WEB FORM --> DOMAIN USER AUTHENTICATION

Discussion in 'ASP .Net Security' started by Ty Millwee, Aug 8, 2003.

  1. Ty Millwee

    Ty Millwee Guest

    Microsoft Knowledge Base Article - 306158
    [http://support.microsoft.com/default.aspx?scid=kb;en-
    us;306158] shows a method to impersonate a specific user
    in code via a web form.

    The trouble is that the impersonation isn't being
    persisted accost the web application. Once the user moves
    onto the next page they are back in the NT
    AUTHORITY\SYSTEM security context.

    The desired scenario is:
    1.) The user must enter there DOMAIN account username &
    password into a WEB FORM (can't have the network logon
    prompt popup).

    2.) The application must run in this users security
    context as long as they are 'IN' the application. So every
    page the user accesses within the application runs under
    their security context.

    ----------------------------------------------
    Subject: RE: Domain Authentication via Web Form -
    PERSISTANCE?
    From: "Wei-Dong Xu [MSFT]" <>
    Sent: 8/7/2003 7:44:58 PM

    Hi Ty,

    In IIS6, if you choose the IIS6 worker process isolcation
    mode(WPIM) to run
    asp.net, the asp.net web application will run in a worker
    process and the
    application will decide how to impersonate the process. If
    you select the
    IIS5 isolation mode to execute the asp.net application,
    the application
    will run in aspnet process. The applicaiton will decide
    his own entity as
    well.

    It appears that this is a ASP.net develop issue, not IIS.
    To better serve
    you, the Asp.net support team has created a aspnet
    newsgroup for you. I
    think these asp.net experts will help you a lot on this
    issue. Please go to:
    Microsoft.public.dotnet.framework.aspnet

    Does this answer your question? Thank you for using
    Microsoft NewsGroup!

    Wei-Dong Xu
    Microsoft Product Support Services
    Get Secure! - www.microsoft.com/security
    This posting is provided "AS IS" with no warranties, and
    confers no rights."
    ----------------------------------------------
     
    Ty Millwee, Aug 8, 2003
    #1
    1. Advertising

  2. Hello Ty,

    Thanks for posting in the group.

    The KB article that you mentioned introduces some methods for impersonation in asp.net. If we want to enable asp.net
    impersonation in the whole web app, we need to set it in web.config file. Coding it in a web form only enables it in this web
    page.

    After reviewing your post, I think what you need is a login page and logout page and you want to associate uses with domain
    users. If so, I think you need to use form authentication method in the web application. Please refer to:
    "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication"
    http://msdn.microsoft.com/vcsharp/d...l=/library/en-us/dnnetsec/html/secnetht02.asp

    Hope that helps.

    Best regards,
    Yanhong Huang
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    !Content-Class: urn:content-classes:message
    !From: "Ty Millwee" <>
    !Sender: "Ty Millwee" <>
    !Subject: WEB FORM --> DOMAIN USER AUTHENTICATION
    !Date: Fri, 8 Aug 2003 12:38:39 -0700
    !Lines: 58
    !Message-ID: <01e801c35de4$aa87a990$>
    !MIME-Version: 1.0
    !Content-Type: text/plain;
    ! charset="iso-8859-1"
    !Content-Transfer-Encoding: 7bit
    !X-Newsreader: Microsoft CDO for Windows 2000
    !X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    !Thread-Index: AcNd5KqHAKRIhAGCQO+/UzVa2CgdIw==
    !Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    !Path: cpmsftngxa06.phx.gbl
    !Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:6194
    !NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
    !X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    !
    !Microsoft Knowledge Base Article - 306158
    ![http://support.microsoft.com/default.aspx?scid=kb;en-
    !us;306158] shows a method to impersonate a specific user
    !in code via a web form.
    !
    !The trouble is that the impersonation isn't being
    !persisted accost the web application. Once the user moves
    !onto the next page they are back in the NT
    !AUTHORITY\SYSTEM security context.
    !
    !The desired scenario is:
    !1.) The user must enter there DOMAIN account username &
    !password into a WEB FORM (can't have the network logon
    !prompt popup).
    !
    !2.) The application must run in this users security
    !context as long as they are 'IN' the application. So every
    !page the user accesses within the application runs under
    !their security context.
    !
    !----------------------------------------------
    ! Subject: RE: Domain Authentication via Web Form -
    !PERSISTANCE?
    ! From: "Wei-Dong Xu [MSFT]" <>
    !Sent: 8/7/2003 7:44:58 PM
    !
    !Hi Ty,
    !
    !In IIS6, if you choose the IIS6 worker process isolcation
    !mode(WPIM) to run
    !asp.net, the asp.net web application will run in a worker
    !process and the
    !application will decide how to impersonate the process. If
    !you select the
    !IIS5 isolation mode to execute the asp.net application,
    !the application
    !will run in aspnet process. The applicaiton will decide
    !his own entity as
    !well.
    !
    !It appears that this is a ASP.net develop issue, not IIS.
    !To better serve
    !you, the Asp.net support team has created a aspnet
    !newsgroup for you. I
    !think these asp.net experts will help you a lot on this
    !issue. Please go to:
    !Microsoft.public.dotnet.framework.aspnet
    !
    !Does this answer your question? Thank you for using
    !Microsoft NewsGroup!
    !
    !Wei-Dong Xu
    !Microsoft Product Support Services
    !Get Secure! - www.microsoft.com/security
    !This posting is provided "AS IS" with no warranties, and
    !confers no rights."
    !----------------------------------------------
    !
    !
     
    Yan-Hong Huang[MSFT], Aug 12, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Infant Newbie
    Replies:
    2
    Views:
    3,259
    Infant Newbie
    Nov 12, 2003
  2. Thomas Scheiderich

    Authentication of user in NT/W2K domain

    Thomas Scheiderich, May 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    429
    Darren Clark
    May 7, 2004
  3. =?Utf-8?B?aG93YXJkIGRpZXJraW5n?=

    Authentication not mapping domain user to local windows group

    =?Utf-8?B?aG93YXJkIGRpZXJraW5n?=, Jan 24, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    635
    David Jessee
    Jan 25, 2005
  4. Timo
    Replies:
    0
    Views:
    158
  5. Ketan Shah
    Replies:
    1
    Views:
    136
    JIGNESH
    Oct 25, 2007
Loading...

Share This Page