Solved

Web service thread doesn’t inherit security context

Posted on 2004-08-24
2
332 Views
Last Modified: 2010-04-17
Using .NET 1.1 – Windows 2003.

I've created a web service that spawns a thread.  The service needs access to other servers, so I've created a user (lets call it "ServiceUser") with privileges and assigned the "anonymous user" in IIS to that user.  I then added <identity impersonate="true"/> to the web.config of my web service.

From inside any of the functions of the web service I make a call to WindowsIdentity.GetCurrent (which displays the current user), it returns "ServiceUser".  Great!  If I spawn a thread from that function and launch it, then I call WindowsIdentity.GetCurrent inside that spawned thread, it returns "ASPNET".

All I want is for the thread to have the same security context as it's calling function.  I've read solutions that require "ServiceUser" or ASPNET to have "Act as part of operating system" checked.  Anyone have a more elegant solution?

Thanks,
Chris
0
Comment
Question by:zebrachris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Dragonmen earned 500 total points
ID: 11890163
Thread that you are spawning is using an ASP.NET account becouse no other account is given to that thread.
Every thread has it's own security context.
Look @ this:
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.HowToImpersonateAUserGivenHerToken
0
 

Author Comment

by:zebrachris
ID: 11894112
Actually I've tried assigning the context to the thread directly.

   'create thread to handle processing
   Dim th_DORProcess = New Thread(AddressOf oImportObject.StartProcess_Thread)
   'Pass credentials
   th_DORProcess.CurrentPrincipal = New System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent)
   'start the thread executing
   th_DORProcess.Start()

I've walked through this code and verified that the windows identity I want is set to the current principle of the thread.  Once the thread is started though, it reverts to the ASPNET process.

I tried WindowsImpersonationContext as per Dragonmen's link above and it works great.  (Thanks Dragonmen)

..I am wondering though, why it works.  Microsoft themselves even says that it shouldn't in the comments of the WindowsImpersonationContext example code:

' This sample demonstrates the use of the WindowsIdentity class to impersonate a user.
' IMPORTANT NOTES:
' This sample can be run only on Windows XP.  The default Windows 2000 security policy
' prevents this sample from executing properly, and changing the policy to allow
' proper execution presents a security risk.




0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Six Sigma Control Plans

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question