Setting impersonation values programmatically

Discussion in 'ASP .Net Security' started by itmanager, Sep 14, 2006.

  1. itmanager

    itmanager Guest

    We have an ASP.NET application (v1.1) that requires some impersonation in
    order to access network shares.

    We have the following setting in the web.config file:

    <identity impersonate="true" />

    This allows the application to access network shares if the web site is
    using Basic or Integrated Windows authentication; however, when using
    Anonymous Authentication, it fails unless we also specify a user name and
    password in clear text within the file; ie:

    <identity impersonate="true"

    userName="domain\user"
    password="password" />

    Due to security concerns, we do not want to specify this information in
    clear text.

    Is there a way to impersonate a particular user programmatically rather than
    entering the value in the web.config file? Can this be done without resorting
    to impersonation within a service?

    Thanks for any assistance.
     
    itmanager, Sep 14, 2006
    #1
    1. Advertising

  2. itmanager

    Joe Kaplan Guest

    The "canonical" sample is shown in the .NET Framework MSDN reference on the
    WindowsImpersonationContext class documentation. You can basically copy and
    paste that. There are some subtle flaws in this implementation, and Shawn
    Farkas has written more about how to do this "the right way" on his blog.
    Google will find it.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "itmanager" <> wrote in message
    news:...
    > We have an ASP.NET application (v1.1) that requires some impersonation in
    > order to access network shares.
    >
    > We have the following setting in the web.config file:
    >
    > <identity impersonate="true" />
    >
    > This allows the application to access network shares if the web site is
    > using Basic or Integrated Windows authentication; however, when using
    > Anonymous Authentication, it fails unless we also specify a user name and
    > password in clear text within the file; ie:
    >
    > <identity impersonate="true"
    >
    > userName="domain\user"
    > password="password" />
    >
    > Due to security concerns, we do not want to specify this information in
    > clear text.
    >
    > Is there a way to impersonate a particular user programmatically rather
    > than
    > entering the value in the web.config file? Can this be done without
    > resorting
    > to impersonation within a service?
    >
    > Thanks for any assistance.
    >
     
    Joe Kaplan, Sep 14, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Philipp Sumi
    Replies:
    2
    Views:
    343
    Philipp Sumi
    Jul 23, 2003
  2. =?Utf-8?B?amVzdGVy?=
    Replies:
    1
    Views:
    473
    Patrice
    Sep 23, 2004
  3. Replies:
    6
    Views:
    504
    Milosz Skalecki [MCAD]
    Jan 17, 2008
  4. Tobias Lekman

    Disable impersonation programmatically?

    Tobias Lekman, Nov 3, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    335
    Tobias Lekman
    Nov 3, 2003
  5. bob
    Replies:
    9
    Views:
    333
    Joe Kaplan
    Nov 14, 2006
Loading...

Share This Page