473,322 Members | 1,699 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Web service Impersonatation?

When I set up impersonation in the web.config file and specify a user and
password I get strange results. This line of code will get me the user
account I set to impersonate:
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

This line of code will get me my user account ever time:

System.Threading.Thread.CurrentPrincipal.Identity. Name

What's the difference? shouldn't they both be the user I am trying to
impersonate?

Thanks
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m
Nov 19 '05 #1
7 993
Frank,

No, they should not. When you impersonate through the WindowsIdentity
object, it does not change the current principal on the thread. The reason
for this is that you can have different implementations of IPrincipal which
don't necessarily map to windows users and groups. To that end, having
WindowsIdentity change the current thread's principal would be wrong.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
When I set up impersonation in the web.config file and specify a user and
password I get strange results. This line of code will get me the user
account I set to impersonate:
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

This line of code will get me my user account ever time:

System.Threading.Thread.CurrentPrincipal.Identity. Name

What's the difference? shouldn't they both be the user I am trying to
impersonate?

Thanks
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m

Nov 19 '05 #2
Thanks Nicholas,

But how do you know which Principal is being used by your code. Lets say I
have a routine that writes a file to the local directory, how do I ensure
that code is using my impersonated users rights?

--
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:%2****************@TK2MSFTNGP12.phx.gbl...
Frank,

No, they should not. When you impersonate through the WindowsIdentity
object, it does not change the current principal on the thread. The reason for this is that you can have different implementations of IPrincipal which don't necessarily map to windows users and groups. To that end, having
WindowsIdentity change the current thread's principal would be wrong.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
When I set up impersonation in the web.config file and specify a user and password I get strange results. This line of code will get me the user
account I set to impersonate:
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

This line of code will get me my user account ever time:

System.Threading.Thread.CurrentPrincipal.Identity. Name

What's the difference? shouldn't they both be the user I am trying to
impersonate?

Thanks
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m


Nov 19 '05 #3
is your server trusted for delegation?

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
When I set up impersonation in the web.config file and specify a user and
password I get strange results. This line of code will get me the user
account I set to impersonate:
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

This line of code will get me my user account ever time:

System.Threading.Thread.CurrentPrincipal.Identity. Name

What's the difference? shouldn't they both be the user I am trying to
impersonate?

Thanks
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m

Nov 19 '05 #4
Frank,

The code will use the rights of whomever the thread is currently running
under. If you always want to base this on the Windows identity, you can
call the static GetCurrent method on the WindowsIdentity type, passing true
for the ifImpersonating parameter.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
Thanks Nicholas,

But how do you know which Principal is being used by your code. Lets say
I
have a routine that writes a file to the local directory, how do I ensure
that code is using my impersonated users rights?

--
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP12.phx.gbl...
Frank,

No, they should not. When you impersonate through the
WindowsIdentity
object, it does not change the current principal on the thread. The

reason
for this is that you can have different implementations of IPrincipal

which
don't necessarily map to windows users and groups. To that end, having
WindowsIdentity change the current thread's principal would be wrong.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
> When I set up impersonation in the web.config file and specify a user and > password I get strange results. This line of code will get me the user
> account I set to impersonate:
> System.Security.Principal.WindowsIdentity.GetCurre nt().Name
>
> This line of code will get me my user account ever time:
>
> System.Threading.Thread.CurrentPrincipal.Identity. Name
>
> What's the difference? shouldn't they both be the user I am trying to
> impersonate?
>
> Thanks
>
>
> Frank Wisniewski MCSE 4.0, MCP+I, A+
> f p w 2 3 @ h o t m a i l . c o m
>
>



Nov 19 '05 #5
asp.net seperates the thread identity from the authenicated user identity.
when the user is authenicated (not anonymous), your have three options:

1) the thread runs as the asp.net account (default)
2) the thread impersonates the authenication account (must use windows
authenication). set impersonate=true in web config
3) the thread impersonates the account specified in the web config.

you picked the third option, so the CurrentPrincipal is the authenicated
account and WindowsIdentity is the thread identity.

note: CurrentPrincipal is a WindowsIdentity only if windows authenication is
used.

-- bruce (sqlwork.com)

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
| When I set up impersonation in the web.config file and specify a user and
| password I get strange results. This line of code will get me the user
| account I set to impersonate:
| System.Security.Principal.WindowsIdentity.GetCurre nt().Name
|
| This line of code will get me my user account ever time:
|
| System.Threading.Thread.CurrentPrincipal.Identity. Name
|
| What's the difference? shouldn't they both be the user I am trying to
| impersonate?
|
| Thanks
|
|
| Frank Wisniewski MCSE 4.0, MCP+I, A+
| f p w 2 3 @ h o t m a i l . c o m
|
|
Nov 19 '05 #6
I am running it from my local machine which is part of the domain, is that
what you are asking?

--
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m
"Consultant" <consultant_mcngp@yahoodotcom> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
is your server trusted for delegation?

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
When I set up impersonation in the web.config file and specify a user and password I get strange results. This line of code will get me the user
account I set to impersonate:
System.Security.Principal.WindowsIdentity.GetCurre nt().Name

This line of code will get me my user account ever time:

System.Threading.Thread.CurrentPrincipal.Identity. Name

What's the difference? shouldn't they both be the user I am trying to
impersonate?

Thanks
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m


Nov 19 '05 #7
no, in order for impersonation to work, the server must be trusted for
delegation within active directory

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41********@Usenet.com...
I am running it from my local machine which is part of the domain, is that
what you are asking?

--
Frank Wisniewski MCSE 4.0, MCP+I, A+
f p w 2 3 @ h o t m a i l . c o m
"Consultant" <consultant_mcngp@yahoodotcom> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
is your server trusted for delegation?

"Frank Wisniewski" <fp***@hotmail.com> wrote in message
news:41**********@Usenet.com...
> When I set up impersonation in the web.config file and specify a user and > password I get strange results. This line of code will get me the user
> account I set to impersonate:
> System.Security.Principal.WindowsIdentity.GetCurre nt().Name
>
> This line of code will get me my user account ever time:
>
> System.Threading.Thread.CurrentPrincipal.Identity. Name
>
> What's the difference? shouldn't they both be the user I am trying to
> impersonate?
>
> Thanks
>
>
> Frank Wisniewski MCSE 4.0, MCP+I, A+
> f p w 2 3 @ h o t m a i l . c o m
>
>



Nov 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Hardy Wang | last post by:
Hi all: I read an article from http://www.c-sharpcorner.com/Code/2003/Sept/InstallingWinServiceProgrammatically.asp about how to install a windows service programmatically. Based ont the code...
7
by: Mike | last post by:
I want to create a windows service that will monitor another window service. what i need for the service to do is, if a service is stopped I need it to start the service back up example: ...
9
by: SP | last post by:
Hi All, I wrote a windows service which is supposed to stop after specified amount of time. I am calling OnStop() after specified time. OnStop() methods executed but I dont see the service...
3
by: Jeremy S. | last post by:
On my dev machine (XP/Pro with VS.NET 2003) I have been developing a Windows Service and installing it on the local machine by opening the Visual Studio Command Prompt and then executing . Now I...
2
by: letibal | last post by:
Hello, I have written a windows service and created an installer for it. The service runs under the system accounts. When started, it launches a GUI. By default, the InteractiveProcess property...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.