I'm using WCF services ensuring that UserName/Password must be provided for each request. I need use same service from many clients, but I need impersonate the call to access the appropriate resources for each client. When I call the service directly from the client there is no problem, because I use for each client a pair UserName/Password defined in theirs web.config. The problem came when I need to call a second Web service from a call to the first-one using the same identity. This second Web service requires UserName/Password, but I only know who is the caller (UserName) but not the password.
How I can impersonate this second call without knowing the password for the corresponding username?
EDIT: The app (Web App and Services) is running in a shared hosting environment where I can't use Windows Authentication to configure Kerberos for Delegation. I have defined a UserNameValidator to process on each call the pair UserName/Password against a custom SQLServer database. Moreover, the intended customers of this app will use it from Internet, without requiring a windows account, that is because I need a more flexible, SQL-based, authentication schema.
I'm working on an ASP.net app and i'm trying to impersonate a user
I'm creating a windowsIdentity with a token
WindowsIdentity winId = new WindowsIdenty( token );
this token was got by calling the un managed code
[DllImport("advapi32.dll")] public static extern int LogonUserA(String lpszUserName, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
is there any other way to get a token without using this advapi32.dll unmanaged code?
I know how to impersonate a user for the entire site but how best to impersonate for a block of code; WindowsImpersonationContext or NetworkCredential?
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
I'm using this: http://code.google.com/apis/recaptcha/docs/aspnet.html ...
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: That assembly does not allow partially trusted callers.
I have an ASP.NET 2.0 web app which calls a one way web method on a web service. This web method contacts remote servers and pulls back config information to confirm the state of new server builds (settings etc) and inserts the collected data into a SQL database. The web app is supposed to pass through the callers kerberos ticket to the web service and then again to the newly built server which is being checked, all via impersonation and delegation using the calling users administrator privileges.
The trouble is, I just can't get the web service to run under the callers context. I have the SPN's set up, delegation turned on in the active directory objects for the computer running the web app and service and the worker process domain user service account. I have windows authentication on and impersonation set to true in both the web app and service's web.config, integrated authentication in IIS, and IE settings are all ok. All has been checked out and passes the tests in DelegConfig, but it still won't work.
It appears that any data that's is written to the database is written under the context of the web pool service account, and not the calling users, plus along with the fact that I get access denied messages when trying to collect data from the server says impersonation isn't working. Also, is it possible to run the checks under the calling users context, but write to the database with the web pool identity service account without specifying the user details in the web config?? I am working in a secure environment and we must user windows based accounts only, no SQL accounts.
I'm using IIS Express to host my website, and I would like to do something similar to Directory Security in IIS 6. In IIS 6, I was able to go to the Directory Security tab and allow the anonymous user to be a local windows account.
Is there something equivalent in IIS Express for that? What changes do I need to make in applicationhost.config?
Im deploying my website onto my new server (windows 2003) from my local pc (windows 7) and my local homeserver (windows 2008) and have run in to a issue.
I have a process that starts up with the below code. It is passed a video file which gets converted.
System.Diagnostics.ProcessStartInfo StartInfo = new System.Diagnostics.ProcessStartInfo(Command, Parameters);
Them problem I have is on my new windows 2003 server it fails to work. No error or anything. Looking at the server and its taskmgr.exe I see the Process start but nothing happens.
Looking into it, everyone seems to say I need to have impersonate="true" in the webconfig which I do have, I currently have it set to the Administrator account which I use to log into remote desktop (I assume this is fine???)
I have big trouble with impersonate IIS and SQL 2008 . I connect to the iis where I set the ASP.NET Impersonate and I want connect to the sql server with user credetionals . And there is trouble . SQL server run in the win 2008R2 cluster . I try set delegation in the Active directory on the cluster server and in the cluster application .Not work. Connect to the SQL server with anonymous user.
I have a webpage stored on a local server (Site A) which when I browse to it is given my windows account details, this site then checks within AD to get my email address. My email address is then passed to another website (Site B) and consumed. The Website A is set in IIS to Integrated Windows Auth Only, WebSite A has
<identity impersonate="false"/>
set in the web.config What I dont understand is what user is accessing AD from site A - with impersonate = false that is telling the site not impersonate the windows user, but this seems at odds with the setting in IIS.
I have a ASP.Net website that interacts with Dynamic CRM. It's also uses a local ASPNETDB.MDF for forms authentication. For the CRM I need to impersonate the identity created on the domain for this purpose. When identity impersonate is enabled I no longer have access to the local Membership Database. How can I allow the domain user used for the impersonation access to the membership database?
I have a requirement I should connect to MS SQL server under IIS Application pool account from ASP.NET application where Windows Authentication is enabled. I cannot use user name and password in connection string.
ASP.NET application should use Entity Framework 4.0 to work with data.
I have an MVC 2.0 environment in a S#arp layout, everything works great, and I have Intellisense working in my aspx file (for things like HTML helpers and Model properties) As soon as I add the line:
[Code]....
To my web.config, I lose Intellisense on my aspx files! Does anyone have any idea of why this is happening? Or have any experience with this?
How to prevent multiple user to be logged in at a time using a user id ?
After login in to website, the same user id not login in any other system it gives alert msg User Alrdy Login.. and also i have another query If user do not click logout and directly close browser..
i just found that can not run System.Diagnostics.Process.Start if i set the identity impersonate="true", what can i do if i need to use System.Diagnostics.Process.Start to run my java application and need to set the identity tag?
I been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this. have disable anonymous authentication, enable asp.net impersonation.I have added <identity impersonate = "true" />I have added the a user to the security logins that is connected to the database
I ready need all ur help, on currently i have one web application is running to call the jar file in web (Login Checking), but after i try to change the setting identity impersonate="true", the jar file cannot be call and running. I set the Virtual Directory as anonymously access, and set the Application ID (In Administrator Group) in IIS. I try a few time checking, after i set the impersonate="true", i will get the messageFaulting application java.exe, version 6.0.210.7, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x000000000003a7c0below is the script used to call the jar file
I am having one doubt regarding the use of static variable in Asp.net pages.I am having one page say UserDetails.aspx.In this page, I have one static variable to store some data specific to a user. So, will this ?
public partial class UserDetails { static int numberOfReviews=0;
I have a web application using Kerberos to access an external resource useing ASP.NET 3.5 and IIS.
When a user connects with the application, Kerberos authentication auto-magically allows me to connect to external resources acting as the user using delegation. This was not easy to do. It is nice, but I've a problem. Sometimes I need to connect to an external resource using an account with more rights than the user. The service account which the app-pool is running under has the addition rights I need. How can I remove the user's Kerberos identification and connect with Kerberos using the service account running the application pool?
UPDATE
I'm not sure why I am getting no responses at all. I've never seen that before. post questions, they may clarify the problem (to me too).
