Impersonating user

Discussion in 'ASP .Net Security' started by kedar, Sep 12, 2007.

  1. kedar

    kedar Guest

    Hi,

    I have a asp.net application, which control virtual directory, we want any
    user to access and we do not want to use windows authentication(we do not
    want windows authentication dialog) or forms authentication(as we do not
    want any login page). However we want to impersonate the user.

    Could anyone tell how to achieve this.

    thanks,
    Kedar.
     
    kedar, Sep 12, 2007
    #1
    1. Advertising

  2. kedar

    Joe Kaplan Guest

    How would you know who the user is to impersonate if you did not
    authenticate them somehow?

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "kedar" <> wrote in message
    news:...
    > Hi,
    >
    > I have a asp.net application, which control virtual directory, we want any
    > user to access and we do not want to use windows authentication(we do not
    > want windows authentication dialog) or forms authentication(as we do not
    > want any login page). However we want to impersonate the user.
    >
    > Could anyone tell how to achieve this.
    >
    > thanks,
    > Kedar.
    >
     
    Joe Kaplan, Sep 12, 2007
    #2
    1. Advertising

  3. as Joe says - you need to auth the user to impersonate him.

    Depending on browser settings and other factors you can do that using windows
    authentication (without showing the logon dialog box).

    what's your scenario?

    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > How would you know who the user is to impersonate if you did not
    > authenticate them somehow?
    >
    > Joe K.
    >
     
    Dominick Baier, Sep 13, 2007
    #3
  4. kedar

    kedar Guest

    Dominick,

    We want to overcome the window authentication dialog, what you said make me
    feel something intresting. Could you tell me the browser setting and other
    factors that I need consider for windows authentication not to come up.

    thanks,
    Kedar.


    "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
    message news:...
    > as Joe says - you need to auth the user to impersonate him.
    >
    > Depending on browser settings and other factors you can do that using
    > windows authentication (without showing the logon dialog box).
    >
    > what's your scenario?
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications
    > (http://www.microsoft.com/mspress/books/9989.asp)
    >
    >> How would you know who the user is to impersonate if you did not
    >> authenticate them somehow?
    >>
    >> Joe K.
    >>

    >
    >
     
    kedar, Sep 13, 2007
    #4
  5. http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx

    Have a look at this article
    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > Dominick,
    >
    > We want to overcome the window authentication dialog, what you said
    > make me feel something intresting. Could you tell me the browser
    > setting and other factors that I need consider for windows
    > authentication not to come up.
    >
    > thanks,
    > Kedar.
    > "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
    > in message news:...
    >
    >> as Joe says - you need to auth the user to impersonate him.
    >>
    >> Depending on browser settings and other factors you can do that using
    >> windows authentication (without showing the logon dialog box).
    >>
    >> what's your scenario?
    >>
    >> -----
    >> Dominick Baier (http://www.leastprivilege.com)
    >> Developing More Secure Microsoft ASP.NET 2.0 Applications
    >> (http://www.microsoft.com/mspress/books/9989.asp)
    >>
    >>> How would you know who the user is to impersonate if you did not
    >>> authenticate them somehow?
    >>>
    >>> Joe K.
    >>>
     
    Dominick Baier, Sep 14, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SW5kZXB0aA==?=
    Replies:
    1
    Views:
    478
    Bruce Barker
    Apr 1, 2005
  2. =?iso-8859-1?q?Eir=EDkur_Fannar_Torfason?=

    Occasional SecurityException when impersonating a user on a new thread

    =?iso-8859-1?q?Eir=EDkur_Fannar_Torfason?=, May 18, 2007, in forum: ASP .Net
    Replies:
    4
    Views:
    430
    =?Utf-8?B?RWlyw61rdXIgRmFubmFyIFRvcmZhc29u?=
    May 18, 2007
  3. kedar

    Impersonating user

    kedar, Sep 12, 2007, in forum: ASP .Net
    Replies:
    4
    Views:
    340
    Cowboy \(Gregory A. Beamer\)
    Sep 12, 2007
  4. Jamie

    impersonating windows authenticated user?

    Jamie, Feb 9, 2004, in forum: ASP .Net Security
    Replies:
    5
    Views:
    210
    Ken Schaefer
    Feb 11, 2004
  5. Replies:
    4
    Views:
    237
    Consultant
    Feb 15, 2007
Loading...

Share This Page