Solved

ASP.NET 2.0 - Impersonation - Windows Authentication - Active Directory Groups - 500 points

Posted on 2007-12-02
10
3,407 Views
Last Modified: 2013-11-06
I have created an website for our Intranet. The users can access the pages through windows authentication / active directory groups. Only if the Windows user is in the correct active directory group, does the access work.

In case a user is sitting at the desk with someone who doesn't have access to this intranet site, I have created a login page, which impersonates the current windows user. This works fine so far, but only within the current page.

How can I set this impersonation to work throughout the entire site?


Private Sub cmdImpersonate_Click(ByVal sender As Object, ByVal e As System.EventArgs)
            Dim myPrincipal As WindowsPrincipal = DirectCast(System.Threading.Thread.CurrentPrincipal, WindowsPrincipal)
            Dim iuser As New ImpersonateUser(Me.Name.Text, Me.Domain.Text, Me.Pwd.Text)
            Me.theNewUser = iuser.ImpersonationContext
            myPrincipal = DirectCast(System.Threading.Thread.CurrentPrincipal, WindowsPrincipal)
            Dim swr As System.IO.StreamWriter = Nothing
            Try
                TextBox1.Text = System.Security.Principal.WindowsIdentity.GetCurrent().Name
            Catch eXP As Exception
                Response.Write(eXP.ToString())
            Finally
                If swr IsNot Nothing Then
                    swr.Close()
                End If
            End Try

Open in new window

0
Comment
Question by:riffrack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 16

Expert Comment

by:McExp
ID: 20392085
Site level impersonation shouldn't need any coding as it can all be configured from your web.config.


	<system.web>
		<authentication mode="Windows"/>
		<identity impersonate="true"/>
	</system.web>

Open in new window

0
 

Author Comment

by:riffrack
ID: 20392130
Hi Mc Exp

where can the user type in the username & password?
0
 
LVL 16

Accepted Solution

by:
McExp earned 500 total points
ID: 20392408
you should just be able to use the normal login dialog. If you log on as a user who has no access, the user name password dialog pops up, then they can type in credentials of a user that has permission.

The other option is to right click on the internet explorer icon and select "RunAs", then the correct credentials, this will run IE in the correct users context, and should also work just fine.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:riffrack
ID: 20392494
For a technical user, the "RunAs" option is no problem. In my case many of the users will have trouble using the "RunAs" method.

Is there no way of including a username & password page, where the credentials can be entered manually?
0
 
LVL 16

Expert Comment

by:McExp
ID: 20392584
I don't have any easy solutions that would use windows integration, you might be able to do something with a custom membership provider, but nothing springs to mind that would be secure. Using plain Windows auth is far and away the preferred, as all the solutions I can think of involve storing the password in plain I don't think I would recommend it!

Did the first solution not work for you?
I've done a test here and found I don't need any of that If I have two users one the logged on (that has no auth) and a second that does, when I browse to the page using the first a dialog pops up to ask for a user name and password I then enter the info for the second and all is fine! IE then caches the credentials for the requests that follow in that session.
0
 

Author Comment

by:riffrack
ID: 20392628
that sounds great - I have one question with that solution.

You have created 2 users, 1 with no auth and 1 with. In my case there is a third situation. There are admin users and normal users, what if I am logged on as a normal user and want to switch to admin user?

Can this be done with your suggestion?
0
 
LVL 16

Expert Comment

by:McExp
ID: 20392682
Ok, when I said auth I meant one was in an ad group the other wasn't. They where both configured to use Windows auth, I don't see any problems in your situation
0
 

Author Comment

by:riffrack
ID: 20394250
Can you explain to me how it would be possible to switch from admin to normal user?
0
 
LVL 16

Expert Comment

by:McExp
ID: 20397306
the basic solution will only work if the normal user tries to browse to a admin only page, this will then return the login dialog, after which the admin user will enter there details, since they are admin why not just runas, surely it's not that complicated a concept?
0
 
LVL 16

Expert Comment

by:McExp
ID: 20397324
Using windows auth was never really designed to work in the way you suggest. It is intended to simplify the auth such that the currently logged on user gets logged in automatically and everything should be transparent. The only other alternative would be to write your own Membership provider which extends the Windows Token Membership Provider (combines with the Forms Membership Provider)
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
THe viewer will learn how to use NetBeans IDE 8.0 for Windows to perform CRUD operations on a MySql database.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question