Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > identity impersonate=true masks the identity of the app pool for trusted sql connections

Reply
Thread Tools

identity impersonate=true masks the identity of the app pool for trusted sql connections

 
 
Popezilla
Guest
Posts: n/a
 
      03-18-2007
I have my ASP.NET sites setup to connect to SQL Server using trusted
security and their application pool identities according to this
article: http://msdn2.microsoft.com/en-us/library/ms998292.aspx

Everything is working fine without trouble.

However, now I have a site which requires the identity
impersonate=true web config setting so that it knows the active
directory id of the web user. I have to have the impersonate flag
turned on because I use the AspNetWindowsTokenRoleProvider to
authorize my users.

The problem is that when impoersonate=true, the site no loner connects
to the database with the app pool identity. Instead, it uses either
the user's identity if basic authentication is enabled or some other
local machine account.

How can I accomplish both in the same web site? How can I have the
site use trusted security and connect to my SQL server under the
identity of the app pool AND have impoersonate=true so that I know the
AD id of the user?

Thanks for your help.

 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      03-18-2007
What do you mean with AD id?? The username?

You get that from Context.User.Identity.Name - and no impersonation is required
for that (nor for the token role provider - but i see no value in using that
anyways).

Make sure windows auth is enabled in IIS - and anonymous is turned off..

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> I have my ASP.NET sites setup to connect to SQL Server using trusted
> security and their application pool identities according to this
> article: http://msdn2.microsoft.com/en-us/library/ms998292.aspx
>
> Everything is working fine without trouble.
>
> However, now I have a site which requires the identity
> impersonate=true web config setting so that it knows the active
> directory id of the web user. I have to have the impersonate flag
> turned on because I use the AspNetWindowsTokenRoleProvider to
> authorize my users.
>
> The problem is that when impoersonate=true, the site no loner connects
> to the database with the app pool identity. Instead, it uses either
> the user's identity if basic authentication is enabled or some other
> local machine account.
>
> How can I accomplish both in the same web site? How can I have the
> site use trusted security and connect to my SQL server under the
> identity of the app pool AND have impoersonate=true so that I know the
> AD id of the user?
>
> Thanks for your help.
>



 
Reply With Quote
 
 
 
 
Popezilla
Guest
Posts: n/a
 
      03-18-2007
On Mar 17, 11:21 pm, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.com> wrote:
> What do you mean with AD id?? The username?
>
> You get that from Context.User.Identity.Name - and no impersonation is required
> for that (nor for the token role provider - but i see no value in using that
> anyways).
>
> Make sure windows auth is enabled in IIS - and anonymous is turned off..
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
>
>
> > I have my ASP.NET sites setup to connect to SQL Server using trusted
> > security and their application pool identities according to this
> > article:http://msdn2.microsoft.com/en-us/library/ms998292.aspx

>
> > Everything is working fine without trouble.

>
> > However, now I have a site which requires the identity
> > impersonate=true web config setting so that it knows the active
> > directory id of the web user. I have to have the impersonate flag
> > turned on because I use the AspNetWindowsTokenRoleProvider to
> > authorize my users.

>
> > The problem is that when impoersonate=true, the site no loner connects
> > to the database with the app pool identity. Instead, it uses either
> > the user's identity if basic authentication is enabled or some other
> > local machine account.

>
> > How can I accomplish both in the same web site? How can I have the
> > site use trusted security and connect to my SQL server under the
> > identity of the app pool AND have impoersonate=true so that I know the
> > AD id of the user?

>
> > Thanks for your help.- Hide quoted text -

>
> - Show quoted text -


Thank you. I was using WindowsIdentity.GetCurrent() which would not
return the account name of the user unless the impersonate flag was
set.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
asp.net sql trusted connections between servers Rob ASP .Net Security 2 10-24-2005 12:23 PM
asp.net sql trusted connections between machines Rob ASP .Net 2 10-21-2005 10:11 PM
Issue with Identity Impersonation and user identity used passed for trusted SQL connection. Frederick D'hont ASP .Net Security 0 07-25-2005 02:41 PM
Using SQL trusted connections with ASP.NET =?Utf-8?B?QWRhbSBHZXRjaGVsbA==?= ASP .Net 5 03-04-2005 07:29 PM
Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached. Guoqi Zheng ASP .Net 4 06-03-2004 06:39 PM



Advertisments