Impersonate User asp.net

[Guest]

Hi...

Okay this is driving me mad. I have a very simple webpage served up from my
webserver which uses the following code to populate 3 labels.

lblOne.Text = Page.User.Identity.Name
lblTwo.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
lblThree.Text = System.Threading.Thread.CurrentPrincipal.Identity.Name

In my web.config file I have :-

<authentication mode="Windows" />
<identity impersonate="true"/>

<authorization>
<deny users = "?" />
<allow users ="*" />
</authorization>

So when i call the url to display the page from my machine the labels are
populated as below:-

someserver\administrator
someserver\administrator
someserver\administrator

but i was expecting the identity of the person calling the webpage something
like:-

ad\rich

What am i doing wrong or have i totally failed to grasp the impersonating
topic at all. I am running Windows 2003 with IIS 6

Any help would be very much appreciated.

Many thanks

R

 

[Patrice]

Is anonymous access enabled in IIS ?

 

[Mohamed Sharaf]

Hi Rich,
Do you mean you logged in using your domain account? or the local
administrator of the server?
Do you have the same response if you deployed this code in another
server/workstation?


Mohamed Sharaf
MEA Developer Support Center
ITWorx on behalf Microsoft EMEA GTSC
--------------------
| Thread-Topic: Impersonate User asp.net
| thread-index: AcXObuOLzHxVX2J+T6G7GmZT5b2mTQ==
| X-WBNR-Posting-Host: 195.245.247.40
| From: "=?Utf-8?B?cmljaGk=?=" <[email protected]>
| Subject: Impersonate User asp.net
| Date: Tue, 11 Oct 2005 07:20:10 -0700
| Lines: 41
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:349968
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Hi...
|
| Okay this is driving me mad. I have a very simple webpage served up from
my
| webserver which uses the following code to populate 3 labels.
|
| lblOne.Text = Page.User.Identity.Name
| lblTwo.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
| lblThree.Text = System.Threading.Thread.CurrentPrincipal.Identity.Name
|
| In my web.config file I have :-
|
| <authentication mode="Windows" />
| <identity impersonate="true"/>
|
| <authorization>
| <deny users = "?" />
| <allow users ="*" />
| </authorization>
|
| So when i call the url to display the page from my machine the labels are
| populated as below:-
|
| someserver\administrator
| someserver\administrator
| someserver\administrator
|
| but i was expecting the identity of the person calling the webpage
something
| like:-
|
| ad\rich
|
| What am i doing wrong or have i totally failed to grasp the impersonating
| topic at all. I am running Windows 2003 with IIS 6
|
| Any help would be very much appreciated.
|
| Many thanks
|
| R
|
|
|

 

[Guest]

Hello and thanks for replying.

I can confirm that the virtual directory running under IIS6 on my server has
annonymous authentication disabled and windows integrated security enabled.

I am attempting to browse to the virtual directory on the server from my
machine and was expecting to see the useridentity as my domain logon but i
get the domain logon of the administrator of the server where the virtual
directory resides.

Very confused!

Thanks

Rich

 

[Patrice]

Do you use a virtual directory that points to another server ? Is the
credentials you see those you entered to get access to this remote directory
?

What if you try an ASPX page that is really on the Web server ?

It would likely helps to narrow down the problem. For now it would make me
think that when accessing another server the identity is the one used to
connect to the virtual directory not the original. For now I have never done
that (my personal preference is to have identically set up sites and to
share only data, not code between servers).

Try also to check ServerVariables("LOGON_USER") or similar...

Good luck

 

[Guest]

Thanks Patrice

I have moved the code to another server and set up a virtual directory on
that server with the same code and disabled annonymous authentication and
everything works fine now... i can see the local login of the person
requesting the page.

My problem is I need it to work from the other server. For some reason it
shows me that the server administrator is the one requesting the page... ie
server\administrator instead of AD\richi.

I know its not the code and I know I have the security settings correct as I
have replicated on the other server. All requests to the web page seem to be
authenticated as the servers administrator instead of the local machine login.

Even more confused...

Thanks

Rich

 

[Mohamed Sharaf]

Hi Rich,
This makes me think of the machine.config file resides in the %System
folder%\Microsoft.Net\Framework\%Framework version%\Config.
Please revise the <system.Web> tag and the <location> tag just above it
<location allowOverride="true">
<system.web>



Make sure that allowOverride=true not false and check the settings under
System.Web to see if there's something different than the other server.

Thanks,
Mohamed Sharaf
MEA Developer Support Center
ITWorx on behalf Microsoft EMEA GTSC
--------------------
| Thread-Topic: Impersonate User asp.net
| thread-index: AcXOgOSy9G1OQwUJTgOaQrFvlZIWtw==
| X-WBNR-Posting-Host: 195.245.247.40
| From: "=?Utf-8?B?cmljaGk=?=" <[email protected]>
| References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
| Subject: Re: Impersonate User asp.net
| Date: Tue, 11 Oct 2005 09:29:03 -0700
| Lines: 20
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:350041
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Thanks Patrice
|
| I have moved the code to another server and set up a virtual directory on
| that server with the same code and disabled annonymous authentication and
| everything works fine now... i can see the local login of the person
| requesting the page.
|
| My problem is I need it to work from the other server. For some reason it
| shows me that the server administrator is the one requesting the page...
ie
| server\administrator instead of AD\richi.
|
| I know its not the code and I know I have the security settings correct
as I
| have replicated on the other server. All requests to the web page seem to
be
| authenticated as the servers administrator instead of the local machine
login.
|
| Even more confused...
|
| Thanks
|
| Rich
|

 

[Valeriy Kirshin]

Just had the same problem today. Turned out that IE was using stored credentials (username/password) to authenticate to the webserver.
So, in Start->Run type

rundll32.exe keymgr.dll, KRShowKeyMgr

and see if there are stored credentials for the webserver and if so delete them.