Impersonation issue

Discussion in 'ASP .Net' started by Kallely Sajan [MVP], May 13, 2004.

  1. We have an Authentication COM component written using SSPI functions . The
    component provides methods to Impersonate and Revert back to original
    security context. When use this component in an ASP page to Authenticate and
    then Impersonate the authenticated user, the identity is correctly set to
    the impersonated user. Then we are able to successfully read the
    impersonated identity from another COM component running in the ASP page.
    The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
    option and then retrieves the SID of the impersonated user account.
    Now here's our problem. When try to do the same in an ASP.NET application
    using Interop's it doesn't work. One interop is for the Authentication
    component and another is for the component which reads the current identity.
    The second Interop fails to read the impersonated identity and it returns
    always the ASPNET user. OpenThreadToken() fails and returns Error Code :
    1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
    token that does not exist.

    As you know we are not dependant on ASP.NET built-in impersonation and the
    Web.Config settings doesn't matter here.

    Any ideas will be of great help.
    --

    Regards,
    Sajan.

    PS: Please don't send me direct emails, use the newsroom.
     
    Kallely Sajan [MVP], May 13, 2004
    #1
    1. Advertising

  2. Kallely Sajan [MVP]

    Scott Allen Guest

    Hi Sajan:

    If the components you are using run in an STA, you'll need to add
    AspCompat="true" to your @Page directive. To check the threading model
    look in HKCR\CLSID\yourclsid\InprocServer32\ThreadingModel.

    The asp.net pages run in an MTA by default, meaning any STA component
    will be executing on a different thread that is not impersonating.

    HTH,

    --
    Scott
    http://www.OdeToCode.com

    On Thu, 13 May 2004 15:33:42 -0500, "Kallely Sajan [MVP]"
    <> wrote:

    >We have an Authentication COM component written using SSPI functions . The
    >component provides methods to Impersonate and Revert back to original
    >security context. When use this component in an ASP page to Authenticate and
    >then Impersonate the authenticated user, the identity is correctly set to
    >the impersonated user. Then we are able to successfully read the
    >impersonated identity from another COM component running in the ASP page.
    >The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
    >option and then retrieves the SID of the impersonated user account.
    >Now here's our problem. When try to do the same in an ASP.NET application
    >using Interop's it doesn't work. One interop is for the Authentication
    >component and another is for the component which reads the current identity.
    >The second Interop fails to read the impersonated identity and it returns
    >always the ASPNET user. OpenThreadToken() fails and returns Error Code :
    >1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
    >token that does not exist.
    >
    >As you know we are not dependant on ASP.NET built-in impersonation and the
    >Web.Config settings doesn't matter here.
    >
    >Any ideas will be of great help.
     
    Scott Allen, May 14, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anil Krishnamurthy
    Replies:
    12
    Views:
    4,618
    Anil Krishnamurthy
    Oct 5, 2004
  2. =?Utf-8?B?SmltIEhlYXZleQ==?=

    Security Issue - Impersonation

    =?Utf-8?B?SmltIEhlYXZleQ==?=, Sep 26, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    331
    =?Utf-8?B?SmltIEhlYXZleQ==?=
    Sep 26, 2005
  3. =?Utf-8?B?QWNvbnF1aWph?=

    perplexing impersonation/SQL issue

    =?Utf-8?B?QWNvbnF1aWph?=, Sep 11, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    403
    =?Utf-8?B?QWNvbnF1aWph?=
    Sep 11, 2006
  4. -Steve-

    Impersonation Issue

    -Steve-, Mar 15, 2007, in forum: ASP .Net
    Replies:
    0
    Views:
    308
    -Steve-
    Mar 15, 2007
  5. Silmar

    Impersonation issue

    Silmar, Dec 15, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    360
    Alexey Smirnov
    Dec 15, 2007
Loading...

Share This Page