We have a service that is hosted under IIS7. The connection string for the SQL server is set to Trusted. In order for the authentication to happen I need to setup impersonation on the service and have the client initiate an impersonated connection. Is there a way to not have impersonation set and still allow the service to log into the...
I have an web application that uses windows integrated security. I also have a windows service that runs as local system. The web application uses .NET remoting to execute a method on the serivce through tcpip channel. Is there a way, on .NET 2.0, to pass the windows identity to the service? ...
I have a WCF service hosted in IIS 7 in the default app pool in Integrated mode with anonymous access disabled and windows Authentication enabled. I have put the following attribute on the method implementation for my interface. [OperationBehavior(Impersonation = ImpersonationOption.Required)] If I do not supply network credentials i...
Ideally I'd like to be able to copy/move between an accessible folder on my local drive and a network share that I don't have permission to access (but the application would). I am using impersonation to give me access to the files in the network share but using System.IO File.Move or File.Copy forces me to use the same credentials for ...
I have an ASMX web service (on my localhost - WinXP IIS 5.1) that I call from a webclient. My webservice must consume another ASMX web service (on a Win 2003 server IIS 6.0). When I provide credentials in my webservice code in a "hard-coded" manner: engineWSE.Credentials = new System.Net.NetworkCredential("myUser", "myPass", "myDomain...
Hello guys, I have a little bit of a problem when trying to use the BackgroundWorker class with impersonation. Following the answers from google, I got this code to impersonate public class MyImpersonation{ WindowsImpersonationContext impersonationContext; [DllImport("advapi32.dll")] public static extern int Log...
How can I do an impersonation in PowerShell? I can use advapi32.dll LogonUser, but maybe there is a simpler solution? ...
Case 1. When I browse a little test site from my own PC called JOHNXP (e.g. http://localhost/WebClient ), my .aspx page invokes my ASMX webservice picks up my credentials and passes them across to another webservice on ANOTHER machine (SERVERTRIM) in the same domain. I can see my request resulting in a Security Log entry on the SERVERTRI...
I'm going a little nuts trying to understand the doc on impersonation and delegation and the question has come up what account my webservice is running under. I am logged as myDomainName\johna on my development workstation called JOHNXP. From Vstudio2005 I start my webservice via Debug and the wsdl page comes up in my browser. From T...
I'm impersonating a user until Windows 2008 with UAC enabled. I'm trying to write some files to a temp directory. But even if a user has write access to a directory, when I impersonate that user, I'm unable to write to that directory (I get an Access Denied error). Apparently, this is due to UAC blocking me. This is related to a post...
I've got the following setup: There is a SQL Server DB with several tables that have triggers set on them (that collect history data). These triggers are CLR stored procedures with EXECUTE AS 'HistoryUser'. The HistoryUser user is a simple user in the database without a login. It has enough permissions to read from all tables and write ...
Hey guys, here's the setup (bear in mind I'm really struggling with the Windows/.NET security stack i.e. I don't get it): A Windows Service running as LocalSystem on a Windows Server 2003 box. A .NET 3.5 Website running on the same box, under "default" production server IIS settings (so probably as NETWORKSERVICE user?) On my default...
Solution (kinda): Turns out this impersonation with .NET's security only allows application-level access. Since the COM object is at the system level, the impersonated user still cannot instantiate it. I figured this out by right-clicking the executable and selecting "Run As...", the program functioned fine. I found out that launches t...
Hi. I have a really simple piece of code that creates a DirectoryEntry object which is attached to a w3svc object on a remote server. The C# code I have is as follows (NOTE: The code runs inside a windows WPF form) public static W3SvcWrapper CreateW3Svc(string machineName, string username...
Hi all, I am trying to impersonate a domain user account in a WPF application so the application can write to a folder on the network. The domain user has sufficient rights to write to this location. I'm using some code found on the net to perform the impersonation. Basically, it calls the native LogonUser method which returns a securi...
Hi, i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login: Web.Config <authenticati...
I hope this is not to paradoxal, but I don't know how this should be done... I have a VS2008 ASP.NET MVC Project with the following Web.Config entry: <authentication mode="Windows"> <forms name=".ADAuthCookie" timeout="10" /> </authentication> This makes the visitor logon automatically with their DOMAIN\username login which...
I would like to temporarily impersonate a domain user account to read in a file on a network drive from an ASP.NET site. I would rather not set up impersonation for the entire site or set up a mapped drive on the server. ...
I have a windows service running which moves files from a watched folder (IO.FileSystemWacher) to a UNC share on a network. The network share is secured, but the share has full control for the Service user; despite this I get problems with the file path not being found. I intend to impersonate the service (current) user, but am not su...
Edit: I think I can boil it down to: I want to use windows authentication mode, but be able to get a list of users like you would with Membership.GetAllUsers(). I'm trying to develop a solution for use on an intranet, so all the users will be authenticated. I guess I'm looking for a best of both worlds solution. Here's the gist (I'...