Impersonate problem

Discussion in 'ASP .Net' started by Steve B., Jul 26, 2006.

  1. Steve B.

    Steve B. Guest

    Hi,

    I'm having difficulties to configure security in a 3 tiers web application.

    Let's explain the scenario :

    A. The client computer is running in a domain in which the user is
    authenticated (domain\theuser). The user call a web application
    http://myserveur/myapp

    B. The web application have this entry in the web.config :

    <identity impersonate="true" />

    in order to make the web application run with the rights of the user (I
    check this in System.Threading.CurrentPrincipal.Identity, which is
    domain\theuser).

    C. The web application run in an dedicated application pool which is
    configured to use a specific user as its identity (domain\serviceaccount).

    D. The web application query data from another web service on an other web
    serveur http://mywsserver/myws/service.asmx which also have
    impersonate="true" configured. The property UseDefaultCredentials of the
    proxy object is set to true.

    E. The problem is that the web service see the incoming request runnig as
    domain\serviceaccount instead of domain\theuser.

    F. Under the computer account in the AD managment tools, the server that
    host the web application is configured to allow delegation of security.


    I don't know I'm wrong, and I would appreciate any help to solve this
    problem.

    Steve
    Steve B., Jul 26, 2006
    #1
    1. Advertising

  2. isn't it running in the application pool with the similar account. you have
    too many impersonations going on. what's the point of the app pool one? just
    use one or better yet, use code impersonation which is a lot safer.

    --
    ________________________
    Warm regards,
    Alvin Bruney [MVP ASP.NET]

    [Shameless Author plug]
    Professional VSTO.NET - Wrox/Wiley
    The O.W.C. Black Book with .NET
    www.lulu.com/owc, Amazon
    Blog: http://www.msmvps.com/blogs/alvin
    -------------------------------------------------------


    "Steve B." <_swap_msn_and_com> wrote in message
    news:...
    > Hi,
    >
    > I'm having difficulties to configure security in a 3 tiers web
    > application.
    >
    > Let's explain the scenario :
    >
    > A. The client computer is running in a domain in which the user is
    > authenticated (domain\theuser). The user call a web application
    > http://myserveur/myapp
    >
    > B. The web application have this entry in the web.config :
    >
    > <identity impersonate="true" />
    >
    > in order to make the web application run with the rights of the user (I
    > check this in System.Threading.CurrentPrincipal.Identity, which is
    > domain\theuser).
    >
    > C. The web application run in an dedicated application pool which is
    > configured to use a specific user as its identity (domain\serviceaccount).
    >
    > D. The web application query data from another web service on an other web
    > serveur http://mywsserver/myws/service.asmx which also have
    > impersonate="true" configured. The property UseDefaultCredentials of the
    > proxy object is set to true.
    >
    > E. The problem is that the web service see the incoming request runnig as
    > domain\serviceaccount instead of domain\theuser.
    >
    > F. Under the computer account in the AD managment tools, the server that
    > host the web application is configured to allow delegation of security.
    >
    >
    > I don't know I'm wrong, and I would appreciate any help to solve this
    > problem.
    >
    > Steve
    >
    Alvin Bruney [MVP], Jul 27, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter O'Reilly
    Replies:
    2
    Views:
    10,882
    Peter O'Reilly
    Nov 3, 2003
  2. Aras Kucinskas

    ASP.NET Webservice Impersonate problem

    Aras Kucinskas, Aug 31, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    2,019
    Aras Kucinskas
    Aug 31, 2004
  3. Yoshitha

    Problem with impersonate

    Yoshitha, Jul 1, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    393
    Yoshitha
    Jul 1, 2005
  4. =?Utf-8?B?QmFsYQ==?=

    Impersonate problem

    =?Utf-8?B?QmFsYQ==?=, Nov 2, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    3,326
    =?Utf-8?B?QmFsYQ==?=
    Nov 3, 2005
  5. Bill Belliveau

    DirectoryEntry Impersonate or WindowsIdentity Impersonate?

    Bill Belliveau, Jan 28, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    340
    Joe Kaplan \(MVP - ADSI\)
    Jan 31, 2004
Loading...

Share This Page