By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,734 Members | 828 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,734 IT Pros & Developers. It's quick & easy.

how to have component run in security context of windows user?

P: n/a
I have an application/component that updates an individual's active directory information. The current application finds the active directory entry via the following..

Dim entry As DirectoryEntry = New DirectoryEntry("LDAP://" & m_DomainName, m_Username, m_Password, AuthenticationTypes.FastBind
Dim ds As New DirectorySearcher(entry
Dim filter As String = "(sAMAccountName=" & "joeuser" & ")
ds.Filter = filte
Dim results As SearchResultCollectio
Dim searchResults As SearchResul
searchResults = ds.FindOn
Dim user As DirectoryEntry = searchResults.GetDirectoryEntry(
user.Properties("description").Value = "Goat Farmer
user.CommitChanges(

The problem..
Only the employee has rights to update their AD information. How can I create the "entry" with the correct permissions of the user running the web application? This is a web application and I currently use forms authentication on the existing web application

Any help would be very much appreciated
dave
Jul 21 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Hello Dave,

Thanks for your post. As I understand, you want to impersonate a user in
your ASP .NET Web application in order to updates an individual's active
directory information. Please correct me if there is any misunderstanding.
Based on my experience and research, you will need to perform the following
steps:

1. Make sure that the ASP .NET Process Identity is set to System. The
Machine.config file looks like below:
<system.web>
<processModel enable="true"
userName="System"
password="AutoGenerate"/>
</system.web>

The following MSDN article describes ASP.NET Process Identity in detail:
http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconConfiguringASPNETProcessIdentity.asp

2. Go to "Control Panel" -> "Administrative Tools" -> "Internet Information
Services Manager", choose the corresponding Web Site, open its Properties
page, choose "Directory Security", uncheck "Enable anonymous access" in
"Authentication and access control".

3. Impersonate the authenticating user in your code:

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

'Insert your code that runs under the security context of the
authenticating user here.

impersonationContext.Undo()

Please refer to the following KB article for detailed information:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?ID=306158

Please check it on your side, and let me know the result.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Jul 21 '05 #2

P: n/a
Hello Dave,

Thanks for your post. As I understand, you want to impersonate a user in
your ASP .NET Web application in order to updates an individual's active
directory information. Please correct me if there is any misunderstanding.
Based on my experience and research, you will need to perform the following
steps:

1. Make sure that the ASP .NET Process Identity is set to System. The
Machine.config file looks like below:
<system.web>
<processModel enable="true"
userName="System"
password="AutoGenerate"/>
</system.web>

The following MSDN article describes ASP.NET Process Identity in detail:
http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconConfiguringASPNETProcessIdentity.asp

2. Go to "Control Panel" -> "Administrative Tools" -> "Internet Information
Services Manager", choose the corresponding Web Site, open its Properties
page, choose "Directory Security", uncheck "Enable anonymous access" in
"Authentication and access control".

3. Impersonate the authenticating user in your code:

Dim impersonationContext As
System.Security.Principal.WindowsImpersonationCont ext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity

currentWindowsIdentity = CType(User.Identity,
System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()

'Insert your code that runs under the security context of the
authenticating user here.

impersonationContext.Undo()

Please refer to the following KB article for detailed information:

INFO: Implementing Impersonation in an ASP.NET Application
http://support.microsoft.com/?ID=306158

Please check it on your side, and let me know the result.

Have a nice day!

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Jul 21 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.