Y
yonido
Hello,
I'm writing a web method which calls a COM+ method, which I need to
call with the user that logged on to windows and invoked the WebMethod
(impersonation).
Simple impersonation works (impersonte=true in web.config) - however, i
need that only a certain part of the code will run in this context. For
other parts, i need different grant opions.
So that where code-impersonation comes in (using
HttpContext.Current.User.Indetity and calling Impersonate()).
For example:
[WebMethod]
public void ConfusedMethod()
{
// This lines will need some powerful grants
WriteSomethingToEventLog();
OpenFileInSystemDirectory();
// This lines should be run with the user
DoImpersonation();
CallComComponent();
UndoImpersonation();
}
THE PROBLEM IS:
i need the first lines to run with a differnet user. i dont want to use
2 impersonations.
i want all the other parts - which are not in the impersonation scope -
to run with a user ill configure in IIS (NOT "network service"!)
tried the following:
1 - configure the webservice to run as anonymous access, with a certain
user. but then Impersonate() doesnt work (exception - cant impersonate
with an anonymous user).
2 - configure the webservice as windows-integrated security. now i
want to decide which user will run the "default lines". so the only way
i see - is create an application pool with identity=MyDefaultUser.
when doing this, i get an http 401 error (unauthorized) if i try to
call the web service. the only user which works is if i call the
webservice with MyDefaultUser.
I DO set the credentials for the webservice (defaultCredentials) - so
thats not the problem.
whats the correct way to accomplish that?
I'm writing a web method which calls a COM+ method, which I need to
call with the user that logged on to windows and invoked the WebMethod
(impersonation).
Simple impersonation works (impersonte=true in web.config) - however, i
need that only a certain part of the code will run in this context. For
other parts, i need different grant opions.
So that where code-impersonation comes in (using
HttpContext.Current.User.Indetity and calling Impersonate()).
For example:
[WebMethod]
public void ConfusedMethod()
{
// This lines will need some powerful grants
WriteSomethingToEventLog();
OpenFileInSystemDirectory();
// This lines should be run with the user
DoImpersonation();
CallComComponent();
UndoImpersonation();
}
THE PROBLEM IS:
i need the first lines to run with a differnet user. i dont want to use
2 impersonations.
i want all the other parts - which are not in the impersonation scope -
to run with a user ill configure in IIS (NOT "network service"!)
tried the following:
1 - configure the webservice to run as anonymous access, with a certain
user. but then Impersonate() doesnt work (exception - cant impersonate
with an anonymous user).
2 - configure the webservice as windows-integrated security. now i
want to decide which user will run the "default lines". so the only way
i see - is create an application pool with identity=MyDefaultUser.
when doing this, i get an http 401 error (unauthorized) if i try to
call the web service. the only user which works is if i call the
webservice with MyDefaultUser.
I DO set the credentials for the webservice (defaultCredentials) - so
thats not the problem.
whats the correct way to accomplish that?