impersonating windows authenticated user?

[Jamie]

I have a asp.net web application that i wrote for internal use in my
company. The problem i'm having is being able to test the application as
other users see it. The security for the asp.net app is Windows
Authentication. I'd like to be able to (for testing purposes) impersonate
another user so i can see things as they see them. I don't want to have to
change all of my active directory permissions to match their permissions,
that's not an option. Also, there is no way i can test certain features of
the application without being logged in as some specific users. I'm sure i
could do this if i wrote my own IsInRole method and passed in a username of
my choice and an active directory group and then interfaced with active
directory myself, but i was hoping there is an easier way that affects less
existing code.

Is there a way to stuff Page.User with an impersonated windows user? If so,
how would i create a valid impersonated windows user?


Thanks,
Jamie

 

[Hernan de Lahitte]

Hi,

Have you tried using IIS Basic Authentication? I think this is the fastest
way of doing this.

 

[Jamie]

Thanks for the suggestion. But that won't work. We need to use the more
secure Windows Authentication.

 

[Joe Kaplan \(MVP - ADSI\)]

It is possible to change your IE settings so that Integrated authentication
always prompts for credentials instead of just passing in the default
credentials of the current user.

Maybe that would help with your testing. You will still need to be able to
get the credentials of different users to do testing. You need a user's
credentials to create a token in Windows.

Joe K.

 

[Jamie]

Yeah, that's what i figured. That won't really help either as getting users
passwords isn't an option. I'll just use my own IsInRole method where i pass
in the users login which i'll supply if i'm testing and use
Page.User.Identity.Name otherwise.

Thanks.

 

[Ken Schaefer]

There's no way you'd be able to impersonate someone without having their
credentials. Otherwise you could impersonate a Domain Administrator or
Enterprise Administrator account, and do whatever you wanted and there's no
real way of having it tracked back to you!

Maybe ask your administrators to create some dummy accounts that have the
types of permissions that you want, and you could use those.

Cheers
Ken

: Yeah, that's what i figured. That won't really help either as getting
users
: passwords isn't an option. I'll just use my own IsInRole method where i
pass
: in the users login which i'll supply if i'm testing and use
: Page.User.Identity.Name otherwise.
:
: Thanks.
:
:
: in message : > It is possible to change your IE settings so that Integrated
: authentication
: > always prompts for credentials instead of just passing in the default
: > credentials of the current user.
: >
: > Maybe that would help with your testing. You will still need to be able
: to
: > get the credentials of different users to do testing. You need a user's
: > credentials to create a token in Windows.
: >
: > Joe K.
: >
: > : > > Thanks for the suggestion. But that won't work. We need to use the
more
: > > secure Windows Authentication.
: > >
: > >
: > > : > > > Hi,
: > > >
: > > > Have you tried using IIS Basic Authentication? I think this is the
: > fastest
: > > > way of doing this.
: > > >
: > > > --
: > > > Hernan de Lahitte
: > > > Lagash Systems S.A.
: > > >
: > > >
: > > >
: > > >
: > > > : > > > > I have a asp.net web application that i wrote for internal use in
my
: > > > > company. The problem i'm having is being able to test the
: application
: > as
: > > > > other users see it. The security for the asp.net app is Windows
: > > > > Authentication. I'd like to be able to (for testing purposes)
: > > impersonate
: > > > > another user so i can see things as they see them. I don't want
to
: > have
: > > > to
: > > > > change all of my active directory permissions to match their
: > > permissions,
: > > > > that's not an option. Also, there is no way i can test certain
: > features
: > > of
: > > > > the application without being logged in as some specific users.
I'm
: > > sure
: > > > i
: > > > > could do this if i wrote my own IsInRole method and passed in a
: > username
: > > > of
: > > > > my choice and an active directory group and then interfaced with
: > active
: > > > > directory myself, but i was hoping there is an easier way that
: affects
: > > > less
: > > > > existing code.
: > > > >
: > > > > Is there a way to stuff Page.User with an impersonated windows
user?
: > If
: > > > so,
: > > > > how would i create a valid impersonated windows user?
: > > > >
: > > > >
: > > > > Thanks,
: > > > > Jamie
: > > > >
: > > > >
: > > >
: > > >
: > >
: > >
: >
: >
:
: