Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Impersonation issue

Reply
Thread Tools

Impersonation issue

 
 
Kallely Sajan [MVP]
Guest
Posts: n/a
 
      05-13-2004
We have an Authentication COM component written using SSPI functions . The
component provides methods to Impersonate and Revert back to original
security context. When use this component in an ASP page to Authenticate and
then Impersonate the authenticated user, the identity is correctly set to
the impersonated user. Then we are able to successfully read the
impersonated identity from another COM component running in the ASP page.
The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
option and then retrieves the SID of the impersonated user account.
Now here's our problem. When try to do the same in an ASP.NET application
using Interop's it doesn't work. One interop is for the Authentication
component and another is for the component which reads the current identity.
The second Interop fails to read the impersonated identity and it returns
always the ASPNET user. OpenThreadToken() fails and returns Error Code :
1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
token that does not exist.

As you know we are not dependant on ASP.NET built-in impersonation and the
Web.Config settings doesn't matter here.

Any ideas will be of great help.
--

Regards,
Sajan.

PS: Please don't send me direct emails, use the newsroom.


 
Reply With Quote
 
 
 
 
Scott Allen
Guest
Posts: n/a
 
      05-14-2004
Hi Sajan:

If the components you are using run in an STA, you'll need to add
AspCompat="true" to your @Page directive. To check the threading model
look in HKCR\CLSID\yourclsid\InprocServer32\ThreadingModel .

The asp.net pages run in an MTA by default, meaning any STA component
will be executing on a different thread that is not impersonating.

HTH,

--
Scott
http://www.OdeToCode.com

On Thu, 13 May 2004 15:33:42 -0500, "Kallely Sajan [MVP]"
<(E-Mail Removed)> wrote:

>We have an Authentication COM component written using SSPI functions . The
>component provides methods to Impersonate and Revert back to original
>security context. When use this component in an ASP page to Authenticate and
>then Impersonate the authenticated user, the identity is correctly set to
>the impersonated user. Then we are able to successfully read the
>impersonated identity from another COM component running in the ASP page.
>The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
>option and then retrieves the SID of the impersonated user account.
>Now here's our problem. When try to do the same in an ASP.NET application
>using Interop's it doesn't work. One interop is for the Authentication
>component and another is for the component which reads the current identity.
>The second Interop fails to read the impersonated identity and it returns
>always the ASPNET user. OpenThreadToken() fails and returns Error Code :
>1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
>token that does not exist.
>
>As you know we are not dependant on ASP.NET built-in impersonation and the
>Web.Config settings doesn't matter here.
>
>Any ideas will be of great help.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Impersonation issue Silmar ASP .Net 1 12-15-2007 11:54 AM
Impersonation Issue -Steve- ASP .Net 0 03-15-2007 01:43 AM
perplexing impersonation/SQL issue =?Utf-8?B?QWNvbnF1aWph?= ASP .Net 0 09-11-2006 06:27 PM
Security Issue - Impersonation =?Utf-8?B?SmltIEhlYXZleQ==?= ASP .Net 0 09-26-2005 09:01 PM
Issue with ASP.NET client, COM Interop, and Identity impersonation Anil Krishnamurthy ASP .Net 12 10-05-2004 10:05 PM



Advertisments