non-reproducable problems with impersonationin asp.net: login failed for user 'null' after impersona

Discussion in 'ASP .Net' started by Daniel Knöpfel, Dec 19, 2006.

  1. Hello

    On our asp.net 2.0 website we impersonate every request to the identity of
    the user logged in. This works this way:
    1. user logs in, providing username, password
    2. user is authenticated against an active directory and the windows
    identity is retrieved (and stored in the session!!)
    3. user is impersonated using the windows identity (thread is now
    running under the identity of the user)

    Now for every request that is incomming, the windows identity is
    retrieved and the user is impersonated. By impersonating the thread in this
    way we can access the sql server 2000 using windows authentication
    (connectino string:
    <add key="DBConnectionString"
    value="Server=servername;Database=databaseToUse;Trusted_Connection=yes;"/>

    ) We have to live with this implementation as it is.

    This works fine in 99.99 % of all cases. Unforuntately, sometimes we get the
    follwowing error coming from the sql-server: "login failed for user null"
    This suggest that the windows authentication failed because impersonation
    was flawed. After this happened access to the sql server is no longer
    possible, one has to log out and relogin to make db access work again. We
    are quite at loss concerning this problem. We got a few theories:

    - The Connection string or how we use the ADO.NET data access classes are
    missing something

    - The kerberos ticket is obselet. Maybe some other action on the active
    directory made ticket obselet!

    - the impersonation failed because server (active directory) was not
    available or overloaded

    - Session is lost and the windows identity token can no longer be used for
    impersonisation

    If the way we are using impersonation and asp.net is somehow flawed, i would
    be very glad if someone could help us. (however we cannot change the entire
    process on how we handle access to the db as we got no time/money for this)
    Escpecially if there are some settings to the connection string or the
    handlling of the ado.net classes. Of course i would welcome any other idea..



    Thanks in advance

    Greetings

    Daniel





    By the way, impersonation is done the following way (no big deal):

    System.Security.Principal.WindowsIdentity wi;

    wi = ((Page)pEnvironment).Session["Identity"] as WindowsIdentity;

    wi.Impersonate();
    Daniel Knöpfel, Dec 19, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Blake Versiga
    Replies:
    2
    Views:
    19,740
    Yan-Hong Huang[MSFT]
    Jul 9, 2003
  2. rl30
    Replies:
    1
    Views:
    615
    emachine
    Aug 15, 2003
  3. Calvin I

    Login Failed for user (null)

    Calvin I, Aug 18, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    375
    Steven Campbell
    Aug 20, 2003
  4. Tony Johansson
    Replies:
    3
    Views:
    16,106
    Patrice
    Jan 2, 2010
  5. Colin Baker
    Replies:
    7
    Views:
    126
    Adrienne Boswell
    May 5, 2008
Loading...

Share This Page