« Previous Next »

Thread: Identity Impersonation

Last post 02-18-2009 5:42 PM by robkisupside. 2 replies.

Average Rating Rate It (5)

RSS

Page 1 of 1 (3 items)

Sort Posts:

Shortcuts

Search | Active Posts | Unanswered Posts | View all users

  • 02-18-2009, 4:37 PM

    Identity Impersonation

    Reply Contact

    Hello,

    We're involved in adding support for our asp.net application using IIS 7 integrated pipeline mode and I'm looking for more information as to why validation is not an issue when setting a specific impersonated identity as opposed to simply setting it to true (500 error unless you set username and password attributes).

    Seems I'm missing something fundamental but it occurs to me the requesting user, under windows integrated security, is either way a member and user of the domain with similar access rights, so why does it matter (I read the restriction involving begin and authenticaterequest processing but isn't it still the same limitation if we use a defined id in the web.config)?

    Appreciate any links to additional reading or some discussion if you will.

    Thanks,

    Rob
    Tags:

  • 02-18-2009, 5:05 PM In reply to

    • anilr
    • Top 10 Contributor
    • Joined on 05-23-2006, 10:13 PM
    • Redmond, WA
    • Posts 2,343

    Re: Identity Impersonation

    Reply Contact

    When you define a specific identity, that information is available for all notifications - in case of using authenticated user identity for impersonation, that information is only available after authentication has been performed, so is not available to modules in Begin/Authenticate state.

    Anil Ruia
    Senior Software Design Engineer
    IIS Core Server

  • 02-18-2009, 5:42 PM In reply to

    Re: Identity Impersonation

    Reply Contact

    Thanks for the quick reply Anil, I think I understand what you're saying since the integration is managing authentication at a later stage when not specifying a dedicated identity.

    We hope to continue using impersonation with a defined identity to help manage UNC authentication and access to remote resources.  We also need to maintain a consistent configuration profile for IIS 6 compatibility (we've used this for a couple of years now).  Is there a good reason not to utilize this in our application under IIS 7 or are there any other problems you foresee in doing so?

    Appreciate your assistance.

    Thanks,

     Rob
Page 1 of 1 (3 items)
Microsoft Communities