ASP 2.0, C#, LDAP Login, and Forms impersonation?

K

Karl

Will a forms authentication allow me to impersonate a user?

I am working on an application that will run on a kiosk, and allow a user to
login and view their homedirectory.

I have a form with the new login control which works great.

I get logged in, and find the user's homedirectory.

I then write Click here to access your home directory, and include a file
URL pointing to the homedirectory

All of this works, until the user clicks the link. At this point, a user
cannot access their user drive without logging in again.

So, now I am trying to map a drive using WNetAddConnection2A, and it fails
with an error 5 on my development PC (Access Denied)

I get a formsauthentication ticket via
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

fat.name populates correctly

Then, i call WNetAddConnection2A using the structure of:
dwType= RESOURCETYPE_DISK
lpLocalName = "m:"
lpRemoteName = "\\\\usawvfs04\\userskl\\karlm"
lpProvider= null

My lpPassword is null, my lpUsername I set to fat.name.tostring()
I do not set any dwFlags.

If I hard code my own null terminated username and password, I get an error
1312 (ERROR_NO_SUCH_LOGON_SESSION)

Here is the relevent code:
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
IIdentity WinId= HttpContext.Current.User.Identity;

try
{
char[] splitter = { '\\' };
string SearchString ="";

// Access resources using the identity of the authenticated user
DirectoryEntry obEntry = new
DirectoryEntry("LDAP:servername/DC=/DC=/DC=");
SearchString = "anr=" + fi.Ticket.Name.ToString();

DirectorySearcher search = new DirectorySearcher(obEntry,
SearchString);
SearchResult res = search.FindOne();
strUserDrive = (string)res.Properties["homedirectory"][0];

Response.Write("Hello, " +
(string)res.Properties["givenname"][0]+".");
Response.Write("<br/><br/>Your User Drive is now
available.<br/>");

NETRESOURCEA[] n = new NETRESOURCEA[1];
n[0] = new NETRESOURCEA();
n[0].dwType = 1;
int dwFlags = 1;
n[0].lpLocalName = @"m:";
n[0].lpRemoteName = (string)res.Properties["homedirectory"][0];
n[0].lpProvider = null;

FAILS HERE:
int result = CMyMprTest.WNetAddConnection2A(n, null, fi.Name,
dwFlags);

Response.Write("<br/>Click here to access your <a
href=file://m:> user drive</a>");
Response.Write("<br/><br/>Remember to click Logout when you are
done with your user drive.");
 
J

Joe Kaplan

No, forms auth does not support impersonation like Windows auth does. You
would need to code your own thing to do that. Since you are gathering the
user's credentials, that should be possible, but you'll need to store them
somewhere (like session or something), as you won't have them after the
forms login is processed.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Karl said:
Will a forms authentication allow me to impersonate a user?

I am working on an application that will run on a kiosk, and allow a user
to
login and view their homedirectory.

I have a form with the new login control which works great.

I get logged in, and find the user's homedirectory.

I then write Click here to access your home directory, and include a file
URL pointing to the homedirectory

All of this works, until the user clicks the link. At this point, a user
cannot access their user drive without logging in again.

So, now I am trying to map a drive using WNetAddConnection2A, and it fails
with an error 5 on my development PC (Access Denied)

I get a formsauthentication ticket via
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

fat.name populates correctly

Then, i call WNetAddConnection2A using the structure of:
dwType= RESOURCETYPE_DISK
lpLocalName = "m:"
lpRemoteName = "\\\\usawvfs04\\userskl\\karlm"
lpProvider= null

My lpPassword is null, my lpUsername I set to fat.name.tostring()
I do not set any dwFlags.

If I hard code my own null terminated username and password, I get an
error 1312 (ERROR_NO_SUCH_LOGON_SESSION)

Here is the relevent code:
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
IIdentity WinId= HttpContext.Current.User.Identity;

try
{
char[] splitter = { '\\' };
string SearchString ="";

// Access resources using the identity of the authenticated
user
DirectoryEntry obEntry = new
DirectoryEntry("LDAP:servername/DC=/DC=/DC=");
SearchString = "anr=" + fi.Ticket.Name.ToString();

DirectorySearcher search = new DirectorySearcher(obEntry,
SearchString);
SearchResult res = search.FindOne();
strUserDrive = (string)res.Properties["homedirectory"][0];

Response.Write("Hello, " +
(string)res.Properties["givenname"][0]+".");
Response.Write("<br/><br/>Your User Drive is now
available.<br/>");

NETRESOURCEA[] n = new NETRESOURCEA[1];
n[0] = new NETRESOURCEA();
n[0].dwType = 1;
int dwFlags = 1;
n[0].lpLocalName = @"m:";
n[0].lpRemoteName = (string)res.Properties["homedirectory"][0];
n[0].lpProvider = null;

FAILS HERE:
int result = CMyMprTest.WNetAddConnection2A(n, null, fi.Name,
dwFlags);

Response.Write("<br/>Click here to access your <a
href=file://m:> user drive</a>");
Response.Write("<br/><br/>Remember to click Logout when you are
done with your user drive.");
Click to expand...
 
K

Karl

Or, I could just start over with a windows authentication login, and after
getting authenticated, open default.aspx wtth the

Click Here to access your User Drive and a logout button, I suppose?

I am new (obviously) to asp, and thought "Why not use this nifty login
control"

Seems like a fairly useless control - i will go back to asp.net 1.x and
windows authentication.

Thanks

karl

Joe Kaplan said:
No, forms auth does not support impersonation like Windows auth does. You
would need to code your own thing to do that. Since you are gathering the
user's credentials, that should be possible, but you'll need to store them
somewhere (like session or something), as you won't have them after the
forms login is processed.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
Karl said:
Will a forms authentication allow me to impersonate a user?

I am working on an application that will run on a kiosk, and allow a user
to
login and view their homedirectory.

I have a form with the new login control which works great.

I get logged in, and find the user's homedirectory.

I then write Click here to access your home directory, and include a file
URL pointing to the homedirectory

All of this works, until the user clicks the link. At this point, a user
cannot access their user drive without logging in again.

So, now I am trying to map a drive using WNetAddConnection2A, and it
fails with an error 5 on my development PC (Access Denied)

I get a formsauthentication ticket via
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

fat.name populates correctly

Then, i call WNetAddConnection2A using the structure of:
dwType= RESOURCETYPE_DISK
lpLocalName = "m:"
lpRemoteName = "\\\\usawvfs04\\userskl\\karlm"
lpProvider= null

My lpPassword is null, my lpUsername I set to fat.name.tostring()
I do not set any dwFlags.

If I hard code my own null terminated username and password, I get an
error 1312 (ERROR_NO_SUCH_LOGON_SESSION)

Here is the relevent code:
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
IIdentity WinId= HttpContext.Current.User.Identity;

try
{
char[] splitter = { '\\' };
string SearchString ="";

// Access resources using the identity of the authenticated
user
DirectoryEntry obEntry = new
DirectoryEntry("LDAP:servername/DC=/DC=/DC=");
SearchString = "anr=" + fi.Ticket.Name.ToString();

DirectorySearcher search = new DirectorySearcher(obEntry,
SearchString);
SearchResult res = search.FindOne();
strUserDrive = (string)res.Properties["homedirectory"][0];

Response.Write("Hello, " +
(string)res.Properties["givenname"][0]+".");
Response.Write("<br/><br/>Your User Drive is now
available.<br/>");

NETRESOURCEA[] n = new NETRESOURCEA[1];
n[0] = new NETRESOURCEA();
n[0].dwType = 1;
int dwFlags = 1;
n[0].lpLocalName = @"m:";
n[0].lpRemoteName =
(string)res.Properties["homedirectory"][0];
n[0].lpProvider = null;

FAILS HERE:
int result = CMyMprTest.WNetAddConnection2A(n, null, fi.Name,
dwFlags);

Response.Write("<br/>Click here to access your <a
href=file://m:> user drive</a>");
Response.Write("<br/><br/>Remember to click Logout when you
are done with your user drive.");
Click to expand...
Click to expand...
 
J

Joe Kaplan

Well, the control isn't useless. It is just that you don't need forms auth
here, so it doesn't really do anything for you. You need Windows auth, so
you might as well just use it. I wouldn't go back to .NET 1.1, though.
There's more to love in 2.0 than just the login control. :)

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Karl said:
Or, I could just start over with a windows authentication login, and after
getting authenticated, open default.aspx wtth the

Click Here to access your User Drive and a logout button, I suppose?

I am new (obviously) to asp, and thought "Why not use this nifty login
control"

Seems like a fairly useless control - i will go back to asp.net 1.x and
windows authentication.

Thanks

karl

Joe Kaplan said:
No, forms auth does not support impersonation like Windows auth does.
You would need to code your own thing to do that. Since you are
gathering the user's credentials, that should be possible, but you'll
need to store them somewhere (like session or something), as you won't
have them after the forms login is processed.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
Karl said:
Will a forms authentication allow me to impersonate a user?

I am working on an application that will run on a kiosk, and allow a
user to
login and view their homedirectory.

I have a form with the new login control which works great.

I get logged in, and find the user's homedirectory.

I then write Click here to access your home directory, and include a
file
URL pointing to the homedirectory

All of this works, until the user clicks the link. At this point, a user
cannot access their user drive without logging in again.

So, now I am trying to map a drive using WNetAddConnection2A, and it
fails with an error 5 on my development PC (Access Denied)

I get a formsauthentication ticket via
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

fat.name populates correctly

Then, i call WNetAddConnection2A using the structure of:
dwType= RESOURCETYPE_DISK
lpLocalName = "m:"
lpRemoteName = "\\\\usawvfs04\\userskl\\karlm"
lpProvider= null

My lpPassword is null, my lpUsername I set to fat.name.tostring()
I do not set any dwFlags.

If I hard code my own null terminated username and password, I get an
error 1312 (ERROR_NO_SUCH_LOGON_SESSION)

Here is the relevent code:
FormsIdentity fi = (FormsIdentity)User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
IIdentity WinId= HttpContext.Current.User.Identity;

try
{
char[] splitter = { '\\' };
string SearchString ="";

// Access resources using the identity of the authenticated
user
DirectoryEntry obEntry = new
DirectoryEntry("LDAP:servername/DC=/DC=/DC=");
SearchString = "anr=" + fi.Ticket.Name.ToString();

DirectorySearcher search = new DirectorySearcher(obEntry,
SearchString);
SearchResult res = search.FindOne();
strUserDrive = (string)res.Properties["homedirectory"][0];

Response.Write("Hello, " +
(string)res.Properties["givenname"][0]+".");
Response.Write("<br/><br/>Your User Drive is now
available.<br/>");

NETRESOURCEA[] n = new NETRESOURCEA[1];
n[0] = new NETRESOURCEA();
n[0].dwType = 1;
int dwFlags = 1;
n[0].lpLocalName = @"m:";
n[0].lpRemoteName =
(string)res.Properties["homedirectory"][0];
n[0].lpProvider = null;

FAILS HERE:
int result = CMyMprTest.WNetAddConnection2A(n, null, fi.Name,
dwFlags);

Response.Write("<br/>Click here to access your <a
href=file://m:> user drive</a>");
Response.Write("<br/><br/>Remember to click Logout when you
are done with your user drive.");
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LDAP and SASL 3
LDAP drill down organizationalUnit ASP.NET 0
Forms authentication cookie handling question (C#) 4
Forms Authentication does not work when using computer name 0
ldap server can not replace the order of login, why? 3
Need help with GridView and LDAP/GC 2
Custom login will not work 1
LDAP lookup: fails on remote computers -- Please help 3

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 345

Forum statistics

Threads
473,769
Messages
2,569,582
Members
45,065
Latest member
OrderGreenAcreCBD

Latest Threads

Top