wrote in message
news:#L*************@TK2MSFTNGP11.phx.gbl...
>Sorry for late reply.. I took a day off yesterday.
>
>I'm new to .NET and want to learn by creating my personal website
>
>

using

>ASP.NET and VB.NET. In my application, I have photo galleries where
>
>I

can
>upload photos of certain events (galleries) into a folder in the
>
>

images

>folder. Every events have their own folder to keep the photos. I
>
>have

no

>problem creating folders. But when it comes to deleting them, i got
>
>
'Access
>denied' which probably because of security issues. I don't want to
>
>
change
>anything on the server side, and resort to using impersonation.
>
>From the samples given by MS KB at
>http://support.microsoft.com/default...b;EN-US;306158, i
>
>

have

no
>problem impersonating as the administrator account (I maintain the
>
>
server
in
>the office), that is, the fourth example on the link titled
>
>

'Impersonate

a
>Specific User in Code'. I came across the third example titled
>
>
'Impersonate
>the Authenticating User in Code', (the code is given in my original
>
>
post)
>and would like to try that method. That's when the error occurs.
>
>Hope that you understand what I'm trying to say here. It's just the
>
>
purpose
>of learning. I believe it should work somehow.
>
>Thanks.
>
>
>

--------------------------------------------------------------------------

--

---- ---------------------------------------------------------------------

--
>---------
>"Dale" <da************@msndotcomNot.Net> wrote in message
>news:eB**************@TK2MSFTNGP10.phx.gbl. ..
>
>
>>I am not sure what you're trying to do with impersonation so it's
>>
>>

hard

to
>>tell you exactly how to do it but the User object in your web app
>>
>>is

equivelent to a System.Security.Principal.IPrincipal object and
>>
>>not

a

>>WindowsPrincipal object.
>>
>>Likewise, the User.Identity is an IIdentity and not a
>>
>>

WindowsIdenity

object.
>
>
>>Can you post more about what you're trying to do?
>>
>>Dale
>>
>>
>>"Razak" <ra***@mmsc.com.my> wrote in message
>>news:#O**************@TK2MSFTNGP10.phx.gbl.. .
>>
>>
>>>Hi,
>>>
>>>I have a class which basically do Impersonation in my web
>>>
>>>
application.
>>From
>>
>>
>>>MS KB sample:-
>>>
>>>++++++++++++++++++++code starts
>>>Dim impersonationContext As
>>>System.Security.Principal.WindowsImpersonat ionContext
>>>Dim currentWindowsIdentity As
>>>
>>>
System.Security.Principal.WindowsIdentity
>>>currentWindowsIdentity = CType(User.Identity,
>>>System.Security.Principal.WindowsIdentity )
>>>impersonationContext = currentWindowsIdentity.Impersonate()
>>>
>>>'Insert your code that runs under the security context of the
>>>
>>>
>>authenticating
>>
>>
>>>user here.
>>>
>>>impersonationContext.Undo()
>>>+++++++++++++++++++++code ends
>>>
>>>since I need to implement this code in class.vb, I have to
>>>
>>>change

the
>>line:-
>>
>>
>>>currentWindowsIdentity = CType(User.Identity,
>>>System.Security.Principal.WindowsIdentity )
>>>
>>>to:-
>>>
>>>currentWindowsIdentity =
>>>
>>>CType(HttpContext.Current.User.Identity,

>System.Security.Principal.WindowsIdentity )
>>>
>>>But that produces error 'Specified cast is not valid.'. Is there
>>>
>>>
>anything
>
>
>>>that I miss here? Please help!
>>>
>>>Thank you
>>>
>>>

--------------------------------------------------------------------------

>>--
>>
>>
>>

---- ---------------------------------------------------------------------

>>--
>>
>>
>>>---------
>>>
>>>
>>>
>>>
>>
>>
>
>




Nov 18 '05 #8

P: n/a
Sorry for the lack of information. What I did in my code is like from an
aspx page Save button clck event, I called a shared method AddNew of a
class, declared in PhotoGalleryUtility.vb. In that method, I did the saving
of gallery data into an SQL db. Then I call a private method in the same
class called CreateDir. There is where I put the code to create a folder for
the newly added gallery data. The folder is created inside
webroot/images/galleries/{0} where {0} is the galleryID in the database. I
do not need to do anything in terms of security here. The folder will be
created at the specified location on the server just fine.

Ok, that's the first part. My app also allows gallery deletion, which,
deletes gallery entry in the database, and also the corresponding folder in
the said location.

From the aspx page listing all available galleries, and every each of them
have their 'X' image button to initiate deletion process. Clicking this
image, will trigger the javascript 'yes/no' confirmation alert box, then
calls the datagrid_ItemCommand event. From there, i call Delete method in
the same class as above. (PhotoGalleryUtility.vb). In that method, I delete
the entry from the db, proceed to deleting the corresponding folder in the
location. The delete code is actually in different private method in the
class (DeleteDir), so here is the method:-

' ************************************************** *******************
' DeleteDir Methods (private)
' ************************************************** *******************
'
' Create directory in images folder.
'
' ************************************************** *******************
Private Shared Sub DeleteDir(ByVal gallery_id As Integer)
' Specify the directory you want to manipulate.
Dim path As String =
HttpContext.Current.Server.MapPath(String.Format(" ../{0}/{1}",
ABGGlobals.GalleriesPath, gallery_id))

' Determine whether the directory exists.
If Directory.Exists(path) Then
Dim imp As New ImpersonateUser
If imp.LogSelf() Then
' Delete the directory.
Directory.Delete(path, True)
imp.LogOff()
Else
Throw New Exception("Impersonation failed!")
End If
Else
Throw New Exception("Directory does not exist!")
End If
End Sub
'************************************************* ********************
OK, here's my ImpersonateUser class, defined in ImpersonateUser.vb:-

'************************************************* ********************
Imports System.Security.Principal
Imports System.Runtime.InteropServices

Public Class ImpersonateUser
Private _impersonationContext As WindowsImpersonationContext
Private Declare Function LogonUserA Lib "advapi32.dll" (ByVal
lpszUsername As String, _ ......................
Private Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
......................
Private Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Private Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal
handle As IntPtr) As Long

' ************************************************** *******************
' LogSelf Methods
' ************************************************** *******************
'
' Log current user.
'
' ************************************************** *******************
Public Function LogSelf() As Boolean
Dim currentWindowsIdentity As WindowsIdentity

HttpContext.Current.Session("name") = ""
HttpContext.Current.Session("test") = ""
currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
WindowsIdentity) <============== The problematic line!
HttpContext.Current.Session("name") = currentWindowsIdentity.Name()
HttpContext.Current.Session("test") = "Session OK"
If currentWindowsIdentity.IsAuthenticated Then
_impersonationContext = currentWindowsIdentity.Impersonate()
Return True
Else
Return False
End If
End Function

' ************************************************** *******************
' LogOff Methods
' ************************************************** *******************
'
' Revert impersonation.
'
' ************************************************** *******************
Public Sub LogOff()
_impersonationContext.Undo()
End Sub
End Class
'************************************************* ********************

I have tried passing the identity object from code behind of the aspx page
to the impersonateuser class so that i can skip the 'currentWindowsIdentity
= CType(HttpContext.Current.User.Identity, WindowsIdentity)' line all
together in the class. But in code behind file, the casting in line X :

'************************************************* ********************
Private Sub dgrdGalleries_ItemCommand(ByVal source As Object, ByVal e As
System.Web.UI.WebControls.DataGridCommandEventArgs ) Handles
dgrdGalleries.ItemCommand
Dim galleryID As Integer =
Fix(dgrdGalleries.DataKeys(e.Item.ItemIndex))
Select Case e.CommandName
Case "Delete"
lblError.Text = PhotoGalleryUtility.Delete(galleryID,
CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)) <=== X!!
Case "Up"
PhotoGalleryUtility.MoveUp(galleryID)
Case "Down"
PhotoGalleryUtility.MoveDown(galleryID)
End Select
End Sub
'************************************************* ********************

keep producing the error:-

Server Error in '/' Application.
Specified cast is not valid.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.InvalidCastException: Specified cast is not valid.

This a lengthy post, and I'm tired of this casting error and thinking of
giving up this impersonation method... prefer the impersonate as specified
user/pwd/domain method anyway...
----------------------------------------------------------------------------
---- -----------------------------------------------------------------------
---------
"Shan Plourde" <------@---.net> wrote in message
news:%s*********************@twister01.bloor.is.ne t.cable.rogers.com...
Could it be related to where you are placing this in both the .aspx and
code behind? As more of an apples to apples comparison, did you code
this within a Page_Load() event handler first in your aspx page, then in
your code behind? Or, did you place them in different methods
altogether? If so, first start by ensuring that you have that apples to
apples comparison.

Otherwise, it is likely that the current user property is not yet set by
the .NET presentation framework depending on where you are trying to
access it from within your code behind. That would be my first guess.
The MSDN may have some tips on when this property is set. You may want
to look up HttpApplication and see if your code behind logic is getting
accessed after the appropriate HttpApplication AuthenticateRequest event
has been fired (or AuthorizeRequest)...

Also, ensure that you have System.Web in your using list in your code
behind. Hopefully that helps

Shan Plourde

Razak wrote:
Dale,

Maybe we are a bit off from the main question of my post which was why thestatement:-

currentWindowsIdentity = CType(HttpContext.Current.User.Identity,
System.Security.Principal.WindowsIdentity)

in code-behind produces error while

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)

in aspx page does not.

---------------------------------------------------------------------------

-
---- ----------------------------------------------------------------------

-
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:er**************@TK2MSFTNGP11.phx.gbl...

Duh, I don't know what I was thinking.

IsInRole is actually a method of the User object - well, actually the
IPrincipal object upon which the User is based.

Dale

"Razak" <ra***@mmsc.com.my> wrote in message
news:Ow**************@TK2MSFTNGP10.phx.gbl...
Thanks for the tip. I'll try it tomorrow and see how it goes.

--------------------------------------------------------------------------
--

---- ---------------------------------------------------------------------
--
---------
"Dale" <da************@msndotcomNot.Net> wrote in message
news:ew**************@tk2msftngp13.phx.gbl...
>Remember that by impersonating a specific user, you have to include
>
>
username
>and password your code. This is not a good idea except in very
>
>
controlled
>environments.
>
>Set Anonymous Access off on the virtual folder in IIS, click Basic
>Authentication off, and click Windows Integrated Authentication on.
>
>And, of course, make sure your ACLs are set properly on the files and
>folders for the users you want to have access.
>
>Next, in the <system.web> section of your web.config for your web app,
>include the following:
>
><identity impersonate="true" />
>
>Now, your file access will be determined by the windows user from your
>domain who is logged in.
>
>You can also customize the access in code by using the
>User.Identity.IsInRole("SomeSecurityUserOrGrou pName") method -
>
>

accepting

or
>rejecting the request based on the results.
>
>Hope this helps,
>
>Dale Preston
>MCAD, MCSE, MCDBA
>
>
>"Razak" <ra***@mmsc.com.my> wrote in message
>news:#L*************@TK2MSFTNGP11.phx.gbl...
>
>
>>Sorry for late reply.. I took a day off yesterday.
>>
>>I'm new to .NET and want to learn by creating my personal website
>>
>>
using
>>ASP.NET and VB.NET. In my application, I have photo galleries where
>>
>>

I

can
>>upload photos of certain events (galleries) into a folder in the
>>
>>
images
>>folder. Every events have their own folder to keep the photos. I
>>
>>

have

no
>>problem creating folders. But when it comes to deleting them, i got
>>
>>
>'Access
>
>
>>denied' which probably because of security issues. I don't want to
>>
>>
change
>>anything on the server side, and resort to using impersonation.
>>
>>From the samples given by MS KB at
>>http://support.microsoft.com/default...b;EN-US;306158, i
>>
>>

have

no
>>problem impersonating as the administrator account (I maintain the
>>
>>
server
>in
>
>
>>the office), that is, the fourth example on the link titled
>>
>>
'Impersonate
a
>>Specific User in Code'. I came across the third example titled
>>
>>
>'Impersonate
>
>
>>the Authenticating User in Code', (the code is given in my original
>>
>>
post)
>>and would like to try that method. That's when the error occurs.
>>
>>Hope that you understand what I'm trying to say here. It's just the
>>
>>
>purpose
>
>
>>of learning. I believe it should work somehow.
>>
>>Thanks.
>>
>>
>>

--------------------------------------------------------------------------


>--
>
>
>

---- ---------------------------------------------------------------------


>--
>
>
>>---------
>>"Dale" <da************@msndotcomNot.Net> wrote in message
>>news:eB**************@TK2MSFTNGP10.phx.gbl. ..
>>
>>
>>>I am not sure what you're trying to do with impersonation so it's
>>>
>>>
hard
>to
>
>
>>>tell you exactly how to do it but the User object in your web app
>>>
>>>

is

>>>equivelent to a System.Security.Principal.IPrincipal object and
>>>
>>>

not

a
>>>WindowsPrincipal object.
>>>
>>>Likewise, the User.Identity is an IIdentity and not a
>>>
>>>

WindowsIdenity

>>object.
>>
>>
>>>Can you post more about what you're trying to do?
>>>
>>>Dale
>>>
>>>
>>>"Razak" <ra***@mmsc.com.my> wrote in message
>>>news:#O**************@TK2MSFTNGP10.phx.gbl.. .
>>>
>>>
>>>>Hi,
>>>>
>>>>I have a class which basically do Impersonation in my web
>>>>
>>>>
application.
>>>From
>>>
>>>
>>>>MS KB sample:-
>>>>
>>>>++++++++++++++++++++code starts
>>>>Dim impersonationContext As
>>>>System.Security.Principal.WindowsImpersonat ionContext
>>>>Dim currentWindowsIdentity As
>>>>
>>>>
>System.Security.Principal.WindowsIdentity
>
>
>>>>currentWindowsIdentity = CType(User.Identity,
>>>>System.Security.Principal.WindowsIdentity )
>>>>impersonationContext = currentWindowsIdentity.Impersonate()
>>>>
>>>>'Insert your code that runs under the security context of the
>>>>
>>>>
>>>authenticating
>>>
>>>
>>>>user here.
>>>>
>>>>impersonationContext.Undo()
>>>>+++++++++++++++++++++code ends
>>>>
>>>>since I need to implement this code in class.vb, I have to
>>>>
>>>>

change

the
>>>line:-
>>>
>>>
>>>>currentWindowsIdentity = CType(User.Identity,
>>>>System.Security.Principal.WindowsIdentity )
>>>>
>>>>to:-
>>>>
>>>>currentWindowsIdentity =
>>>>
>>>>

CType(HttpContext.Current.User.Identity,

>>>>System.Security.Principal.WindowsIdentity )
>>>>
>>>>But that produces error 'Specified cast is not valid.'. Is there
>>>>
>>>>
>>anything
>>
>>
>>>>that I miss here? Please help!
>>>>
>>>>Thank you
>>>>
>>>>

--------------------------------------------------------------------------


>>>--
>>>
>>>
>>>

---- ---------------------------------------------------------------------


>>>--
>>>
>>>
>>>>---------
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


Nov 18 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.