need clear example of threading + impersonation

Discussion in 'ASP .Net Security' started by jyjohnson, Mar 3, 2005.

  1. jyjohnson

    jyjohnson Guest

    My asp.net application needs to allow the user (via basic authentication) to
    execute a long running process (new thread) that writes files out to a share
    on another server.

    This works if I just use impersonation without creating a new thread. I'm
    using XP Pro + IIS 5. I think I have access to a Win 2003 server if that
    makes things easier.

    Thanks....
    jyjohnson, Mar 3, 2005
    #1
    1. Advertising

  2. Hello jyjohnson,

    i assume that you first impersonate and start the thread afterwards....

    impersonation tokens are not copied to new threads in .net 1.1 (they will
    in 2.0)

    do it like this

    start the thread
    impersonate the user on the new thread

    something like (only compiled in the newsreader :)


    Worker worker = new Worker();
    worker.user = Page.User;

    Thread t = new Thread(new ThreadStart(worker.DoWork);

    class Worker
    {
    public WindowsPrincipal user;

    public void DoWork()
    {
    WindowsImpersonationContext ctx;
    try
    {
    user.Impersonate();
    }
    finally
    {
    ctx.Undo();
    }
    }
    }


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > My asp.net application needs to allow the user (via basic
    > authentication) to execute a long running process (new thread) that
    > writes files out to a share on another server.
    >
    > This works if I just use impersonation without creating a new thread.
    > I'm using XP Pro + IIS 5. I think I have access to a Win 2003 server
    > if that makes things easier.
    >
    > Thanks....
    >
    Dominick Baier [DevelopMentor], Mar 3, 2005
    #2
    1. Advertising

  3. jyjohnson

    jyjohnson Guest

    I think I've tried that.... I've tried many code snips, etc, ! I understand
    the problem (i.e., new threads use the aspnet account identity, not the
    impersonated identity)...

    I get an error on this line ---> user.Impersonate 'not a member of
    WindowsPrinciple

    Thanks!


    "Dominick Baier [DevelopMentor]" wrote:

    > Hello jyjohnson,
    >
    > i assume that you first impersonate and start the thread afterwards....
    >
    > impersonation tokens are not copied to new threads in .net 1.1 (they will
    > in 2.0)
    >
    > do it like this
    >
    > start the thread
    > impersonate the user on the new thread
    >
    > something like (only compiled in the newsreader :)
    >
    >
    > Worker worker = new Worker();
    > worker.user = Page.User;
    >
    > Thread t = new Thread(new ThreadStart(worker.DoWork);
    >
    > class Worker
    > {
    > public WindowsPrincipal user;
    >
    > public void DoWork()
    > {
    > WindowsImpersonationContext ctx;
    > try
    > {
    > user.Impersonate();
    > }
    > finally
    > {
    > ctx.Undo();
    > }
    > }
    > }
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > My asp.net application needs to allow the user (via basic
    > > authentication) to execute a long running process (new thread) that
    > > writes files out to a share on another server.
    > >
    > > This works if I just use impersonation without creating a new thread.
    > > I'm using XP Pro + IIS 5. I think I have access to a Win 2003 server
    > > if that makes things easier.
    > >
    > > Thanks....
    > >

    >
    >
    >
    >
    jyjohnson, Mar 3, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lea Heart
    Replies:
    1
    Views:
    420
    Steve C. Orr, MCSD
    Aug 28, 2003
  2. =?Utf-8?B?UGF0cmljaw==?=

    Threading & Impersonation

    =?Utf-8?B?UGF0cmljaw==?=, Feb 16, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    4,364
    Steven Cheng[MSFT]
    Feb 17, 2006
  3. Replies:
    9
    Views:
    1,014
    Mark Space
    Dec 29, 2007
  4. David

    Response.Clear() doesn't clear

    David, Jan 31, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    998
    Mark Fitzpatrick
    Jan 31, 2008
  5. InvalidLastName

    Unrecognized element 'add' after <clear></clear>

    InvalidLastName, Feb 26, 2007, in forum: ASP .Net Web Services
    Replies:
    3
    Views:
    926
    Steven Cheng[MSFT]
    Mar 6, 2007
Loading...

Share This Page