We have an ASP.NET (3.5) application which uses Forms Authentication to authenticate accounts. On the logon form, I also get a windows login token using LogonUser, which I use to impersonate the logged on user for browsing private directories (the files are displayed in a GridView, and the user is impersonated just before the data is bound.) I just learned that we also need to impersonate the user in a virtual directory. Is there a way for me to impersonate just before the virtual directory is loaded, or across the entire application without switching to Windows Authentication?
views:
209answers:
2
A:
While this article is a few years old, it does a good job of explaining impersonation and delegation. It dicusses setting up virtual directories to support this:
+1
A:
If you are just performing a single task (like accessing a network resource) I like to use an existing AD account I create just for such purposes and call it in-code.
I like to abstract out the example found here http://support.microsoft.com/kb/306158, into a helper class. This will allow to do something like this...
helperImpersonate hI = new helperImpersonate();
if (hI.impersonateValidUser("ADUSERNAME", "DOMAIN", "PASSWORD"))
{
//DO STUFF HERE...
hI.undoImpersonation(); //undo the impersoination
}//end if impersonate is true...
Ian Patrick Hughes
2009-06-09 21:04:16
That's what I do currently, but I'm not sure where we can do the impersonation in our code when you browse a virtual directory, or if the entire thing is handled by IIS.
pschorf
2009-06-10 17:20:22
Why are you not unable to access the Virtual Directory using your pre-chosen AD Account when you created the Virtual Directory? Or change the settings under the Directory Security after its been created?
Ian Patrick Hughes
2009-06-10 18:21:55