Shepwedd
asked on
How do I use impersonation in a ASP.NET C# Web Site to simply show the current users login details in a textbox?
I have written the attached code to write the current users login details to a text box control in my asp.net web site but all I seem to get written to the text box as a result is: "System.Security.Principal
Thanks.
Thanks.
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Principal;
using System.Runtime.InteropServices;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
TextBox1.Text = impersonationContext.ToString();
//impersonationContext.Undo();
}
}
ASKER
Thanks that worked!
I'm next having to pass a document number that comes from a database to my web page using query string variables and the impersonation method so the particular users security is passed through against the document. Would you know how to do this also?
Thanks.
I'm next having to pass a document number that comes from a database to my web page using query string variables and the impersonation method so the particular users security is passed through against the document. Would you know how to do this also?
Thanks.
To pass variable in the querystring you could to a response.redirect
Have a look at the following website for some examples
Passing variables between pages using QueryString
http://www.codeproject.com/KB/aspnet/QueryString.aspx
Have a look at the following website for some examples
Passing variables between pages using QueryString
http://www.codeproject.com/KB/aspnet/QueryString.aspx
Response.Redirect("Webform2.aspx?var1=" + strVar1 + "&var2=" +
strVar2);
If you want to maintain impersonation across multiple ASP.NET pages then it might be better to apply the impersonation in the web.config using the identity tag
see
ASP.NET Impersonation
http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx
see
ASP.NET Impersonation
http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx
<identity impersonate="true"
userName="domain\user"
password="password" />
ASKER
Thanks!
But if I put the impersonation in the web.cofig does that not mean that I will have to declare all the users in the web.config? I want it to be dynamic you see.
But if I put the impersonation in the web.cofig does that not mean that I will have to declare all the users in the web.config? I want it to be dynamic you see.
ASKER
In other words, I want the web site to pickup the user details then check against the user whether they have the correct permissions to view whats behind the query string.
Thanks.
Thanks.
Putting the impersonate in the web.config will effect all users running the ASP.NET app so it will not help you.
ASP.NET pages run under the ASP.NET account on the web server or under another account if you do impersonation, I don't think that it is designed to identify the Windows account of a user who is browsing your website.
You will need to get them to login and then control what they can access that way.
It would probably be easier to write a SQL database to manage their access to various documents than to check their file permissions/
ASP.NET pages run under the ASP.NET account on the web server or under another account if you do impersonation, I don't think that it is designed to identify the Windows account of a user who is browsing your website.
You will need to get them to login and then control what they can access that way.
It would probably be easier to write a SQL database to manage their access to various documents than to check their file permissions/
ASKER
Thanks!
I was mearly wanting to use impersonation as a means for troubleshooting issues and application developement. Am I not right in saying that I can set an impersonation password on a server and then use that to mimic other users so I can test document security without needing to know the users own windows password to login via trusted login?
I was mearly wanting to use impersonation as a means for troubleshooting issues and application developement. Am I not right in saying that I can set an impersonation password on a server and then use that to mimic other users so I can test document security without needing to know the users own windows password to login via trusted login?
When you use impersonate your ASP.NET application will impersonate that user for the entire duration of your application's execution. So your ASP.NET application can access resources that are available to that Windows account via a trusted connection/login.
However you will need to know the username and password.
You cannot do it without the password.
However you will need to know the username and password.
You cannot do it without the password.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
Open in new window