Hi,
I apologize for the extensive cross-posting but I'm getting desparate.
We have a web page calling one or another web service. Both web service
communicate with Sharepoint 2003, and both temporarily change impersonation
using WindowsImpersonationContext class and then revert back with
WindowsImpersonationContext.Undo() to typically save documents with the
correct user name.
Calling the web services synchronously works fine, but we need it to work
asynchronously (typically creating and saving a document before the web
services do some work on it).
The problem is, instead of reverting to the original user,
WindowsImpersonationContext ends up as the user running the Application
Pool
for the web page. I have been unable to find out anything why this
happens.
Furthermore, I created a new Application Pool for the web page, thinking
perhaps sharing the same pool was the problem, but before I could attach it
to the web page the problem appeared to solve itself, for a short time.
Doing some extensive testing I have concluded this:
WindowsImpersonationContext.Undo() works for a short time if a dummy
application pool (not used by anything) is STARTED
WindowsImpersonationContext.Undo() works for a short time if a dummy
application pool (not used by anything) is STOPPED
When it works, it seems to work as long as only one web service is called,
and it stops working as soon as the other web service is called.
????
The only google result I could come up with related to this does not have a
solution or email address http://www.derkeiler.com/Newsgroups/...5-02/0223.html
Any idea, suggestions or something to try is extremely welcome
- Morten 5 1246
Hi,
which framework version are you using. Impersonation tokens are not always
propagated to async operations.
In 1.1 they are never propagated. In 2.0 you can control that via a config
setting http://www.leastprivilege.com/WhatIsAspnetconfig.aspx
---
Dominick Baier, DevelopMentor http://www.leastprivilege.com
Hi,
I apologize for the extensive cross-posting but I'm getting desparate.
We have a web page calling one or another web service. Both web
service communicate with Sharepoint 2003, and both temporarily change
impersonation using WindowsImpersonationContext class and then revert
back with WindowsImpersonationContext.Undo() to typically save
documents with the correct user name.
Calling the web services synchronously works fine, but we need it to
work asynchronously (typically creating and saving a document before
the web services do some work on it).
The problem is, instead of reverting to the original user,
WindowsImpersonationContext ends up as the user running the
Application
Pool
for the web page. I have been unable to find out anything why this
happens.
Furthermore, I created a new Application Pool for the web page,
thinking perhaps sharing the same pool was the problem, but before I
could attach it to the web page the problem appeared to solve itself,
for a short time.
Doing some extensive testing I have concluded this:
WindowsImpersonationContext.Undo() works for a short time if a dummy
application pool (not used by anything) is STARTED
WindowsImpersonationContext.Undo() works for a short time if a dummy
application pool (not used by anything) is STOPPED
When it works, it seems to work as long as only one web service is
called,
and it stops working as soon as the other web service is called.
????
The only google result I could come up with related to this does not
have a solution or email address
http://www.derkeiler.com/Newsgroups/...net.security/2
005-02/0223.html
Any idea, suggestions or something to try is extremely welcome
- Morten
We use .Net 2.0, and upon further studies, it is not connected to
WindowsImpersonationContext since only one web service uses that.
What configuration is required?
We use an encrypted identity section
<trust level="Full" originUrl=""/>
<identity configProtectionProvider="RsaProtectedConfiguratio nProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>IKGgtOuiQqSL6KZOurRXMNSJxNioerQcyGGS3 Ng2y6SgsnjZqWQMztRTALlkbaVQM3zsh4BSnACU4pN+s1tWHDV 1EKSyfCM7m5R5G54vUvF+oqj9MVtZ12QVhv2i2hun95oHNtgAg YJjVbzAudcKMTe/phWP61iXqTgxKKNc+xw=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>RrRnNXdcQQozeNEGPuinT9aaRT2M9RGgOBe1O 9/u9IIAzOflIZRr2UN0jWfiGk+WduHx/kM3ZN2s05k3/gQMcwZhykXHRFLAcURapxzjBRqz2HBh2ad05Q==</CipherValue>
</CipherData>
</EncryptedData>
</identity>
and
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
- Morten
On Wed, 13 Sep 2006 11:46:50 +0200, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.comwrote :
Hi, which framework version are you using. Impersonation tokens are not
always propagated to async operations.
In 1.1 they are never propagated. In 2.0 you can control that via a
config setting
http://www.leastprivilege.com/WhatIsAspnetconfig.aspx
---
Dominick Baier, DevelopMentor http://www.leastprivilege.com
>Hi, I apologize for the extensive cross-posting but I'm getting desparate. We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change impersonation using WindowsImpersonationContext class and then revert back with WindowsImpersonationContext.Undo() to typically save documents with the correct user name. Calling the web services synchronously works fine, but we need it to work asynchronously (typically creating and saving a document before the web services do some work on it). The problem is, instead of reverting to the original user, WindowsImpersonationContext ends up as the user running the Application Pool for the web page. I have been unable to find out anything why this happens. Furthermore, I created a new Application Pool for the web page, thinking perhaps sharing the same pool was the problem, but before I could attach it to the web page the problem appeared to solve itself, for a short time. Doing some extensive testing I have concluded this: WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STARTED WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STOPPED When it works, it seems to work as long as only one web service is called, and it stops working as soon as the other web service is called. ???? The only google result I could come up with related to this does not have a solution or email address http://www.derkeiler.com/Newsgroups/...net.security/2 005-02/0223.html Any idea, suggestions or something to try is extremely welcome - Morten
--
Happy Coding!
Morten Wennevik [C# MVP]
then i am not sure what your problem is...
if you think it is not impersonation related - you have to tell me more about
the problems you are seeing.
---
Dominick Baier, DevelopMentor http://www.leastprivilege.com
We use .Net 2.0, and upon further studies, it is not connected to
WindowsImpersonationContext since only one web service uses that.
What configuration is required?
We use an encrypted identity section
<trust level="Full" originUrl=""/>
<identity configProtectionProvider="RsaProtectedConfiguratio nProv
ider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>IKGgtOuiQqSL6KZOurRXMNSJxNioerQcyGGS3 Ng2y6Sg
snjZqWQMztRTALlkbaVQM3zsh4BSnACU4pN+s1tWHDV1EKSyfC M7m5R5G54vUvF+oqj9MV
tZ
12QVhv2i2hun95oHNtgAgYJjVbzAudcKMTe/phWP61iXqTgxKKNc+xw=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>RrRnNXdcQQozeNEGPuinT9aaRT2M9RGgOBe1O 9/u9IIAzOfl
IZRr2UN0jWfiGk+WduHx/kM3ZN2s05k3/gQMcwZhykXHRFLAcURapxzjBRqz2HBh2ad05Q
=
=</CipherValue>
</CipherData>
</EncryptedData>
</identity>
and
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
- Morten
On Wed, 13 Sep 2006 11:46:50 +0200, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.comwrote :
>Hi, which framework version are you using. Impersonation tokens are no
t
>always propagated to async operations.
In 1.1 they are never propagated. In 2.0 you can control that via a
config setting
http://www.leastprivilege.com/WhatIsAspnetconfig.aspx
--- Dominick Baier, DevelopMentor http://www.leastprivilege.com
>>Hi, I apologize for the extensive cross-posting but I'm getting desparat
e.
>>We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change
impersonation using WindowsImpersonationContext class and then revert
back with WindowsImpersonationContext.Undo() to typically save documents with the correct user name. Calling the web services synchronously works fine, but we need it to work asynchronously (typically creating and saving a document before the web services do some work on it). The problem is, instead of reverting to the original user, WindowsImpersonationContext ends up as the user running the Application Pool for the web page. I have been unable to find out anything why this happens. Furthermore, I created a new Application Pool for the web page, thinking perhaps sharing the same pool was the problem, but before I could attach it to the web page the problem appeared to solve itself, for a short time. Doing some extensive testing I have concluded this: WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STARTED WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STOPPED When it works, it seems to work as long as only one web service is called, and it stops working as soon as the other web service is called. ???? The only google result I could come up with related to this does not have a solution or email address http://www.derkeiler.com/Newsgroups/...otnet.security
/2
>>005-02/0223.html Any idea, suggestions or something to try is extremely welcome - Morten
Well, the problem is that user running the web page does not always carry
over to the web service. I'm not responsible for the web services, only
the web page so I have misread the logs thinking
WindowsImpersonationContext was to blame, but the other web service uses
only <identity impersonate="true"/>.
I discovered the links after sending the last mail. Going to try that.
-Morten
On Wed, 13 Sep 2006 12:11:14 +0200, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.comwrote :
then i am not sure what your problem is...
if you think it is not impersonation related - you have to tell me more
about the problems you are seeing.
---
Dominick Baier, DevelopMentor http://www.leastprivilege.com
>We use .Net 2.0, and upon further studies, it is not connected to WindowsImpersonationContext since only one web service uses that. What configuration is required? We use an encrypted identity section <trust level="Full" originUrl=""/> <identity configProtectionProvider="RsaProtectedConfiguratio nProv ider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>IKGgtOuiQqSL6KZOurRXMNSJxNioerQcyGGS3 Ng2y6Sg snjZqWQMztRTALlkbaVQM3zsh4BSnACU4pN+s1tWHDV1EKSyf CM7m5R5G54vUvF+oqj9MV tZ 12QVhv2i2hun95oHNtgAgYJjVbzAudcKMTe/phWP61iXqTgxKKNc+xw=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>RrRnNXdcQQozeNEGPuinT9aaRT2M9RGgOBe1O 9/u9IIAzOfl IZRr2UN0jWfiGk+WduHx/kM3ZN2s05k3/gQMcwZhykXHRFLAcURapxzjBRqz2HBh2ad05Q = =</CipherValue> </CipherData> </EncryptedData> </identity> and <authentication mode="Windows"/> <authorization> <allow users="*"/> </authorization> - Morten On Wed, 13 Sep 2006 11:46:50 +0200, Dominick Baier <dbaier@pleasepleasenospam_leastprivilege.comwrote :
>>Hi, which framework version are you using. Impersonation tokens are no
t
>>always propagated to async operations. In 1.1 they are never propagated. In 2.0 you can control that via a config setting http://www.leastprivilege.com/WhatIsAspnetconfig.aspx --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Hi, I apologize for the extensive cross-posting but I'm getting desparat
e.
>>>We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change impersonation using WindowsImpersonationContext class and then revert back with WindowsImpersonationContext.Undo() to typically save documents with the correct user name. Calling the web services synchronously works fine, but we need it to work asynchronously (typically creating and saving a document before the web services do some work on it). The problem is, instead of reverting to the original user, WindowsImpersonationContext ends up as the user running the Application Pool for the web page. I have been unable to find out anything why this happens. Furthermore, I created a new Application Pool for the web page, thinking perhaps sharing the same pool was the problem, but before I could attach it to the web page the problem appeared to solve itself, for a short time. Doing some extensive testing I have concluded this: WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STARTED WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STOPPED When it works, it seems to work as long as only one web service is called, and it stops working as soon as the other web service is called. ???? The only google result I could come up with related to this does not have a solution or email address http://www.derkeiler.com/Newsgroups/...otnet.security
/2
>>>005-02/0223.html Any idea, suggestions or something to try is extremely welcome - Morten
--
Happy Coding!
Morten Wennevik [C# MVP]
IT WORKS :D
That was indeed the problem, identity tokens not carrying over during
asynchronous calls. Wonderful, I swear I have grown lot of gray hairs
over this problem. All our other asynchronous test worked fine, but none
of them did impersonated in the original page. Creating new
networkcredentials seems to create a proper token anyway.
Thank you so much!
Tusen, tusen takk!
- Morten
On Wed, 13 Sep 2006 12:11:14 +0200, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.comwrote :
then i am not sure what your problem is...
if you think it is not impersonation related - you have to tell me more
about the problems you are seeing.
---
Dominick Baier, DevelopMentor http://www.leastprivilege.com
>We use .Net 2.0, and upon further studies, it is not connected to WindowsImpersonationContext since only one web service uses that. What configuration is required? We use an encrypted identity section <trust level="Full" originUrl=""/> <identity configProtectionProvider="RsaProtectedConfiguratio nProv ider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>IKGgtOuiQqSL6KZOurRXMNSJxNioerQcyGGS3 Ng2y6Sg snjZqWQMztRTALlkbaVQM3zsh4BSnACU4pN+s1tWHDV1EKSyf CM7m5R5G54vUvF+oqj9MV tZ 12QVhv2i2hun95oHNtgAgYJjVbzAudcKMTe/phWP61iXqTgxKKNc+xw=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>RrRnNXdcQQozeNEGPuinT9aaRT2M9RGgOBe1O 9/u9IIAzOfl IZRr2UN0jWfiGk+WduHx/kM3ZN2s05k3/gQMcwZhykXHRFLAcURapxzjBRqz2HBh2ad05Q = =</CipherValue> </CipherData> </EncryptedData> </identity> and <authentication mode="Windows"/> <authorization> <allow users="*"/> </authorization> - Morten On Wed, 13 Sep 2006 11:46:50 +0200, Dominick Baier <dbaier@pleasepleasenospam_leastprivilege.comwrote :
>>Hi, which framework version are you using. Impersonation tokens are no
t
>>always propagated to async operations. In 1.1 they are never propagated. In 2.0 you can control that via a config setting http://www.leastprivilege.com/WhatIsAspnetconfig.aspx --- Dominick Baier, DevelopMentor http://www.leastprivilege.com Hi, I apologize for the extensive cross-posting but I'm getting desparat
e.
>>>We have a web page calling one or another web service. Both web service communicate with Sharepoint 2003, and both temporarily change impersonation using WindowsImpersonationContext class and then revert back with WindowsImpersonationContext.Undo() to typically save documents with the correct user name. Calling the web services synchronously works fine, but we need it to work asynchronously (typically creating and saving a document before the web services do some work on it). The problem is, instead of reverting to the original user, WindowsImpersonationContext ends up as the user running the Application Pool for the web page. I have been unable to find out anything why this happens. Furthermore, I created a new Application Pool for the web page, thinking perhaps sharing the same pool was the problem, but before I could attach it to the web page the problem appeared to solve itself, for a short time. Doing some extensive testing I have concluded this: WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STARTED WindowsImpersonationContext.Undo() works for a short time if a dummy application pool (not used by anything) is STOPPED When it works, it seems to work as long as only one web service is called, and it stops working as soon as the other web service is called. ???? The only google result I could come up with related to this does not have a solution or email address http://www.derkeiler.com/Newsgroups/...otnet.security
/2
>>>005-02/0223.html Any idea, suggestions or something to try is extremely welcome - Morten
--
Happy Coding!
Morten Wennevik [C# MVP] This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: William C. White |
last post by:
Does anyone know of a way to use PHP /w Authorize.net AIM without using
cURL? Our website is hosted on a shared drive and the webhost company
doesn't installed additional software (such as cURL)...
|
by: Albert Ahtenberg |
last post by:
Hello,
I don't know if it is only me but I was sure that header("Location:url")
redirects the browser instantly to URL, or at least stops the execution of
the code. But appearantely it continues...
|
by: James |
last post by:
Hi,
I have a form with 2 fields.
'A'
'B'
The user completes one of the fields and the form is submitted.
On the results page I want to run a query, but this will change
subject to which...
|
by: Ollivier Robert |
last post by:
Hello,
I'm trying to link PHP with Oracle 9.2.0/OCI8 with gcc 3.2.3 on a Solaris9
system. The link succeeds but everytime I try to run php, I get a SEGV from
inside the libcnltsh.so library.
...
|
by: Richard Galli |
last post by:
I want viewers to compare state laws on a single subject.
Imagine a three-column table with a drop-down box on the top. A viewer
selects a state from the list, and that state's text fills the...
|
by: Albert Ahtenberg |
last post by:
Hello,
I have two questions.
1. When the user presses the back button and returns to a form he filled
the form is reseted. How do I leave there the values he inserted?
2. When the...
|
by: inderjit S Gabrie |
last post by:
Hi all
Here is the scenerio ...is it possibly to do this...
i am getting valid course dates output on to a web which i have designed
....all is okay so far , look at the following web url
...
|
by: Jack |
last post by:
Hi All,
What is the PHP equivilent of Oracle bind variables in a SQL statement, e.g.
select x from y where z=:parameter
Which in asp/jsp would be followed by some statements to bind a value...
|
by: Sandwick |
last post by:
I am trying to change the size of a drawing so they are all 3x3.
the script below is what i was trying to use to cut it in half ... I
get errors.
I can display the normal picture but not the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |