ASP.Net not impersonating for WSE 2.0 AuthenticateToken method

Discussion in 'ASP .Net Web Services' started by Francois, Nov 12, 2004.

  1. Francois

    Francois Guest

    I have several web services that use WSE to authenticate calling users.
    I use a UsernameToken that validates the sent username and password
    against our SqlServer database. The SqlServer database is on a
    different machine than the website. For all of my database access I use
    Windows Integrated Security. As such, I've had to change the ASP.Net
    process model to system in the machine.config and set <identity
    impersonate="true" /> in the web.config for the web service project.
    For all regular db access throughout the web services the impersonation
    works and the code can connect to the database with the user we
    specified as the anonymous user for the website.

    However, when the password validation code for the AuthenticateToken
    method in my custom UsernameTokenManager object runs
    WindowsIdentity.GetCurrent().Name returns 'NT AUTHORITY\SYSTEM' and the
    database says "Login failed for user 'DOMAIN\MACHINENAME$'"

    This means that either the code in AuthenticateToken is ran using the
    builtin machine user, or because the class was constructed before
    aspnet_wp.exe switched users according to the <identity
    impersonate="true" /> tag in the web.config.

    As I see it, there are only a couple of options to fix this problem:
    1) Add the machine user to the database (is this even possible?)
    2) Change my db to mixed mode authentication (against MS's best
    practises) and store the connection string somewhere

    Are there any other options? What have other people done in this
    situation? What is my best solution? I find it hard to believe that
    I'm the only person using WSE to authenticate against SqlServer with
    integrated security, yet I've never seen any documentation on the
    subject nor discussion about it on the newsgroups.

    I'm using Windows 2000/IIS 5.0/SQL Server 2000/.NET Framework 1.1 SP2

    TIA,

    Colin Svingen
     
    Francois, Nov 12, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jason

    impersonating and LogonUser

    Jason, Dec 30, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    450
    Jim Cheshire [MSFT]
    Jan 5, 2004
  2. =?Utf-8?B?Q2hyaXM=?=
    Replies:
    0
    Views:
    461
    =?Utf-8?B?Q2hyaXM=?=
    Sep 4, 2006
  3. esource
    Replies:
    1
    Views:
    478
    =?Utf-8?B?TGFkaXNsYXYgTXJua2E=?=
    Aug 22, 2007
  4. Replies:
    4
    Views:
    238
    Consultant
    Feb 15, 2007
  5. Replies:
    2
    Views:
    164
Loading...

Share This Page