By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,238 Members | 1,787 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,238 IT Pros & Developers. It's quick & easy.

problem with aspnet "impersonation"

P: n/a
HI there,

I am developing a client side app which requires me to launch another
program when a user clicks a button on a web page. I thought I'd create
an asp.net page (using c# ) to accomplish this. After much research I
found that it's not that simple. The asp process runs under an aspnet
user, which does not let me launch my program. I ran accross some code
that is supposed to impersonate the logged in user, but I get the
following error:
"An anonymous identity cannot perform an impersonation"
The web.config file contains the following:

<identity impersonate="true" />

and the code in the asp.net page:

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
System.Security.Principal.WindowsImpersonationCont ext
impersonationContext;

impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

System.Diagnostics.Process.Start("notepad.exe")

impersonationContext.Undo();
}
any ideas on how I can get around this?
Thanks!

Jorge
Nov 16 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
You need to force the ASP.NET context to run under a specific identity that
has that privilege (impersonation is a specific right that not all accounts
have).

Still, launching EXEs from ASP pages is not such a good idea.
--
Klaus H. Probst, MVP
http://www.vbbox.com/

"hellrazor" <jo***@another-world.com> wrote in message
news:Xn**********************************@207.46.2 48.16...
HI there,

I am developing a client side app which requires me to launch another
program when a user clicks a button on a web page. I thought I'd create
an asp.net page (using c# ) to accomplish this. After much research I
found that it's not that simple. The asp process runs under an aspnet
user, which does not let me launch my program. I ran accross some code
that is supposed to impersonate the logged in user, but I get the
following error:
"An anonymous identity cannot perform an impersonation"
The web.config file contains the following:

<identity impersonate="true" />

and the code in the asp.net page:

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
System.Security.Principal.WindowsImpersonationCont ext
impersonationContext;

impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

System.Diagnostics.Process.Start("notepad.exe")

impersonationContext.Undo();
}
any ideas on how I can get around this?
Thanks!

Jorge

Nov 16 '05 #2

P: n/a
Exactly where such idea from!
PAtrick

"Klaus H. Probst" wrote:
You need to force the ASP.NET context to run under a specific identity that
has that privilege (impersonation is a specific right that not all accounts
have).

Still, launching EXEs from ASP pages is not such a good idea.
--
Klaus H. Probst, MVP
http://www.vbbox.com/

"hellrazor" <jo***@another-world.com> wrote in message
news:Xn**********************************@207.46.2 48.16...
HI there,

I am developing a client side app which requires me to launch another
program when a user clicks a button on a web page. I thought I'd create
an asp.net page (using c# ) to accomplish this. After much research I
found that it's not that simple. The asp process runs under an aspnet
user, which does not let me launch my program. I ran accross some code
that is supposed to impersonate the logged in user, but I get the
following error:
"An anonymous identity cannot perform an impersonation"
The web.config file contains the following:

<identity impersonate="true" />

and the code in the asp.net page:

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
System.Security.Principal.WindowsImpersonationCont ext
impersonationContext;

impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

System.Diagnostics.Process.Start("notepad.exe")

impersonationContext.Undo();
}
any ideas on how I can get around this?
Thanks!

Jorge


Nov 16 '05 #3

P: n/a
you have several problems

1) to do impersonation the asp.net account must have the "act as part of os"
permission
2) System.Diagnostics.Process.Start will start the process with the current
process id (asp.net) not the current thread identity anyway, so you don't
need above. look at the windows CreateProcessAsUser as support for this is
not in .net.
3) System.Diagnostics.Process.Start("notepad.exe") - notepad will fail
because it will try to open a window, not notmally allowed from a service.

-- bruce (sqlwork.com)

"hellrazor" <jo***@another-world.com> wrote in message
news:Xn**********************************@207.46.2 48.16...
| HI there,
|
| I am developing a client side app which requires me to launch another
| program when a user clicks a button on a web page. I thought I'd create
| an asp.net page (using c# ) to accomplish this. After much research I
| found that it's not that simple. The asp process runs under an aspnet
| user, which does not let me launch my program. I ran accross some code
| that is supposed to impersonate the logged in user, but I get the
| following error:
|
|
| "An anonymous identity cannot perform an impersonation"
|
|
| The web.config file contains the following:
|
| <identity impersonate="true" />
|
| and the code in the asp.net page:
|
| private void Page_Load(object sender, System.EventArgs e)
| {
| // Put user code to initialize the page here
| System.Security.Principal.WindowsImpersonationCont ext
| impersonationContext;
|
| impersonationContext =
| ((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();
|
| System.Diagnostics.Process.Start("notepad.exe")
|
| impersonationContext.Undo();
| }
|
|
| any ideas on how I can get around this?
|
|
| Thanks!
|
| Jorge
Nov 16 '05 #4

P: n/a
"bruce barker" <no***********@safeco.com> wrote in
news:u3**************@TK2MSFTNGP12.phx.gbl:
you have several problems

1) to do impersonation the asp.net account must have the "act as part
of os" permission
2) System.Diagnostics.Process.Start will start the process with the
current process id (asp.net) not the current thread identity anyway,
so you don't need above. look at the windows CreateProcessAsUser as
support for this is not in .net.
3) System.Diagnostics.Process.Start("notepad.exe") - notepad will fail
because it will try to open a window, not notmally allowed from a
service.

-- bruce (sqlwork.com)

"hellrazor" <jo***@another-world.com> wrote in message
news:Xn**********************************@207.46.2 48.16...
| HI there,
|
| I am developing a client side app which requires me to launch another
| program when a user clicks a button on a web page. I thought I'd
| create an asp.net page (using c# ) to accomplish this. After much
| research I found that it's not that simple. The asp process runs
| under an aspnet user, which does not let me launch my program. I ran
| accross some code that is supposed to impersonate the logged in user,
| but I get the following error:
|
|
| "An anonymous identity cannot perform an impersonation"
|
|
| The web.config file contains the following:
|
| <identity impersonate="true" />
|
| and the code in the asp.net page:
|
| private void Page_Load(object sender, System.EventArgs e)
| {
| // Put user code to initialize the page here
| System.Security.Principal.WindowsImpersonationCont ext
| impersonationContext;
|
| impersonationContext =
| ((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate
| ();
|
| System.Diagnostics.Process.Start("notepad.exe")
|
| impersonationContext.Undo();
| }
|
|
| any ideas on how I can get around this?
|
|
| Thanks!
|
| Jorge


Thanks.

It's a local intranet app, so that's why I need to launch the .exe ...
The requirement is that the application needs to launch when a user
clicks a button on the webpage :0|
Nov 16 '05 #5

P: n/a
You have basically two problems to solve here.
1. You are trying to launch a program at the server side right? What kind of
program is it, does it have a UI. If the answer is yes, just forget it, this
will not work. If it's a pure non UI application not requiring a users
profile to be loaded, go on with 2.
2. Impersonate. Your asp.net runs in an impersonated security context of an
anonymous user. This identity cannot impersonate (why would it, it's already
impersonating).
What you should do is run your asp.net worker process using a fixed identity
with privileges to launch another program and turn off 'identity
impersonate' in your config file.

Willy.

"hellrazor" <jo***@another-world.com> wrote in message
news:Xn**********************************@207.46.2 48.16...
HI there,

I am developing a client side app which requires me to launch another
program when a user clicks a button on a web page. I thought I'd create
an asp.net page (using c# ) to accomplish this. After much research I
found that it's not that simple. The asp process runs under an aspnet
user, which does not let me launch my program. I ran accross some code
that is supposed to impersonate the logged in user, but I get the
following error:
"An anonymous identity cannot perform an impersonation"
The web.config file contains the following:

<identity impersonate="true" />

and the code in the asp.net page:

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
System.Security.Principal.WindowsImpersonationCont ext
impersonationContext;

impersonationContext =
((System.Security.Principal.WindowsIdentity)User.I dentity).Impersonate();

System.Diagnostics.Process.Start("notepad.exe")

impersonationContext.Undo();
}
any ideas on how I can get around this?
Thanks!

Jorge

Nov 16 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.