WCF / ASMX :: Impersonation Not Working?
Jan 13, 2011I have a website using Windows Authentication. Note: The accounts are domain accounts.The website is configured to impersonate in the Web.Config using
[Code]....
I have a website using Windows Authentication. Note: The accounts are domain accounts.The website is configured to impersonate in the Web.Config using
[Code]....
From my following code snippet:
ExchangeServiceBinding binding = new ExchangeServiceBinding();
binding.Credentials = new NetworkCredential(username, password);
binding.Url = "http://servername/ews/exchange.asmx";
The above web services throws Unauthorized Access Error (Error : 401) for newly created users.I would like to know how to impersonate this user for accessing this exchange web services.
I've added the identity tag for impersonation. I've configured my site under IIS 5.1. The identity i've added is my domain username/password. But when I run any exe file from my asp.net file, it still runs under "aspnet" user name.
View 1 RepliesI am using impersonation in my ASP.NET application to access network resources. It works fine when I run on my computer, however when I setup the site on IIS6, it does not work. Is there some extra configuration, I need make in IIS for it?1. I created an account "TestUser" with the privilege as "act as operating system" on a server that has the resources which I want to access.2. The impersonation works fine on my computer, when I run from visual studio. My computer is on the network under same domain where the "TestUser" is created.
View 5 RepliesIs there a reason Impersonation does not seem to work with a UNC path using File.OpenRead()? I'm utilizing codeproject's Impersonation utility: [URL] I have a user with rights to the share that I'm passing to OpenRead(). This is my code and it's not accessing the file:
try
{
bool canImp = imp.ImpersonateValidUser(impUser, domain, impPwd);
FileStream fs = File.OpenRead(filePath);
logger.Debug("File stream opened...");
byte[] b = new byte[fs.Length];
fs.Read(b, 0, b.Length);
fs.Close();
//code continued
We have a requirement to call a WCF service from another WCF Service. To test this I build a sample console application to display a simple string. The setup is: Console App -> WCF Service 1 -> WCF Service 2 Console App calls a method of service 1 and the service 1 method eventually calls service 2 method to return a string. I am able to call Console -> Service 1 but Service 1 -> Service 2 is not working. It throws an exception: "Could not find default endpoint element that references contract 'ITestService2' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element." To accomplish this,
1. I have created a service2, compiled and then created a proxy class and app.config.
2. I created service1, copied service2.cs(proxy) and app.config, created an object of service2 and called service2's menthod.
3. I created a console application, copied the service1.cs (proxy) and app.config, called service1's method.
Do I need to specify any link in app.config of service1 to service2? but how? the app.config files for service1 and service2 are:
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ITestService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address=[URL]
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ITestService1"
contract="ITestService1" name="WSHttpBinding_ITestService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
i am calling the webservice from acrobat javascript. it works very well in development server. but when i put the same code in production server, it doesnt call the webservice.
View 3 RepliesI created a WCF data service and i've set the service config params like;
config.SetEntitySetAccessRule("PROFILEs", EntitySetRights.All);
config.SetEntitySetPageSize("*", 100);
So, in the returned xml feed, the link to goto next page is: <link rel="next" href="http://localhost:4760/oData.svc/PROFILEs?$skiptoken=4105" />
However, if I browse to that url I get an HTTP 404 error "The resource cannot be found."
Also, none of the URI querystrings seem to work.
I was expecting a parameter will become a empty string value if the parameter is missing, but it turn out to be null. have I done it wrong for the optional parameter?
[Code]....
I am working on a web service program but is stuck. i dont know what to do after I use the foreach statement to retreive my data.
using System;
using System.Collections;
using System.Collections.Generic; [code]....
I have a web service that was running on Server 2003, IIS6. The service required an SSL connection. The service expects 4 parameters; a User ID, Password, Record ID and the "type" of data requested (one of 5 options). The service validates the user then simply performs a select of the record ID from a table determined by the type specified. This service was up and running for a couple of years. I installed a couple of new servers a couple of months ago. The users that makes use of this service just tried it and couldn't get a response. I checked the server and I hadn't copied the service over. The service is located in a virtual directory under the primary web site.
For example, the site is: [URL] Service virtual directory is "GetITSData" The call to the service has been: [URL] param1, param2, param3, param4 and the service would return the appropriate data. I "assumed" that when I copied the actual contents of the directory over, that the service would then begin functioning again (since it was empty). All IIS snap-in manager items for the virtual directory match the previous settings on the old server (I still have that server available in my office). The main site requires SSL and uses forms authentication. When I create a dummy site in VS2008 and try to add a service reference, I get the following: There was an error downloading [URL]. The request failed with HTTP status 403: Forbidden. Metadata contains a reference that cannot be resolved: [URL]. The remote server returned an unexpected response: (405) Method Not Allowed. The remote server returned an error: (405) Method Not Allowed. If the service is defined in the current solution, try building the solution and adding the service reference again.
Im trying to generate a service based on the wsdls ive been given hitting svcutil directly.. try as I might I cannot get it to export everything correctly.. it ends up not including chunks of info from the wsdl files..
svcutil /n:"*, TestProject.Web" CreateApplication_Responder.2.3.0r2.wsdl DeclareDetermination_Responder.2.3.0r2.wsdl ..ivmdeclareDetermination*.xsd ..ivmcreateApplication*.xsd ..ivss*.xsd ..ivcore*.xsd ..ivdtqdt*.xsd /mc /ser:Auto
/importXmlTypes /tcv:Version35 /s
I have an ASMX Web Service set up to use the HTTP GET method. Simple methods which take basic String and Int parameters are working ok, and I can call MyService.asmx/MethodName?Param=Value and get a response back in XML.
However, when I have a method which has a nullable Int (i.e. int?), I get this error:
< Method Name > Web Service method name is not valid.
The error message is confusing, as the method does exist, just not in the GET scope. I presume this is because a nullable type is too complex to be passed via the URL, but I can't find any documentation or SO posts on this.
I appreciate that complex types like Lists or custom classes etc will not work using GET, but I would have assumed that a simple nullable int or nullable datetime could be handled natively, simply by detecting whether it was omitted from the URL. Guess it's not that simple!
I have a simple web service that isn't working with a standard jQuery call. The code is below. The jQuery will execute and succeed, but on debugging, the service argument is always null. I've had it separated as 4 string params in a json string and that didn't work either. I must be missing something on the config side, but I can tell what it is.
[Code]....
what is impersonation and when, why to use it?I am not getting it.
View 1 RepliesI modified the ASP.NET login control to also allow specifying UserRole ('Employee' or 'Volunteer'). Users are authenticated via a call to a webservice written by our client, which accepts username/password/role and returns true or false.If role is 'Employee' it represents an active directory user. The application should impersonate the user with the given username/password.If role is 'Volunteer' the application should run under a set Windows account whose username/password are known in advance (i.e. hard-coded in web.config file).
View 1 Replieswhat is impersonation in asp.net? Is authentication and impersonation both are same ?I googled and found both are one type of security.
View 3 RepliesI need to pass a NetworkCredential object with the credentials of the currently impersonated user to a web service from an asp.net application.My code looks like this:
WindowsIdentity windowsIdentity = HttpContext.Current.User.Identity as WindowsIdentity;
WindowsImpersonationContext context = windowsIdentity.Impersonate();
try {
[code]...
The masterpage of my site is using a control that reads data from a network share. To make this work on all pages I'm having to enable impersonation for the whole site. But what I want to do is only enable it for the pages that actually read/write to the share. Eg:
<location path="SystemAdmin">
<system.web>
<identity impersonate="true" password="abcdefgh" userName="MYDOMAINAdministrator" />
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web></location>
We are in the process of building ASP.NET windows auth application. Where user need to interact with other internal system using the same single sign on. To interact application DB the system relies on App Pool account, for this we are every time doing the imporsanation to before every DB call. We can not have all useres added to DB, or create an SQL account. Which requires password and user to store in Web Config. We can encrypt it again you encrypt with what and etc ..So we have one windows account wihich same windows account used for our app pool as well.
I would like to know from the team is what is the best way to do the DB connection in this case?What is the implcations if we imporsanate the DB calls based on the app pool account ? Is it a best practice? I have read it creates its own thred and stuff, Do we need to worry ?
On http://msdn.microsoft.com/en-us/library/w070t6ka(v=VS.100).aspx there is an example on how to do impersonation with .net 4.0. We have used this example in a class that inherits IDisposable for ease of use. However, when we use this class in a asp.net web application, we notice a slight but steady increase of Pool Paged Bytes in performance monitor. After a week, the application crashes.
I've tried different implementations of the impersonation-class, using http://msdn.microsoft.com/en-us/library/w070t6ka(v=VS.90).aspx and http://support.microsoft.com/kb/306158 as reference, but they all show the same leak.
Where does this leak come from? Is there a problem with the windows api? We are running Windows 2008 R2.
This is our current version of the impersonation class:
public class Impersonator : IDisposable
{
public Impersonator(string username, string domain, string password)
{
if (!ImpersonateValidUser(username, domain, password))[code]....
And this is the performance monitor graph of two webservers using different versions of the class:
When we disable the class, and use global impersonation via web.config, those lines are completely flat.
Update,I have made a test-application that successfully reproduce the problem. It can be downloaded here:
http://rapidshare.com/files/447325211/ImpersonationTest.zip
The result over 18 hours looks like this:
I noticed impersonation is turned on by default in MOSS web configs. I tried disabling it but the web app returns an error. So my question, is it possible to disable impersonation in MOSS? If it is possible are there any special considerations I should be aware of?
If you're interested in why I need to do this...I need to have a custom web part (developed with SmartPart) talk to a separate SQL server using the application pool rather than the current user (Kerberos is enabled). If I set the authentication mode to NTLM I get NTAuthority/ANonymous login errors from my SQL connection. If I turn Kerberos on, the currently logged in user's credentials are passed. If I hard code the user id and password in the connection string it seems to ignore it and default to whichever security model is in place (NTLM or Kerberos).
suggest me a good Video to look at that can give me a start on how to use Impersonation?
View 1 RepliesI am trying to use impersonation on an IIS server while I access Active Directory data. The following code works fine on the localmachine but when I put this same code on an IIS server I get an error: System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
If I remove the top 4 lines and add my ID and passcode to the DirectoryEntry, everything works fine. I would prefer to not have my id and passcode anywhere on the web. Any ideas on how to fix this? Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Summary: One of our web applications requires write access to C:WindowsTemp. However, no matter how much I weaken the NTFS permission, procmon shows ACCESS DENIED.Background (which might or might not be relevant for the problem): We are using OLEDB to access an MS Access database (which is located outside of C:WindowsTemp). Unfortunately, this OLEDB driver requires write access to the user profile's TEMP directory (which happens to be C:WindowsTemp when running under IIS 7.5), otherwise the dreaded "Unspecified Error" OleDbException is thrown.
View 1 Replies