Impersonate User asp.net

Discussion in 'ASP .Net' started by =?Utf-8?B?cmljaGk=?=, Oct 11, 2005.

  1. Hi...

    Okay this is driving me mad. I have a very simple webpage served up from my
    webserver which uses the following code to populate 3 labels.

    lblOne.Text = Page.User.Identity.Name
    lblTwo.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
    lblThree.Text = System.Threading.Thread.CurrentPrincipal.Identity.Name

    In my web.config file I have :-

    <authentication mode="Windows" />
    <identity impersonate="true"/>

    <authorization>
    <deny users = "?" />
    <allow users ="*" />
    </authorization>

    So when i call the url to display the page from my machine the labels are
    populated as below:-

    someserver\administrator
    someserver\administrator
    someserver\administrator

    but i was expecting the identity of the person calling the webpage something
    like:-

    ad\rich

    What am i doing wrong or have i totally failed to grasp the impersonating
    topic at all. I am running Windows 2003 with IIS 6

    Any help would be very much appreciated.

    Many thanks

    R
     
    =?Utf-8?B?cmljaGk=?=, Oct 11, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?cmljaGk=?=

    Patrice Guest

    Is anonymous access enabled in IIS ?
    --
    Patrice

    "richi" <> a écrit dans le message de
    news:...
    > Hi...
    >
    > Okay this is driving me mad. I have a very simple webpage served up from

    my
    > webserver which uses the following code to populate 3 labels.
    >
    > lblOne.Text = Page.User.Identity.Name
    > lblTwo.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
    > lblThree.Text = System.Threading.Thread.CurrentPrincipal.Identity.Name
    >
    > In my web.config file I have :-
    >
    > <authentication mode="Windows" />
    > <identity impersonate="true"/>
    >
    > <authorization>
    > <deny users = "?" />
    > <allow users ="*" />
    > </authorization>
    >
    > So when i call the url to display the page from my machine the labels are
    > populated as below:-
    >
    > someserver\administrator
    > someserver\administrator
    > someserver\administrator
    >
    > but i was expecting the identity of the person calling the webpage

    something
    > like:-
    >
    > ad\rich
    >
    > What am i doing wrong or have i totally failed to grasp the impersonating
    > topic at all. I am running Windows 2003 with IIS 6
    >
    > Any help would be very much appreciated.
    >
    > Many thanks
    >
    > R
    >
    >
     
    Patrice, Oct 11, 2005
    #2
    1. Advertising

  3. Hi Rich,
    Do you mean you logged in using your domain account? or the local
    administrator of the server?
    Do you have the same response if you deployed this code in another
    server/workstation?


    Mohamed Sharaf
    MEA Developer Support Center
    ITWorx on behalf Microsoft EMEA GTSC
    --------------------
    | Thread-Topic: Impersonate User asp.net
    | thread-index: AcXObuOLzHxVX2J+T6G7GmZT5b2mTQ==
    | X-WBNR-Posting-Host: 195.245.247.40
    | From: "=?Utf-8?B?cmljaGk=?=" <>
    | Subject: Impersonate User asp.net
    | Date: Tue, 11 Oct 2005 07:20:10 -0700
    | Lines: 41
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.dotnet.framework.aspnet:349968
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    |
    | Hi...
    |
    | Okay this is driving me mad. I have a very simple webpage served up from
    my
    | webserver which uses the following code to populate 3 labels.
    |
    | lblOne.Text = Page.User.Identity.Name
    | lblTwo.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
    | lblThree.Text = System.Threading.Thread.CurrentPrincipal.Identity.Name
    |
    | In my web.config file I have :-
    |
    | <authentication mode="Windows" />
    | <identity impersonate="true"/>
    |
    | <authorization>
    | <deny users = "?" />
    | <allow users ="*" />
    | </authorization>
    |
    | So when i call the url to display the page from my machine the labels are
    | populated as below:-
    |
    | someserver\administrator
    | someserver\administrator
    | someserver\administrator
    |
    | but i was expecting the identity of the person calling the webpage
    something
    | like:-
    |
    | ad\rich
    |
    | What am i doing wrong or have i totally failed to grasp the impersonating
    | topic at all. I am running Windows 2003 with IIS 6
    |
    | Any help would be very much appreciated.
    |
    | Many thanks
    |
    | R
    |
    |
    |
     
    Mohamed Sharaf, Oct 11, 2005
    #3
  4. Hello and thanks for replying.

    I can confirm that the virtual directory running under IIS6 on my server has
    annonymous authentication disabled and windows integrated security enabled.

    I am attempting to browse to the virtual directory on the server from my
    machine and was expecting to see the useridentity as my domain logon but i
    get the domain logon of the administrator of the server where the virtual
    directory resides.

    Very confused!

    Thanks

    Rich
     
    =?Utf-8?B?cmljaGk=?=, Oct 11, 2005
    #4
  5. =?Utf-8?B?cmljaGk=?=

    Patrice Guest

    Do you use a virtual directory that points to another server ? Is the
    credentials you see those you entered to get access to this remote directory
    ?

    What if you try an ASPX page that is really on the Web server ?

    It would likely helps to narrow down the problem. For now it would make me
    think that when accessing another server the identity is the one used to
    connect to the virtual directory not the original. For now I have never done
    that (my personal preference is to have identically set up sites and to
    share only data, not code between servers).

    Try also to check ServerVariables("LOGON_USER") or similar...

    Good luck
    --

    Patrice

    "richi" <> a écrit dans le message de
    news:...
    > Hello and thanks for replying.
    >
    > I can confirm that the virtual directory running under IIS6 on my server

    has
    > annonymous authentication disabled and windows integrated security

    enabled.
    >
    > I am attempting to browse to the virtual directory on the server from my
    > machine and was expecting to see the useridentity as my domain logon but i
    > get the domain logon of the administrator of the server where the virtual
    > directory resides.
    >
    > Very confused!
    >
    > Thanks
    >
    > Rich
     
    Patrice, Oct 11, 2005
    #5
  6. Thanks Patrice

    I have moved the code to another server and set up a virtual directory on
    that server with the same code and disabled annonymous authentication and
    everything works fine now... i can see the local login of the person
    requesting the page.

    My problem is I need it to work from the other server. For some reason it
    shows me that the server administrator is the one requesting the page... ie
    server\administrator instead of AD\richi.

    I know its not the code and I know I have the security settings correct as I
    have replicated on the other server. All requests to the web page seem to be
    authenticated as the servers administrator instead of the local machine login.

    Even more confused...

    Thanks

    Rich
     
    =?Utf-8?B?cmljaGk=?=, Oct 11, 2005
    #6
  7. Hi Rich,
    This makes me think of the machine.config file resides in the %System
    folder%\Microsoft.Net\Framework\%Framework version%\Config.
    Please revise the <system.Web> tag and the <location> tag just above it
    <location allowOverride="true">
    <system.web>



    Make sure that allowOverride=true not false and check the settings under
    System.Web to see if there's something different than the other server.

    Thanks,
    Mohamed Sharaf
    MEA Developer Support Center
    ITWorx on behalf Microsoft EMEA GTSC
    --------------------
    | Thread-Topic: Impersonate User asp.net
    | thread-index: AcXOgOSy9G1OQwUJTgOaQrFvlZIWtw==
    | X-WBNR-Posting-Host: 195.245.247.40
    | From: "=?Utf-8?B?cmljaGk=?=" <>
    | References: <>
    <>
    <>
    <>
    | Subject: Re: Impersonate User asp.net
    | Date: Tue, 11 Oct 2005 09:29:03 -0700
    | Lines: 20
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.dotnet.framework.aspnet
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA02.phx.gbl
    microsoft.public.dotnet.framework.aspnet:350041
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
    |
    | Thanks Patrice
    |
    | I have moved the code to another server and set up a virtual directory on
    | that server with the same code and disabled annonymous authentication and
    | everything works fine now... i can see the local login of the person
    | requesting the page.
    |
    | My problem is I need it to work from the other server. For some reason it
    | shows me that the server administrator is the one requesting the page...
    ie
    | server\administrator instead of AD\richi.
    |
    | I know its not the code and I know I have the security settings correct
    as I
    | have replicated on the other server. All requests to the web page seem to
    be
    | authenticated as the servers administrator instead of the local machine
    login.
    |
    | Even more confused...
    |
    | Thanks
    |
    | Rich
    |
     
    Mohamed Sharaf, Oct 12, 2005
    #7
  8. =?Utf-8?B?cmljaGk=?=

    Valeriy Kirshin

    Joined:
    Aug 24, 2007
    Messages:
    1
    Just had the same problem today. Turned out that IE was using stored credentials (username/password) to authenticate to the webserver.
    So, in Start->Run type

    rundll32.exe keymgr.dll, KRShowKeyMgr

    and see if there are stored credentials for the webserver and if so delete them.
     
    Valeriy Kirshin, Aug 24, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aras Kucinskas

    ASP.NET Webservice Impersonate problem

    Aras Kucinskas, Aug 31, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    2,071
    Aras Kucinskas
    Aug 31, 2004
  2. Doesn't Work At McDonalds

    Identity Impersonate in ASP.NET

    Doesn't Work At McDonalds, Sep 14, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    817
    Samuel R. Neff
    Sep 14, 2007
  3. Aadil Abbas
    Replies:
    0
    Views:
    244
    Aadil Abbas
    Jul 29, 2003
  4. Bill Belliveau

    DirectoryEntry Impersonate or WindowsIdentity Impersonate?

    Bill Belliveau, Jan 28, 2004, in forum: ASP .Net Security
    Replies:
    3
    Views:
    409
    Joe Kaplan \(MVP - ADSI\)
    Jan 31, 2004
  5. Aras Kucinskas

    ASP.NET Webservice Impersonate problem

    Aras Kucinskas, Aug 31, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    114
    Aras Kucinskas
    Aug 31, 2004
Loading...

Share This Page