can someone expain me what is Impersonation from an ASP.NET side and when it can be used. If you have any simple examples, please share.
Thank you,
what is Impersonation
Hot Topic
- C# Programming->Constructor
- app.config
- Does C# 2005 support coding RS232 serial communications?
- VS2003: Has anyone found a solution to "File in use..." error when building?
- signing assemblys
- System Tray Icon with background processes
- Serial Communication program can't send over 63 bytes?
- Enum versus Domain objects
- Multiple inheritance scenario
- Convert FLOAT to INT?
Visual C#
- Embedded text resources :/
- Properties.Settings; ArrayList and a custom object
- Looping through the pages of a Tab Control, and checking whether they contain a certain control
- How to deploy an embedded file?
- Converting
- Process class used from Windows Service fails
- DateFormat
- Using html in C# code
- XML childnodes
- Valid Windows File Name
what is Impersonation
sairaj sunil
Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.
for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information
I have attached the code behind that I currenlty have, please let me know what should be changed.
Thank you very much,
public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0;WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=
true)] public static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken);[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=
true)] public static extern bool RevertToSelf();[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
private void Page_Load(object sender, System.EventArgs e){
try{
//System.Security.Principal.WindowsImpersonationContext i ; string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString(); if(impersonateValidUser(username, "domain", "password")){
//Insert your code that runs under the security context of a specific user here.Response.Write("<BR>|Insert your code that runs under the security context of a specific user here.");
undoImpersonation();
}
else{
//Your impersonation failed. Therefore, include a fail-safe mechanism here.Response.Write("<BR>|Your impersonation failed");
}
}
catch(Exception ex){
Response.Write("<BR>|"+ ex.Message+ "|<BR>");
}
}
private bool impersonateValidUser(string userName, string domain, string password){
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(RevertToSelf()){
if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,
ref token) != 0){
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0){
tempWindowsIdentity =
new WindowsIdentity(tokenDuplicate);impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null){
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;}
}
}
}
if(token!= IntPtr.Zero)CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)CloseHandle(tokenDuplicate);
return false;}
private void undoImpersonation(){
impersonationContext.Undo();
}
==========web config file===============
<system.web>
<identity impersonate="true" /> </system.web>coconut113651
Hi,
what is windows id (is it user id that was logged in )
Could you please provide any examples for asp.net windows authentication, that needs to be used with impersonation.
Thank you.
Mapa3matuk
Hi
you would need to use asp.net windows authentication and add the windows users to visual sourcesafe
IIS should be set to basic authentication (at least).
Hope this helps you out, please close the thread if it does
BluEarth Software
Hi
the code above is really not necessary...
there you are using values (from web.config/registry) to impersonate one specific account!
what you described above was to pass on the user credentials of the person connecting to the site:
if that is what you want you need to do two things:
impersonate = true (which you have done)
http://msdn2.microsoft.com/en-us/library/xh507fc5.aspx
and set the authentication to windows
http://msdn2.microsoft.com/en-us/library/eeyk640h.aspx
Hope this helps you out, please close the thread if it does
Cosmin Nicolaescu
Hi
the code above is really not necessary...
there you are using values (from web.config/registry) to impersonate one specific account!
what you described above was to pass on the user credentials of the person connecting to the site:
if that is what you want you need to do two things:
impersonate = true (which you have done)
http://msdn2.microsoft.com/en-us/library/xh507fc5.aspx
and set the authentication to windows
http://msdn2.microsoft.com/en-us/library/eeyk640h.aspx
Hope this helps you out, please close the thread if it does
Zero_
logtorahul
You got it right but setting it in the web.config will not do. You will have to write some code.
Here is a link: http://www.codeproject.com/csharp/cpimpersonation1.asp
try it.
guy kolbis
James_Steven
Hi
I don't believe that using code-based impersonation is even necessary...
as long as you can retrieve the windows id (which you can by using impersonate = true + asp.net windows authentication)
you code will impersonate the right user
The example you gave is valid for applications where you need to impersonate specific admin credentials...
goh6613
Hi,
I will give you a short example.
When a web site runs under the IIS, a process lunches. Usually it is the w3wp.exe or aspnet.exe. That process runs with a set of permissions. When you are trying to connect to a web site using the brower, all requests get executed by that process and its permissions. The process has some rights to perform access to the file system or to any other resources.
Now lets say you are using reporting services in your web site. In the reporting services you give user GUY KOLBIS permissions to execute reports. If you will try to run reports from a web site using the process, you will get an access denied.
So, what you need to do is to impersonate to a user that has permissions to execute reports. In our case it is GUY KOLBIS user.
I hope this helps a bit.
m&#35;
HI,
I am sorry I don’t understand exactly what I still have to do.
I deleted the code above, since you said I don’t need it, Looking at your links:
I have added this code behind:
Windows Authentication Provider @ http://msdn2.microsoft.com/en-us/library/eeyk640h.aspx
since I am trying to implement the code in asp.net
Code behind: it says:
IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsIdentity = new WindowsIdentity(accountToken);
Response.Write("<BR>Created a Windows identity object named " + windowsIdentity.Name + ".");
if (!windowsIdentity.IsAnonymous)
Response.Write("<BR> is not an Anonymous account");
// Verify that the user account has been authenticated by Windows.
if (windowsIdentity.IsAuthenticated)
{ Response.Write("<BR> is authenticated"); }
else Response.Write("<BR>NOT authenticated");
output:
Created a Windows identity object named jBclis\IUSR_USER-ZE5SBDAEF7.
is not an Anonymous account
NOT authenticated
I hope you can help me out, I been struggling with this Impersonation for along time already.. It is driving me crazy..
Thank you very much,
Aaron Bull
I tried adding this code, not sure if it is a step forward:
I am checking if the user is authenticated and it is .. I am assuming it finds the user but when I am trying to check if the file path, which is located on the server exits, it fails. :(
WindowsIdentity User = WindowsIdentity.GetCurrent();
if(User.IsAuthenticated==true){Response.Write("<BR>IsAuthenticated : " + User.Name);
string path = "\\dcitordev01\\VSS\\KaftUS\\srcsafe.ini"; if(System.IO.File.Exists(path)) Response.Write("<BR>Exists");else Response.Write("<BR> DOES NOT EXITS" );
}else Response.Write("<BR>not IsAuthenticated");
output:
IsAuthenticated : jBclis\IUSR_USER-ZE5SBDAEF7
DOES NOT EXITS
why it is not working What am I doing wrong.
Please advice.
Thank you.
Jez Burn
Hi
could you post your web.config
also, what authentication method is iis set to
microslave
Hi,
Thanks alot for your definition and example. I think I understand. Just to make sure:
If I have five users, and all have permission to access Visual source safe database manually. and I want to access a visual source safe database that is located on the server from web application. This can be done using Impersonation right . If yes, is there anything I need to do in IIS ( to set permission) I know I need to set Impersonation in web config file: <identity impersonate="true" /> [ is this going to work for all five users ]. Is there anything else needs to be done, so that all five users will have access to server machine's VSS database folder.
Thank you,
Thomas S. Andersen
Hi,
Here is my web.config file.
Thanks
<
xml version="1.0" encoding="utf-8" ><
configuration> <system.web> <identity impersonate="true" /> <compilation defaultLanguage="c#" debug="true" /> <customErrors mode="RemoteOnly" /> <authentication mode="Windows" /> <authorization> <allow users="*" /> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" /> <!-- GLOBALIZATIONThis section sets the globalization settings of the application.
--
> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> <pages validateRequest="false" /> </system.web></
configuration>