tags:

views:

477

answers:

1
+2  Q: 

ASP.NET Membership - Which user is authenticated and which user is impersonated?

Hi,

i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login:

Web.Config

<authentication mode="Windows">
    <forms
    name=".ADAuthCookie"
    timeout="10" />
</authentication>

<membership defaultProvider="MyADMembershipProvider">
  <providers>
    <clear/>
      <add
         name="MyADMembershipProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         connectionUsername="MYDOMAIN\myuser"
         connectionPassword="xxx"
         />
  </providers>                 
</membership>

This works nicely, as I can do the following to get the users username like this:

User.Idenity.Name()  'Gives MYDOMAIN\myuser

Looking at the following, actually makes me confused:

Threading.Thread.CurrentPrincipal.Identity.Name() 'Gives MYDOMAIN\myuser

1. Shouldn't the thread identity be IUSR_WORKSTATION or ASPNET_WP username?
2. What's the difference between Authentication and Impersonation?

+1  A: 

myuser is the Authenticated user on that application, that's why your CurrentPrincipal is giving you MYDOMAIN/myuser. The application impersonates IUSR_WORKSTATION when it uses resources like the database, and is a completely different issue.

If you go to Project on your toolbar, and select ASP.NET Configuration, it will open a website that lets you access these settings and create users, roles etc.

Mark Dickinson  2009-05-14 11:00:18
Is Authentication more ASP.NET related and Impersonation more IIS related, or is this total nonsense?
Ropstah  2009-05-14 11:07:30
I've just ran into my first problem... I've just moved the website to my local IIS server. However the automated login doesn't work anymore... User.Identity.Name() is empty...? Is this a Web.Config setting which is wrong, or should I set IIS? (which settings does the integrated webserver for VS2008 have that IIS doesn't have set?
Ropstah  2009-05-14 11:10:52
That's my understanding really, Impersonation is how apps (web apps, or whatever) use resources via IIS.
Mark Dickinson  2009-05-14 11:11:24
I'm not really sure why you would want to have this. Wouldn'y you be better off with anonymous access rather than an automatic logon?
Mark Dickinson  2009-05-14 11:22:20
And then read the current Windows identity or something?
Ropstah  2009-05-14 11:24:53
Well you only really need to know the identity if you are using some area of the site that needs a logged on user. If you use the asp:Login control for insance, a lot of this will be taken care of for you.
Mark Dickinson  2009-05-14 11:28:10
see edited answer :)
Mark Dickinson  2009-05-14 11:30:57
Ah thanks. I've figured that I can use the Windows Identity (it's for intranet). This also allows me to check isInRole(). I'll request permission to add/remove custom Groups on the server so I can handle Roles. Can I still use default .NET components (Profile for instance) with this approach (authentication mode="none")?
Ropstah  2009-05-14 11:35:40
should be fine, good luck
Mark Dickinson  2009-05-14 11:38:03
Actually it's not really working as expected, i think it's still my lack of knowledge about this issue. I'm starting a new question for this.. Thanks
Ropstah  2009-05-14 11:45:08

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps