«

Hi,

I have a asp.net application, which control virtual directory, we want any
user to access and we do not want to use windows authentication(we do not
want windows authentication dialog) or forms authentication(as we do not
want any login page). However we want to impersonate the user.

Could anyone tell how to achieve this.

thanks,
Kedar.

How would you know who the user is to impersonate if you did not
authenticate them somehow?

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"kedar" <> wrote in message
news:...
> Hi,
>
> I have a asp.net application, which control virtual directory, we want any
> user to access and we do not want to use windows authentication(we do not
> want windows authentication dialog) or forms authentication(as we do not
> want any login page). However we want to impersonate the user.
>
> Could anyone tell how to achieve this.
>
> thanks,
> Kedar.
>

as Joe says - you need to auth the user to impersonate him.

Depending on browser settings and other factors you can do that using windows
authentication (without showing the logon dialog box).

what's your scenario?

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> How would you know who the user is to impersonate if you did not
> authenticate them somehow?
>
> Joe K.
>

Dominick,

We want to overcome the window authentication dialog, what you said make me
feel something intresting. Could you tell me the browser setting and other
factors that I need consider for windows authentication not to come up.

thanks,
Kedar.


"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news: om...
> as Joe says - you need to auth the user to impersonate him.
>
> Depending on browser settings and other factors you can do that using
> windows authentication (without showing the logon dialog box).
>
> what's your scenario?
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications
> (http://www.microsoft.com/mspress/books/9989.asp)
>
>> How would you know who the user is to impersonate if you did not
>> authenticate them somehow?
>>
>> Joe K.
>>
>
>

http://msdn.microsoft.com/msdnmag/is...s/default.aspx

Have a look at this article
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Dominick,
>
> We want to overcome the window authentication dialog, what you said
> make me feel something intresting. Could you tell me the browser
> setting and other factors that I need consider for windows
> authentication not to come up.
>
> thanks,
> Kedar.
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
> in message news: om...
>
>> as Joe says - you need to auth the user to impersonate him.
>>
>> Depending on browser settings and other factors you can do that using
>> windows authentication (without showing the logon dialog box).
>>
>> what's your scenario?
>>
>> -----
>> Dominick Baier (http://www.leastprivilege.com)
>> Developing More Secure Microsoft ASP.NET 2.0 Applications
>> (http://www.microsoft.com/mspress/books/9989.asp)
>>
>>> How would you know who the user is to impersonate if you did not
>>> authenticate them somehow?
>>>
>>> Joe K.
>>>