Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Going from anonymous security to Windows Security in an ASP.NET application

Reply
Thread Tools

Going from anonymous security to Windows Security in an ASP.NET application

 
 
Michael Randrup
Guest
Posts: n/a
 
      03-27-2006
Hi,

I have the following problem:

1) We have to validate users on an anonymous/public-website using a custom
login page.

2) From this login page we redirect them to an extranet site, which shows
them sharepoint information, etc. e.g. from this point on their web requests
should be performed with their impersonated identities not as anonymous
users. The extranet sites uses Windows Integrated Security, while the "main
site" uses anonymous logins.

For them to use the sharepoint functionality we need to impersonate a
windows user that have the correct access to sharepoint. I have gotten so
far as to do the impersonation:

imp = New ImpersonationWrapper

imp.ImpersonateUser("username", "password", "domain")

Me.Context.User = New
System.Security.Principal.WindowsPrincipal(imp.New Id)Me.Cache.Add("W",
Me.Context.User, Nothing, DateTime.MaxValue, New TimeSpan(0, 10, 0),
CacheItemPriority.High, Nothing)


This sets the request context to the correct windows user, using a small
wrapper class around the Win32 LogonUser() API. I can now cache the
IPrincipal and set the context in each form_load() from this point on:

Me.Context.User = CType(Me.Cache("W"), IPrincipal)

My problem is that when I, for example, load the sharepoint page in an
IFRAME on the page, it is not using my impersonated user because the
sharepoint page is located in another web application or something?!?!

Do any of you have a good approach for doing this?!

Thanks in advance!

Michael


 
Reply With Quote
 
 
 
 
Henning Krause [MVP]
Guest
Posts: n/a
 
      03-27-2006
Hello,

the Iframe is populated on the client, not on the server. Therefore, any
impersonation, which takes place on the server has no effect on page loaded
in an IFrame.

Internet Explorer does have a setting regarding windows authentication -
it's buried in the security settings for the
internet/intranet/trusted/restricted sites. If you set this to "Automatic
logon with current username and password", the user won't have to identify
themselves each time.

No other solution here, I'm afraid.

Greetings,
Henning Krause


"Michael Randrup" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> I have the following problem:
>
> 1) We have to validate users on an anonymous/public-website using a custom
> login page.
>
> 2) From this login page we redirect them to an extranet site, which shows
> them sharepoint information, etc. e.g. from this point on their web
> requests should be performed with their impersonated identities not as
> anonymous users. The extranet sites uses Windows Integrated Security,
> while the "main site" uses anonymous logins.
>
> For them to use the sharepoint functionality we need to impersonate a
> windows user that have the correct access to sharepoint. I have gotten so
> far as to do the impersonation:
>
> imp = New ImpersonationWrapper
>
> imp.ImpersonateUser("username", "password", "domain")
>
> Me.Context.User = New
> System.Security.Principal.WindowsPrincipal(imp.New Id)Me.Cache.Add("W",
> Me.Context.User, Nothing, DateTime.MaxValue, New TimeSpan(0, 10, 0),
> CacheItemPriority.High, Nothing)
>
>
> This sets the request context to the correct windows user, using a small
> wrapper class around the Win32 LogonUser() API. I can now cache the
> IPrincipal and set the context in each form_load() from this point on:
>
> Me.Context.User = CType(Me.Cache("W"), IPrincipal)
>
> My problem is that when I, for example, load the sharepoint page in an
> IFRAME on the page, it is not using my impersonated user because the
> sharepoint page is located in another web application or something?!?!
>
> Do any of you have a good approach for doing this?!
>
> Thanks in advance!
>
> Michael
>



 
Reply With Quote
 
 
 
 
Michael Randrup
Guest
Posts: n/a
 
      03-27-2006
Hi Henning,

Thanks for your suggestion. Although it wouldnt work for me in the real
work, because the main site is actually a puclic website, so I have no
control over the browser settings, I just tried your suggestion with my own
browser.

Apearantly the IFRAME posts a second request, which is not in the same
context as the first request for which i am impersonating the
page.context.user object

I would still be happy to hear any suggestions from people, on how it
"integrate" a public website, with a Windows Authenticated website, where we
need to have our own login page instead of the standard Windows logon
dialog.

Regards,
Michael



"Henning Krause [MVP]" <(E-Mail Removed)> wrote in
message news:%(E-Mail Removed)...
> Hello,
>
> the Iframe is populated on the client, not on the server. Therefore, any
> impersonation, which takes place on the server has no effect on page
> loaded in an IFrame.
>
> Internet Explorer does have a setting regarding windows authentication -
> it's buried in the security settings for the
> internet/intranet/trusted/restricted sites. If you set this to "Automatic
> logon with current username and password", the user won't have to identify
> themselves each time.
>
> No other solution here, I'm afraid.
>
> Greetings,
> Henning Krause
>
>
> "Michael Randrup" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> I have the following problem:
>>
>> 1) We have to validate users on an anonymous/public-website using a
>> custom login page.
>>
>> 2) From this login page we redirect them to an extranet site, which shows
>> them sharepoint information, etc. e.g. from this point on their web
>> requests should be performed with their impersonated identities not as
>> anonymous users. The extranet sites uses Windows Integrated Security,
>> while the "main site" uses anonymous logins.
>>
>> For them to use the sharepoint functionality we need to impersonate a
>> windows user that have the correct access to sharepoint. I have gotten so
>> far as to do the impersonation:
>>
>> imp = New ImpersonationWrapper
>>
>> imp.ImpersonateUser("username", "password", "domain")
>>
>> Me.Context.User = New
>> System.Security.Principal.WindowsPrincipal(imp.New Id)Me.Cache.Add("W",
>> Me.Context.User, Nothing, DateTime.MaxValue, New TimeSpan(0, 10, 0),
>> CacheItemPriority.High, Nothing)
>>
>>
>> This sets the request context to the correct windows user, using a small
>> wrapper class around the Win32 LogonUser() API. I can now cache the
>> IPrincipal and set the context in each form_load() from this point on:
>>
>> Me.Context.User = CType(Me.Cache("W"), IPrincipal)
>>
>> My problem is that when I, for example, load the sharepoint page in an
>> IFRAME on the page, it is not using my impersonated user because the
>> sharepoint page is located in another web application or something?!?!
>>
>> Do any of you have a good approach for doing this?!
>>
>> Thanks in advance!
>>
>> Michael
>>

>
>



 
Reply With Quote
 
Henning Krause [MVP]
Guest
Posts: n/a
 
      03-27-2006
Hello,

as I said in my previous post - there is no context on the client...

Your page.context exists purely on the server. Once the site has been sent
to your browser, all that is discarded.

Next step, your browser renders the bits from the server, encounters an
IFrame tag and then fetches the content the frame. That a second, complete
independent request.

You won't get a single-signon experience this way...

Greetings,
Henning Krause

"Michael Randrup" <(E-Mail Removed)> wrote in message
news:uE%(E-Mail Removed)...
> Hi Henning,
>
> Thanks for your suggestion. Although it wouldnt work for me in the real
> work, because the main site is actually a puclic website, so I have no
> control over the browser settings, I just tried your suggestion with my
> own browser.
>
> Apearantly the IFRAME posts a second request, which is not in the same
> context as the first request for which i am impersonating the
> page.context.user object
>
> I would still be happy to hear any suggestions from people, on how it
> "integrate" a public website, with a Windows Authenticated website, where
> we need to have our own login page instead of the standard Windows logon
> dialog.
>
> Regards,
> Michael
>
>
>
> "Henning Krause [MVP]" <(E-Mail Removed)> wrote in
> message news:%(E-Mail Removed)...
>> Hello,
>>
>> the Iframe is populated on the client, not on the server. Therefore, any
>> impersonation, which takes place on the server has no effect on page
>> loaded in an IFrame.
>>
>> Internet Explorer does have a setting regarding windows authentication -
>> it's buried in the security settings for the
>> internet/intranet/trusted/restricted sites. If you set this to "Automatic
>> logon with current username and password", the user won't have to
>> identify themselves each time.
>>
>> No other solution here, I'm afraid.
>>
>> Greetings,
>> Henning Krause
>>
>>
>> "Michael Randrup" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi,
>>>
>>> I have the following problem:
>>>
>>> 1) We have to validate users on an anonymous/public-website using a
>>> custom login page.
>>>
>>> 2) From this login page we redirect them to an extranet site, which
>>> shows them sharepoint information, etc. e.g. from this point on their
>>> web requests should be performed with their impersonated identities not
>>> as anonymous users. The extranet sites uses Windows Integrated Security,
>>> while the "main site" uses anonymous logins.
>>>
>>> For them to use the sharepoint functionality we need to impersonate a
>>> windows user that have the correct access to sharepoint. I have gotten
>>> so far as to do the impersonation:
>>>
>>> imp = New ImpersonationWrapper
>>>
>>> imp.ImpersonateUser("username", "password", "domain")
>>>
>>> Me.Context.User = New
>>> System.Security.Principal.WindowsPrincipal(imp.New Id)Me.Cache.Add("W",
>>> Me.Context.User, Nothing, DateTime.MaxValue, New TimeSpan(0, 10, 0),
>>> CacheItemPriority.High, Nothing)
>>>
>>>
>>> This sets the request context to the correct windows user, using a small
>>> wrapper class around the Win32 LogonUser() API. I can now cache the
>>> IPrincipal and set the context in each form_load() from this point on:
>>>
>>> Me.Context.User = CType(Me.Cache("W"), IPrincipal)
>>>
>>> My problem is that when I, for example, load the sharepoint page in an
>>> IFRAME on the page, it is not using my impersonated user because the
>>> sharepoint page is located in another web application or something?!?!
>>>
>>> Do any of you have a good approach for doing this?!
>>>
>>> Thanks in advance!
>>>
>>> Michael
>>>

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anonymous Services - Can We Get A List Going And Feedback? DasFox Computer Security 43 01-31-2011 07:50 PM
OT: Windows XP: Going, going ... gone? OTHMAN MCSE 2 03-25-2008 04:45 PM
Is this a local anonymous class or a member anonymous class Reporter Java 3 05-12-2007 05:23 AM
help with an anonymous array of anonymous hashes noeldamonmiller@gmail.com Perl Misc 1 02-10-2005 01:08 AM
issues mixing integrated Windows authentication and anonymous on same application developer ASP .Net Security 2 08-31-2004 07:32 AM



Advertisments