zebrachris
asked on
Web service thread doesn’t inherit security context
Using .NET 1.1 – Windows 2003.
I've created a web service that spawns a thread. The service needs access to other servers, so I've created a user (lets call it "ServiceUser") with privileges and assigned the "anonymous user" in IIS to that user. I then added <identity impersonate="true"/> to the web.config of my web service.
From inside any of the functions of the web service I make a call to WindowsIdentity.GetCurrent (which displays the current user), it returns "ServiceUser". Great! If I spawn a thread from that function and launch it, then I call WindowsIdentity.GetCurrent inside that spawned thread, it returns "ASPNET".
All I want is for the thread to have the same security context as it's calling function. I've read solutions that require "ServiceUser" or ASPNET to have "Act as part of operating system" checked. Anyone have a more elegant solution?
Thanks,
Chris
I've created a web service that spawns a thread. The service needs access to other servers, so I've created a user (lets call it "ServiceUser") with privileges and assigned the "anonymous user" in IIS to that user. I then added <identity impersonate="true"/> to the web.config of my web service.
From inside any of the functions of the web service I make a call to WindowsIdentity.GetCurrent
All I want is for the thread to have the same security context as it's calling function. I've read solutions that require "ServiceUser" or ASPNET to have "Act as part of operating system" checked. Anyone have a more elegant solution?
Thanks,
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
'create thread to handle processing
Dim th_DORProcess = New Thread(AddressOf oImportObject.StartProcess
'Pass credentials
th_DORProcess.CurrentPrinc
'start the thread executing
th_DORProcess.Start()
I've walked through this code and verified that the windows identity I want is set to the current principle of the thread. Once the thread is started though, it reverts to the ASPNET process.
I tried WindowsImpersonationContex
..I am wondering though, why it works. Microsoft themselves even says that it shouldn't in the comments of the WindowsImpersonationContex
' This sample demonstrates the use of the WindowsIdentity class to impersonate a user.
' IMPORTANT NOTES:
' This sample can be run only on Windows XP. The default Windows 2000 security policy
' prevents this sample from executing properly, and changing the policy to allow
' proper execution presents a security risk.