C# - WCF Service Not Impersonating Specified User In Config?
Mar 2, 2011
I have a basic WCF service using basicHttpBinding. I have my site project and my services project. In my site project, I have a regular Services Reference to a service in my services project. In my development environment, it works fine. However, in our staging environment, we have enabled impersonation on the services application. This service connects to a SQL database using this user, of course.
The issue is, while the other ASMX services seem to impersonate just fine with the user defined in the web.config, the WCF service is still running as the site's user, causing SQL authentication to fail.
Are there extra steps to enable impersonation for my WCF service? I have not done anything special beside adding:
service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
After I initialize my service proxy from my website.
View 1 Replies
Similar Messages:
Sep 16, 2010
I have a WebApplication1 running in a port (let's say 4000) and I'm trying to build a website (WebSite1), running on IIS, that is running on the same server. I have no control over the WebApplication1, it's a packaged software, WebSite1 is built by me.
The WebSite1 will do a custom user validation and then will let the user access the WebApplication1:4000 under the impersonated user under which the website is running, not the user in the client machine. Sort of like changing the user in the session.
View 1 Replies
Nov 19, 2010
I have identity impersonate = true in the Web.config file. I have integrated security = true in the DB connection string in the Web.config file.Before identity impersonate was true,users were able to access the DB through the web service account (seemingly).Now I get an error which says " Login failed for ... " because I am aware there is no specific account for that user in the permissions for that DB instance.I needed to set identity impersonate = true because the web service does not have access to the Active Directory,which I need to retrieve certain user information.
My question is,does identity impersonate = true override the integrated security and attempt to user the authenticated user's account to connect to the DB? Is there a simple way to prevent this in the Web.config itself?If not,would programatically impersonating the user within the Active Directory query functions and setting identity impersonate = false do the trick here?
View 2 Replies
Oct 17, 2010
I'm trying to access global shared memory from an ASP.NET web method while impersonating a client, but I get access denied when trying to open the handle. As an example:
[WebMethod]
public string Testing()
{
string result = null;
using (var ctx = WindowsIdentity.Impersonate(IntPtr.Zero))
[code]...
View 1 Replies
Apr 19, 2010
Short Version: Can anyone say whether it's possible or not to use impersonation in ASP.NET to access mapped drives?
Long Version:
I'm currently using impersonation in ASP.NET to gain access to network files. This is working perfectly for any network file using a UNC path, but it is failing to access any files on mapped drives defined for the user account I'm impersonating.
For example, let's say a file lives on the network at "machinefolderfile.txt", and let's also say that drive S: is mapped to "machinefolder". We need to be able to access both the full UNC path, "machinefolderfile.txt", as well as the shorter, mapped drive path, "S:file.txt".
Obviously the standard ASP.NET process cannot access either.
Using a console application that runs under the local account with the mapped S: drive, calling File.Exists(@"machinefolderfile.txt") returns true, and File.Exists(@"S:file.txt") also returns true.
However, when impersonating in an ASP.NET context with the same local account, only File.Exists(@"machinefolderfile.txt") returns true. File.Exists(@"S:file.txt") returns false.
I'm testing with IIS 7 running on my local Windows 7 Professional box, though this will need to run in both IIS 6 and IIS 7.
Impersonation is handled with a couple of classes in C# which I'll include here:
public static class Impersonation
{
private static WindowsImpersonationContext context;
public static void ImpersonateUser(string username, string password)
{
ImpersonateUser(".", username, password);
}
public static void ImpersonateUser(string domain, string username, string password)
{
StopImpersonating();
IntPtr userToken;
var returnValue = ImpersonationImports.LogonUser(username, domain, password,
ImpersonationImports.LOGON32_LOGON_INTERACTIVE,
ImpersonationImports.LOGON32_PROVIDER_DEFAULT,
out userToken);
context = WindowsIdentity.Impersonate(userToken);
}
public static void StopImpersonating()
{
if (context != null)
{
context.Undo();
context = null;
}
}
}
public static class ImpersonationImports
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_LOGON_NETWORK = 3;
public const int LOGON32_LOGON_BATCH = 4;
public const int LOGON32_LOGON_SERVICE = 5;
public const int LOGON32_LOGON_UNLOCK = 7;
public const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
public const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
public const int LOGON32_PROVIDER_DEFAULT = 0;
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int LogonUser(
string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
out IntPtr phToken
);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int ImpersonateLoggedOnUser(
IntPtr hToken
);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int RevertToSelf();
[DllImport("kernel32.dll", SetLastError = true)]
public static extern int CloseHandle(IntPtr hObject);
}
Then, during Page_Load, we basically do something like this:
Impersonation.ImpersonateUser("DOMAIN", "username", "password");
if (!File.Exists(@"S:file.txt"))
throw new WeCannotContinueException();
I realize using mapped drives isn't a best practice, but for legacy reasons it's desirable for our business. Can anyone say whether it's possible or not to use impersonation in ASP.NET to access mapped drives?
View 2 Replies
Sep 29, 2010
I am stumped. i want my asp.net website to access a network share folder which is located at say, //hero/superman. I can do it manually.
I've done the following:
1. Included <identity impersonate="true" userName="IUSR_TEST" password="test" /> in my web.config.
2. Set anonymous access in IIS 5.1 with username IUSR_TEST and password: test in the account that is used for anonymous access. Checked integrated windows authentication.
3. Created a profile for IUSR_TEST in computer/management/local users and created the password: test for it. It is a member of guest.
4. Created a user account IUSR_TEST for the network share computer. gave it the same username and password.
4. On the network share computer, I've enabled access for the following people: ASPNET, NETWORK SERVICE, and IUSR_TEST.. all with full potential (for now) for the directory path in question //hero/superman which is really located on: c:herosuperman. I've given it full access.
But when I StreamReader fs = File.OpenText(Server.MapPath(@"\herosuperman est.txt"); I get the error "UnauthorizedAccess Exception". Access to the path \herosuperman est.txt is denied.
So what did I miss, what am I doing wrong. The key thing here are:
the webserver is on a domain. the network share computer is NOT on a domain, it is on it's own workgroup. This workgroup, lets just say is called "villains". So if I have to manually map the network drive to access the files, I must type: /villains/IUSR_Test and password: test to be able to map it on my webserver local computer.
View 2 Replies
Mar 28, 2011
Is it possible to run a web service as a particular user/service account in the same way a Windows service can?I have a service account used for connecting to the DB and want to run the webservice under this account as the users using the webservice won't have DB access.The way I see to do it is to include the Impersonate option in the Web.config file, but is there any better way to do this?
View 1 Replies
May 25, 2010
My WCF Client calls my WCF Service which then calls ASMX Web Service. The problem is i have configured my wcf client and wcf service to windows credentials type but when wcf service calls asmx service the user credentials (default windowsidentity) is not passed to asmx service.
In WCF Service i am able to get user identity by using : Thread.CurrentPrincipal.Identity.Name;
WCF Service - i have disabled anonymous access and enabled windows authentication. ASMX Web Service - i have disabled anonymous access and enabled windows authentication.
WCF Service Config
[Code]....
View 1 Replies
Jan 4, 2010
I do not understand what is happening here. If I run this same bizApp referenced from a webpage my code finds the endpoint in either my web.config file for the webpage. I copy that same section and paste it into the New version of web page that uses a new WCF that contains this same bizApp and I get a can not find endpoint.
[code].....
View 1 Replies
Dec 28, 2010
I have a Web service currently in an ASMX file. I want to move this code into its own class library project which generates a DLL. I want to be able to drop this DLL into any Web application and have it work. However, without an ASMX file, I have no URL endpoint. How do I get around this? Essentially, I want to run a Web service without having to distribute an ASMX. I just want to distribute a DLL. Can I map the endpoint for the Web service in the web.config, or something? (I think that perhaps WCF might do this, but one look at the config for that, and it feels like the cure is worse than the disease...)
View 3 Replies
Jun 16, 2010
Is it possible to change the url that the web service is using in the app.config file once the windows application is running? Example a user changes the index of a drop down that will change the URL of the web service?
What I'm trying to accomplish is having a drop down that will let the user select between using the web service on our dev system versus the live system.
View 4 Replies
Feb 9, 2011
I read on a post that you can use ASP.Net authorization in the web config to control access to a WCF web service to replace the following attribute:
[PrincipalPermission(SecurityAction.Demand, Role="Administrators")]
To test I have been using "Administrators" which is a valid role so should allow me access and "TEST" which isnt. This works fine when using the above attribute however when I comment that out and use this in my Web.Config file:
<authentication mode="Windows" />
<authorization>
<allow roles=".TEST"/>
<deny roles="*"/>
</authorization>
It still allows me access.
So I was wondering if I have just got something wrong in the web.config or whether what I read was wrong saying to use that.
Just for reference this is the post I looked at:
Using Windows Role authentication in the App.config with WCF
and the following is my web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Windows" />
<authorization>
<allow roles=".TEST"/>
<deny users="*"/>
</authorization>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService1.ServiceBehaviour1" name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WcfService1.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.ServiceBehaviour1">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
View 1 Replies
Nov 12, 2010
I have a Silverlight control that is hosted within an ASP.NET application. The Silverlight control has a web service reference. The URL of this service is going to vary when we install the application for our customers. I need a way to be able to change this web service reference URL from within the web.config of the ASP.NET application. How can I do this?
View 2 Replies
Apr 6, 2010
I did a couple google searches about this and am not finding anything, so I thought I'd ask here. I'm working on our internal CMS and I noticed that we're getting live data back when doing debugging because of our web services instead of the dev data that I wanted. It doesn't do this on our dev CMS website, but we're trying to do all our development on localhost. Is there any way to set up an environment variable in our web config for the URL so that the CMS points to the dev database instead of live database that is referenced in the wsdl files?
View 3 Replies
Sep 24, 2010
This is how I edit the profile variables for a currently logged in user:
Profile.variablename = "this";
How can I do the same thing, but specifying the username whose profile variable I want to change, as opposed to just the currently logged in user?
Something like Profile.variablename.("username", "this") is what I'm looking for.
I'm using C# asp.net.
View 1 Replies
Jul 8, 2010
I am adding a reference of class library in web service in VS2008 and it is not copying the .config file from class library to web service. I have checked the property "Copy to output directory" of .config file and its value is "Copy Always".
View 3 Replies
May 5, 2010
My web.config is set up so that I don't have to change anything between deploy from UAT and Production. I can determine what machine it is running on and then programatically pick the correct connection string etc from the web.config based on the name.
Now we are adding a call to a web service which now causes us to have to make a change at deploy time. We set a "Region" flag in the web.config and then in coded an IF statement to call the appropriate webservice based on the flag so all we'd have to change is the "T" to a "P" when moving to production. But then hardcoding a web service in the application is not what we want to do. Nor do we want to change the web service address in the web.config.
Is there any way we can do something like the following to be able to not have to change the web.config at deploy?
It would be something like:
1. Grab current Machine name
2. Look in web.config for corresponding machine name web service reference (like we do for connection strings etc)
3. Use that web service in the processing.
View 4 Replies
Feb 18, 2011
dynamically switch WCF web service reference URL path through config file. how do you do this?
View 3 Replies
Jun 28, 2011
In the IIS, it shows that the web app (i'm using) is using an application pool that uses NETWORK SERVICE account for identity. But when I debug/run my web app, User.Identity.Name shows that my windows user login instead. I checked my web.config file, and it does not have Impersonate enabled. In fact, I set it to false, and it still shows the same.
View 1 Replies
Mar 9, 2010
I am doing a web project in asp.net. Now I am trying to keep each connection string for each user. And the user can decide which server he prefer. How to change this dynamically and where can I store this?. I happen heard about machine.config .Unfortunately i am not familiar with this. Can you just tell what it is and it's use.
View 3 Replies
Jan 15, 2011
I am using custom user membership in asp.NET so user is an object that contains members. One of the user's members is "IsCompanyAdmin".I have a few aspx pages for company administrators only.Is there any way to prevent those pages from non-administrator users using the web.config?
View 2 Replies
Apr 26, 2010
Using visual studio 2010.
Dragged and dropped a login control onto a blank content page. Set up my web.config (i'll include the code for that at the end). It seems to want to use a sql database to store the info. I just want to use the web.config since it's just a single user and a simple site. I thought I could just drag and drop the login control to a page and that would be the end of it (besides setting up the web.config).
Here's what i have in the config file
[Code]....
View 2 Replies
May 19, 2010
I've an application only used in my site, and I'm interested to put in production from a global scope and the same instance to all the sites.
The fastest solution I've in mind is to use the current database for each different site, as copy from current system and add/clean a new one when a new site will start using it.
For this purpose I though in a front database where to check the logged in user site and then, depending user configuration, access his own site database.
I'm using now a connection string called ConnectionString1 in all the controls/code-behind database access. Then, my trouble is how to make it configurable to point to a certain database with the same connection string name but different connection string value depending on the user who has logged in, in order to not modify the current code I did. The only work I must do is change LogIn page to select appropiate database to access.
web.config:
[Code]....
View 8 Replies
Mar 10, 2010
I register all my user controls in the web.config file. In one of the modules of my application, I need to load a control dynamically. Is it possible for me to read the section of the web.config file where I have my user control data so that I can get its path directly from web.config?
View 5 Replies
Mar 8, 2010
I'm trying to find out how i store user names and passwords in the web.config file. I have tried looking for documentation on this but haven't found any so far.
I see in the class library it says that the Authenticate method of the FormsAuthentication class is for use in authenticating credentials against those stored in the config file, but i don't know how to store them there to begin with. I want to store two username:password pairs in the web.config file preferably encrypted.
one of these username:password pairs i want to be hard coded. The other i want to be able to be reset with a password reset form which I will code later. I guess there maybe a method for creating a sername:password entry in the web.config which could be used with my password reset form if such a method exists. But I need to know how to hand code the username:password entries into the web.config file to begin with and to beable to create the hard coded pair.
code I need to add to my web.config file i need to add and in what section?
also can you point me in the direction of a method used for creating username:password entries in web.config
View 6 Replies