WindowsPrincipal and WindowsIdentity.

Discussion in 'ASP .Net' started by Kevin Burton, Jan 7, 2004.

  1. Kevin Burton

    Kevin Burton Guest

    This is more of a solution that raised a question.

    I have a Web service that does not allow anonymous users.
    For debugging I put in the following lines in my Web
    Service:

    WindowsIdentity wi = WindowsIdentity.GetCurrent();
    WindowsPrincipal wp = Thread.CurrentPrincipal as
    WindowsPrincipal;
    wi = wp.Identity as WindowsIdentity;
    wi.Impersonate();

    My question was the the first WindowsIdentity returned
    from GetCurrent shows MACHINE\ASPNET (MACHINE is the name
    of the machine) yet the WindowsIdentity returned from
    CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name
    of the domain I am logged in as a domain user when I am
    running this). The Web service needs to access a database
    and the ASPNET account cannot be used to access the
    database. It seems that Impersonate() makes the
    identity "correct". My question is why is GetCurrent and
    CurrentPrincipal different? Under what conditions will
    they be different? Why does Impersonate make them the
    same?

    Thank you for your help in understanding this.

    Kevin Burton
     
    Kevin Burton, Jan 7, 2004
    #1
    1. Advertising

  2. Kevin Burton

    bruce barker Guest

    asp.net broke out the authenication identity (who called this page -
    Principle) from the security identity used by the thread servicing the page.
    the default is for the page threads to run under the asp.net account.

    you can achieve the same result without code by specifing in you web.config:

    <identity impersonate="true" />

    note: if the user hitting the site is is not logged on the local machine
    (try hitting you site from another box) the Impersonated identity is not a
    primmary token, so can not be used to access resources (say a sqlserver) on
    another box.

    -- bruce (sqlwork.com)


    "Kevin Burton" <> wrote in message
    news:072b01c3d579$f3cc08a0$...
    > This is more of a solution that raised a question.
    >
    > I have a Web service that does not allow anonymous users.
    > For debugging I put in the following lines in my Web
    > Service:
    >
    > WindowsIdentity wi = WindowsIdentity.GetCurrent();
    > WindowsPrincipal wp = Thread.CurrentPrincipal as
    > WindowsPrincipal;
    > wi = wp.Identity as WindowsIdentity;
    > wi.Impersonate();
    >
    > My question was the the first WindowsIdentity returned
    > from GetCurrent shows MACHINE\ASPNET (MACHINE is the name
    > of the machine) yet the WindowsIdentity returned from
    > CurrentPrincipal shows DOMAIN\kburton (DOMAIN is the name
    > of the domain I am logged in as a domain user when I am
    > running this). The Web service needs to access a database
    > and the ASPNET account cannot be used to access the
    > database. It seems that Impersonate() makes the
    > identity "correct". My question is why is GetCurrent and
    > CurrentPrincipal different? Under what conditions will
    > they be different? Why does Impersonate make them the
    > same?
    >
    > Thank you for your help in understanding this.
    >
    > Kevin Burton
    >
    >
    >
     
    bruce barker, Jan 8, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    1
    Views:
    3,206
    qvo178
    Feb 23, 2010
  2. Peter Moberg

    Role empty in WindowsPrincipal

    Peter Moberg, Jul 25, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    147
    Peter Moberg
    Jul 25, 2003
  3. Mark

    CurrentPrincipal, WindowsPrincipal

    Mark, Jan 12, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    175
    zeldadog
    Jan 12, 2004
  4. naijacoder naijacoder

    WindowsPrincipal.IsInRole() problem with non-builtin roles

    naijacoder naijacoder, Aug 30, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    257
    Joe Kaplan \(MVP - ADSI\)
    Sep 2, 2004
  5. WindowsPrincipal and aspnet user

    , Jan 26, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    161
    Joe Kaplan \(MVP - ADSI\)
    Jan 26, 2006
Loading...

Share This Page