httplistener, custom hosting and authentication/impersonation

E

Enrico Sabbadin

Hi,
I've developed in .net 2.0 a custom web server that hosts asp.net sites
using the httplistener and applicationhost.createapplicationhost.
When I tell to the httplistener to require authenticathion it does work,
however in the the asp.net site EVEN IF I require authentication=windows /
impersonate=true
System.security.prinvipal.windowsidentity.getcurrent() returns the identity
of the hosting process, not of the caller .. and
system.threading.currentprincipal.identity.name is empty.
(all works fine if I publish the same dir to IIS)
What wiring am I missing to have the identity flow from the httplistener to
the asp.net stack ?

i managed to solve it doing an explicit impersonate before forwarding the
call to the asp.net runtime , however i guess there is a better way to do it

Thank you
 
B

bruce barker

you are confusing two concepts with asp.net. authentication (how the
user is) and thread identity (impersonation).

authentication=windows inpersonate=true

is telling asp.net that the windows authenication was used, and to
impersonate the hosts identity.

you are coding it the same way as iis does. it impersonates the
webclient before accessing any resources (such as asp.net or the file
system).

-- bruce (sqlwork.com)
 
E

Enrico Sabbadin

i'm not confusing the 2 concepts , i know the difference..
i'm just asking if authentication=windows inpersonate=true is something i
should take care in custom web hosting , or it's something out of the box if
i code properly
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top