|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
LogonUser Succeeds - but fails laterHi,
I'm currently using LogonUser to impersonate a user whilst connecting to a database. When I use a valid account (i.e. mine for testing purposes), it impersonates ok (no errors). But as soon as I try to access a resource, in this case Open a connection to the database an Impersonation Failed exception is caught. If I take out the LogonUser impersonation and set the impersonation in the web.config to true, then try again (under my account) no errors are encountered. Anyone have any ideas? > I'm currently using LogonUser to impersonate a user whilst connecting If you are trying to access a resource on the network, impersonation will > to a database. When I use a valid account (i.e. mine for testing > purposes), it impersonates ok (no errors). But as soon as I try to > access a resource, in this case Open a connection to the database an > Impersonation Failed exception is caught. If I take out the LogonUser > impersonation and set the impersonation in the web.config to true, > then try again (under my account) no errors are encountered. fail since the process token is used instead of the thread token. In this case you should use delegation instead. Personally I suggest not to use impersonation and to access the db with a fixed account. In this case you should deal with security checks in your managed application using framework role-based security. -- Raffaele Rialdi Microsoft .NET MVP http://mvp.support.microsoft.com - http://italy.mvps.org UGIdotNET - User Group Italiano .NET http://www.ugidotnet.org Weblog: http://blogs.ugidotnet.org/raffaele What is actually failing? Both approaches should end up with the same net
result. If you can use impersonation in the web.config to accomplish what you want though, why write code to do this? Joe K. <questi***@resolutionsnet.co.uk> wrote in message Show quoteHide quote news:1121957555.553409.284360@g49g2000cwa.googlegroups.com... > Hi, > > I'm currently using LogonUser to impersonate a user whilst connecting > to a database. When I use a valid account (i.e. mine for testing > purposes), it impersonates ok (no errors). But as soon as I try to > access a resource, in this case Open a connection to the database an > Impersonation Failed exception is caught. If I take out the LogonUser > impersonation and set the impersonation in the web.config to true, then > try again (under my account) no errors are encountered. > > Anyone have any ideas? > On 21 Jul 2005 07:52:35 -0700, questi***@resolutionsnet.co.uk wrote:
¤ Hi, ¤ ¤ I'm currently using LogonUser to impersonate a user whilst connecting ¤ to a database. When I use a valid account (i.e. mine for testing ¤ purposes), it impersonates ok (no errors). But as soon as I try to ¤ access a resource, in this case Open a connection to the database an ¤ Impersonation Failed exception is caught. If I take out the LogonUser ¤ impersonation and set the impersonation in the web.config to true, then ¤ try again (under my account) no errors are encountered. ¤ ¤ Anyone have any ideas? What type of database are you using? Where is it located? Paul ~~~~ Microsoft MVP (Visual Basic) Thanks guys,
Still not working. I should explain my situation further, It is a web application, impersonation is set to true because we need to initially act as the user entering the intranet site. But any calls to the database need to be under a different account. This account has yet to be set up, but for testing purposes I am using my own login account. Now if I run the application and not user the LogonUser code, everything works ok (accessing the database using my account via impersonation). Now if I use the LogonUser code with the same account details (i.e. mine) the call fails (I pass LogonUser ok, it get's validated and a token generated). Thanks for any help Paul Clement wrote: Show quoteHide quote > On 21 Jul 2005 07:52:35 -0700, questi***@resolutionsnet.co.uk wrote: > > ¤ Hi, > ¤ > ¤ I'm currently using LogonUser to impersonate a user whilst connecting > ¤ to a database. When I use a valid account (i.e. mine for testing > ¤ purposes), it impersonates ok (no errors). But as soon as I try to > ¤ access a resource, in this case Open a connection to the database an > ¤ Impersonation Failed exception is caught. If I take out the LogonUser > ¤ impersonation and set the impersonation in the web.config to true, then > ¤ try again (under my account) no errors are encountered. > ¤ > ¤ Anyone have any ideas? > > What type of database are you using? Where is it located? > > > Paul > ~~~~ > Microsoft MVP (Visual Basic) In addition,
It's ASP.NET 1.1 on one server (XP) and SQL Server on another (Windows 2003) questi***@resolutionsnet.co.uk wrote: Show quoteHide quote > Thanks guys, > > Still not working. > > I should explain my situation further, It is a web application, > impersonation is set to true because we need to initially act as the > user entering the intranet site. But any calls to the database need to > be under a different account. This account has yet to be set up, but > for testing purposes I am using my own login account. > > Now if I run the application and not user the LogonUser code, > everything works ok (accessing the database using my account via > impersonation). Now if I use the LogonUser code with the same account > details (i.e. mine) the call fails (I pass LogonUser ok, it get's > validated and a token generated). > > Thanks for any help > > Paul Clement wrote: > > On 21 Jul 2005 07:52:35 -0700, questi***@resolutionsnet.co.uk wrote: > > > > ¤ Hi, > > ¤ > > ¤ I'm currently using LogonUser to impersonate a user whilst connecting > > ¤ to a database. When I use a valid account (i.e. mine for testing > > ¤ purposes), it impersonates ok (no errors). But as soon as I try to > > ¤ access a resource, in this case Open a connection to the database an > > ¤ Impersonation Failed exception is caught. If I take out the LogonUser > > ¤ impersonation and set the impersonation in the web.config to true, then > > ¤ try again (under my account) no errors are encountered. > > ¤ > > ¤ Anyone have any ideas? > > > > What type of database are you using? Where is it located? > > > > > > Paul > > ~~~~ > > Microsoft MVP (Visual Basic) After double check all my settings, I noticed that I had not turned on
my Digest setting in IIS. Obviously without this I can not make more than one hop across the network. Thank you for your help anyway. questi***@resolutionsnet.co.uk wrote: Show quoteHide quote > In addition, > > It's ASP.NET 1.1 on one server (XP) and SQL Server on another (Windows > 2003) > > questi***@resolutionsnet.co.uk wrote: > > Thanks guys, > > > > Still not working. > > > > I should explain my situation further, It is a web application, > > impersonation is set to true because we need to initially act as the > > user entering the intranet site. But any calls to the database need to > > be under a different account. This account has yet to be set up, but > > for testing purposes I am using my own login account. > > > > Now if I run the application and not user the LogonUser code, > > everything works ok (accessing the database using my account via > > impersonation). Now if I use the LogonUser code with the same account > > details (i.e. mine) the call fails (I pass LogonUser ok, it get's > > validated and a token generated). > > > > Thanks for any help > > > > Paul Clement wrote: > > > On 21 Jul 2005 07:52:35 -0700, questi***@resolutionsnet.co.uk wrote: > > > > > > ¤ Hi, > > > ¤ > > > ¤ I'm currently using LogonUser to impersonate a user whilst connecting > > > ¤ to a database. When I use a valid account (i.e. mine for testing > > > ¤ purposes), it impersonates ok (no errors). But as soon as I try to > > > ¤ access a resource, in this case Open a connection to the database an > > > ¤ Impersonation Failed exception is caught. If I take out the LogonUser > > > ¤ impersonation and set the impersonation in the web.config to true, then > > > ¤ try again (under my account) no errors are encountered. > > > ¤ > > > ¤ Anyone have any ideas? > > > > > > What type of database are you using? Where is it located? > > > > > > > > > Paul > > > ~~~~ > > > Microsoft MVP (Visual Basic) 
Other interesting topics
Import RSA parameters from .PEM format
CryptoAPI, System.Security.Cryptography Interoperability Authenticate User in Windows 2000 machine .NET 2.0 Membership "role context" Getting User Information from a SID Export and Import RSA Key Container Get an unauthenticated windowsIdentity? Cryptography implementation using memeorystream Weird registry behavior when writing to custom event log IsInRole & SID/Token Caching in .NET v1.1 |
|||||||||||||||||||||||
