Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1200
  • Last Modified:

How to pass a WindowsIdentity object to a web service method?

Hi, I have a web service method which accepts a parameter of type System.Security.Principal.WindowsIdentity.
When I make my web reference from my client project, it creates a namespace for it, and in there a "WindowsIdentity" object. Then when I call the method from the client, it unsuccessfully tries to cast from System.Security.Principal.WindowsIdentity to ServiceReferenceNamespace.WindowsIdentity.

what am I doing wrong here? why is it creating a new class? I'm kind of new to web services, so please bear with me.

Below is my service method:
[WebMethod]
        public Content GetContents(string Path, WindowsIdentity authUser)
        {
            FileAttributes attr = File.GetAttributes(Path);
            if ((attr & FileAttributes.Directory) == FileAttributes.Directory)
            {
                //folder
                FileSystemAccessRule rule = GetDirectoryPermissions(authUser, Path);
                if (rule != null && ((rule.FileSystemRights & FileSystemRights.ListDirectory) == FileSystemRights.ListDirectory && rule.AccessControlType == AccessControlType.Allow))
                {
                    return new Content() { DirectoryListing = GetDirectoryContents(Path), IsDirectory = true };
                }
            }
            else
            {
                //file
                FileSystemAccessRule rule = GetFilePermissions(authUser, Path);
                if (rule != null && ((rule.FileSystemRights & FileSystemRights.Read) == FileSystemRights.Read && rule.AccessControlType == AccessControlType.Allow))
                {
                    return new Content() { File = GetFile(Path), IsDirectory = false };
                }
            }
            return null;
        }

Open in new window

0
colonel720
Asked:
colonel720
  • 4
  • 2
1 Solution
 
Bob LearnedCommented:
Do you have a WindowsIdentity class defined in the Web Service?  What happens if you fully qualify the type (System.Security.Principal.WindowsIdentity)?
0
 
colonel720Author Commented:
I do not have a windowsidentity class defined, and if i fully qualify the type it still creates its own proxy class and tries to cast to it on service call.
0
 
Bob LearnedCommented:
Wells, let's ask first why you need to pass in the WindowsIdentity object into a web method?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
colonel720Author Commented:
There was a problem with impersonation, I wondered if it was possible.
anyway I have a new problem.
the webservice is deployed to IIS, and i am getting System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.
however the account which the application pool is configured to run as is a domain admin, and the individual IIS application is configured to run on anonymous authentication under that same domain admin account.
What do i need to do to get "SeSecurityPrivilege" to that account?
0
 
colonel720Author Commented:
This is when I try to execute the following code:
DirectorySecurity dirSecurity = Directory.GetAccessControl(folderPath, AccessControlSections.All);
            AuthorizationRuleCollection ruleList = dirSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
0
 
colonel720Author Commented:
Never mind, go that figured out - the IIS application pool identity account needed explicit (not inherited) membership of the local admins group on the machine.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now