impersonating windows authenticated user?

Discussion in 'ASP .Net Security' started by Jamie, Feb 9, 2004.

  1. Jamie

    Jamie Guest

    I have a asp.net web application that i wrote for internal use in my
    company. The problem i'm having is being able to test the application as
    other users see it. The security for the asp.net app is Windows
    Authentication. I'd like to be able to (for testing purposes) impersonate
    another user so i can see things as they see them. I don't want to have to
    change all of my active directory permissions to match their permissions,
    that's not an option. Also, there is no way i can test certain features of
    the application without being logged in as some specific users. I'm sure i
    could do this if i wrote my own IsInRole method and passed in a username of
    my choice and an active directory group and then interfaced with active
    directory myself, but i was hoping there is an easier way that affects less
    existing code.

    Is there a way to stuff Page.User with an impersonated windows user? If so,
    how would i create a valid impersonated windows user?


    Thanks,
    Jamie
    Jamie, Feb 9, 2004
    #1
    1. Advertising

  2. Hi,

    Have you tried using IIS Basic Authentication? I think this is the fastest
    way of doing this.

    --
    Hernan de Lahitte
    Lagash Systems S.A.




    "Jamie" <> wrote in message
    news:...
    > I have a asp.net web application that i wrote for internal use in my
    > company. The problem i'm having is being able to test the application as
    > other users see it. The security for the asp.net app is Windows
    > Authentication. I'd like to be able to (for testing purposes) impersonate
    > another user so i can see things as they see them. I don't want to have

    to
    > change all of my active directory permissions to match their permissions,
    > that's not an option. Also, there is no way i can test certain features of
    > the application without being logged in as some specific users. I'm sure

    i
    > could do this if i wrote my own IsInRole method and passed in a username

    of
    > my choice and an active directory group and then interfaced with active
    > directory myself, but i was hoping there is an easier way that affects

    less
    > existing code.
    >
    > Is there a way to stuff Page.User with an impersonated windows user? If

    so,
    > how would i create a valid impersonated windows user?
    >
    >
    > Thanks,
    > Jamie
    >
    >
    Hernan de Lahitte, Feb 9, 2004
    #2
    1. Advertising

  3. Jamie

    Jamie Guest

    Thanks for the suggestion. But that won't work. We need to use the more
    secure Windows Authentication.


    "Hernan de Lahitte" <> wrote in message
    news:...
    > Hi,
    >
    > Have you tried using IIS Basic Authentication? I think this is the fastest
    > way of doing this.
    >
    > --
    > Hernan de Lahitte
    > Lagash Systems S.A.
    >
    >
    >
    >
    > "Jamie" <> wrote in message
    > news:...
    > > I have a asp.net web application that i wrote for internal use in my
    > > company. The problem i'm having is being able to test the application as
    > > other users see it. The security for the asp.net app is Windows
    > > Authentication. I'd like to be able to (for testing purposes)

    impersonate
    > > another user so i can see things as they see them. I don't want to have

    > to
    > > change all of my active directory permissions to match their

    permissions,
    > > that's not an option. Also, there is no way i can test certain features

    of
    > > the application without being logged in as some specific users. I'm

    sure
    > i
    > > could do this if i wrote my own IsInRole method and passed in a username

    > of
    > > my choice and an active directory group and then interfaced with active
    > > directory myself, but i was hoping there is an easier way that affects

    > less
    > > existing code.
    > >
    > > Is there a way to stuff Page.User with an impersonated windows user? If

    > so,
    > > how would i create a valid impersonated windows user?
    > >
    > >
    > > Thanks,
    > > Jamie
    > >
    > >

    >
    >
    Jamie, Feb 9, 2004
    #3
  4. It is possible to change your IE settings so that Integrated authentication
    always prompts for credentials instead of just passing in the default
    credentials of the current user.

    Maybe that would help with your testing. You will still need to be able to
    get the credentials of different users to do testing. You need a user's
    credentials to create a token in Windows.

    Joe K.

    "Jamie" <> wrote in message
    news:%23rE$...
    > Thanks for the suggestion. But that won't work. We need to use the more
    > secure Windows Authentication.
    >
    >
    > "Hernan de Lahitte" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > Have you tried using IIS Basic Authentication? I think this is the

    fastest
    > > way of doing this.
    > >
    > > --
    > > Hernan de Lahitte
    > > Lagash Systems S.A.
    > >
    > >
    > >
    > >
    > > "Jamie" <> wrote in message
    > > news:...
    > > > I have a asp.net web application that i wrote for internal use in my
    > > > company. The problem i'm having is being able to test the application

    as
    > > > other users see it. The security for the asp.net app is Windows
    > > > Authentication. I'd like to be able to (for testing purposes)

    > impersonate
    > > > another user so i can see things as they see them. I don't want to

    have
    > > to
    > > > change all of my active directory permissions to match their

    > permissions,
    > > > that's not an option. Also, there is no way i can test certain

    features
    > of
    > > > the application without being logged in as some specific users. I'm

    > sure
    > > i
    > > > could do this if i wrote my own IsInRole method and passed in a

    username
    > > of
    > > > my choice and an active directory group and then interfaced with

    active
    > > > directory myself, but i was hoping there is an easier way that affects

    > > less
    > > > existing code.
    > > >
    > > > Is there a way to stuff Page.User with an impersonated windows user?

    If
    > > so,
    > > > how would i create a valid impersonated windows user?
    > > >
    > > >
    > > > Thanks,
    > > > Jamie
    > > >
    > > >

    > >
    > >

    >
    >
    Joe Kaplan \(MVP - ADSI\), Feb 9, 2004
    #4
  5. Jamie

    Jamie Guest

    Yeah, that's what i figured. That won't really help either as getting users
    passwords isn't an option. I'll just use my own IsInRole method where i pass
    in the users login which i'll supply if i'm testing and use
    Page.User.Identity.Name otherwise.

    Thanks.


    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:%...
    > It is possible to change your IE settings so that Integrated

    authentication
    > always prompts for credentials instead of just passing in the default
    > credentials of the current user.
    >
    > Maybe that would help with your testing. You will still need to be able

    to
    > get the credentials of different users to do testing. You need a user's
    > credentials to create a token in Windows.
    >
    > Joe K.
    >
    > "Jamie" <> wrote in message
    > news:%23rE$...
    > > Thanks for the suggestion. But that won't work. We need to use the more
    > > secure Windows Authentication.
    > >
    > >
    > > "Hernan de Lahitte" <> wrote in message
    > > news:...
    > > > Hi,
    > > >
    > > > Have you tried using IIS Basic Authentication? I think this is the

    > fastest
    > > > way of doing this.
    > > >
    > > > --
    > > > Hernan de Lahitte
    > > > Lagash Systems S.A.
    > > >
    > > >
    > > >
    > > >
    > > > "Jamie" <> wrote in message
    > > > news:...
    > > > > I have a asp.net web application that i wrote for internal use in my
    > > > > company. The problem i'm having is being able to test the

    application
    > as
    > > > > other users see it. The security for the asp.net app is Windows
    > > > > Authentication. I'd like to be able to (for testing purposes)

    > > impersonate
    > > > > another user so i can see things as they see them. I don't want to

    > have
    > > > to
    > > > > change all of my active directory permissions to match their

    > > permissions,
    > > > > that's not an option. Also, there is no way i can test certain

    > features
    > > of
    > > > > the application without being logged in as some specific users. I'm

    > > sure
    > > > i
    > > > > could do this if i wrote my own IsInRole method and passed in a

    > username
    > > > of
    > > > > my choice and an active directory group and then interfaced with

    > active
    > > > > directory myself, but i was hoping there is an easier way that

    affects
    > > > less
    > > > > existing code.
    > > > >
    > > > > Is there a way to stuff Page.User with an impersonated windows user?

    > If
    > > > so,
    > > > > how would i create a valid impersonated windows user?
    > > > >
    > > > >
    > > > > Thanks,
    > > > > Jamie
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    Jamie, Feb 9, 2004
    #5
  6. Jamie

    Ken Schaefer Guest

    There's no way you'd be able to impersonate someone without having their
    credentials. Otherwise you could impersonate a Domain Administrator or
    Enterprise Administrator account, and do whatever you wanted and there's no
    real way of having it tracked back to you! :)

    Maybe ask your administrators to create some dummy accounts that have the
    types of permissions that you want, and you could use those.

    Cheers
    Ken

    "Jamie" <> wrote in message
    news:%...
    : Yeah, that's what i figured. That won't really help either as getting
    users
    : passwords isn't an option. I'll just use my own IsInRole method where i
    pass
    : in the users login which i'll supply if i'm testing and use
    : Page.User.Identity.Name otherwise.
    :
    : Thanks.
    :
    :
    : "Joe Kaplan (MVP - ADSI)" <> wrote
    : in message news:%...
    : > It is possible to change your IE settings so that Integrated
    : authentication
    : > always prompts for credentials instead of just passing in the default
    : > credentials of the current user.
    : >
    : > Maybe that would help with your testing. You will still need to be able
    : to
    : > get the credentials of different users to do testing. You need a user's
    : > credentials to create a token in Windows.
    : >
    : > Joe K.
    : >
    : > "Jamie" <> wrote in message
    : > news:%23rE$...
    : > > Thanks for the suggestion. But that won't work. We need to use the
    more
    : > > secure Windows Authentication.
    : > >
    : > >
    : > > "Hernan de Lahitte" <> wrote in message
    : > > news:...
    : > > > Hi,
    : > > >
    : > > > Have you tried using IIS Basic Authentication? I think this is the
    : > fastest
    : > > > way of doing this.
    : > > >
    : > > > --
    : > > > Hernan de Lahitte
    : > > > Lagash Systems S.A.
    : > > >
    : > > >
    : > > >
    : > > >
    : > > > "Jamie" <> wrote in message
    : > > > news:...
    : > > > > I have a asp.net web application that i wrote for internal use in
    my
    : > > > > company. The problem i'm having is being able to test the
    : application
    : > as
    : > > > > other users see it. The security for the asp.net app is Windows
    : > > > > Authentication. I'd like to be able to (for testing purposes)
    : > > impersonate
    : > > > > another user so i can see things as they see them. I don't want
    to
    : > have
    : > > > to
    : > > > > change all of my active directory permissions to match their
    : > > permissions,
    : > > > > that's not an option. Also, there is no way i can test certain
    : > features
    : > > of
    : > > > > the application without being logged in as some specific users.
    I'm
    : > > sure
    : > > > i
    : > > > > could do this if i wrote my own IsInRole method and passed in a
    : > username
    : > > > of
    : > > > > my choice and an active directory group and then interfaced with
    : > active
    : > > > > directory myself, but i was hoping there is an easier way that
    : affects
    : > > > less
    : > > > > existing code.
    : > > > >
    : > > > > Is there a way to stuff Page.User with an impersonated windows
    user?
    : > If
    : > > > so,
    : > > > > how would i create a valid impersonated windows user?
    : > > > >
    : > > > >
    : > > > > Thanks,
    : > > > > Jamie
    : > > > >
    : > > > >
    : > > >
    : > > >
    : > >
    : > >
    : >
    : >
    :
    :
    Ken Schaefer, Feb 11, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SW5kZXB0aA==?=
    Replies:
    1
    Views:
    460
    Bruce Barker
    Apr 1, 2005
  2. =?iso-8859-1?q?Eir=EDkur_Fannar_Torfason?=

    Occasional SecurityException when impersonating a user on a new thread

    =?iso-8859-1?q?Eir=EDkur_Fannar_Torfason?=, May 18, 2007, in forum: ASP .Net
    Replies:
    4
    Views:
    421
    =?Utf-8?B?RWlyw61rdXIgRmFubmFyIFRvcmZhc29u?=
    May 18, 2007
  3. kedar

    Impersonating user

    kedar, Sep 12, 2007, in forum: ASP .Net
    Replies:
    4
    Views:
    330
    Cowboy \(Gregory A. Beamer\)
    Sep 12, 2007
  4. Replies:
    4
    Views:
    224
    Consultant
    Feb 15, 2007
  5. Abhijit
    Replies:
    0
    Views:
    141
    Abhijit
    Apr 12, 2004
Loading...

Share This Page