Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Determining identity of a client from a service called from an ASP.NET page

Thread Tools

Determining identity of a client from a service called from an ASP.NET page
Posts: n/a
I'm trying to set something up which works in one configuration but not in
another, so I'm hoping someone will recognise these symptoms and tell me
what's up.

I'm calling a C++ DCOM server (running as a service) from an ASP.NET page,
and these and the client web browser are all authenticated in the same
domain. A method, called from the ASP.NET page, calls CoQueryClientBlanket
in order to find out the identitiy of the user logged into the web browser.
I've set <identity impersonate="true" /> for the website to enable this.

If the website and the service are installed on the same server, the pPrivs
out parameter gets set to the string form of the domain and username of the
user running the client - this is great, although I don't know why it's a
string as it's supposed to be a handle. This is the same as what happens if
I use an app to call the service, rather than a webpage.

But if the website and the service are installed on different servers, the
pPrivs out parameter points to some structure whose identity I can't tell,
but it starts with 0 trying to assume it's a string gives an empty string.

In these two cases, all the other out params from CoQueryClientBlanket are
the same (except the encryption level) so it's not like they're using
different services that give different types of structures in the pPrivs
param - at least, not that I can tell.

So, does anyone know why there's a difference in behaviour depending on
whether the service and website are together or not? Is there a different
way I can inteprpret the pPrivs param, and if so, can I tell how I should be
interpreting it?

Is there a better way to find the identitiy of the client connecting to a
website, from within a DCOM method called from the site (I don't want to
find the client identity from the website and pass it in the method, as that
would be insecure).

I'm assuming this is an ASP.NET related issue, but if not, is there
somewhere better I should post this question?


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET 2.0 Impersonation of fixed identity - truncation of identity JimLad ASP .Net 0 01-16-2009 10:42 AM
HttpContext.Current.User.Identity.Name AND Context.User.Identity.Name; nalbayo ASP .Net 2 11-11-2005 11:12 PM
Difference between System.Web.HttpContext.Current.User.Identity.Name and System.Threading.Thread.CurrentPrincipal.Identity.Name ASP .Net Security 5 11-08-2005 05:25 PM
Issue with Identity Impersonation and user identity used passed for trusted SQL connection. Frederick D'hont ASP .Net Security 0 07-25-2005 02:41 PM
Difference between HttpContext.Current.User.Identity and identity Impersonation Giovanni Bassi ASP .Net 0 10-20-2003 02:25 PM