ASP.NET
Impersonation controls the application identity of Web application.
This
is a security element
This
element can be declared at any level (machine, site, application, subdirectory,
or page).
Impersonation
is disabled by default.
Impersonation is disabled. This is the default setting. For
backward compatibility with ASP, you must enable impersonation and change the
ASP.NET process identity to use the Local System account. In this instance, the
ASP.NET thread runs using the process token of the application worker process
regardless of which combination of IIS and ASP.NET authentication is used. By
default, the process identity of the application worker process is the ASPNET
account. For more information, see ASP.NETProcess Identity.
<identity impersonate="false"
/>
|
Impersonation enabled. In this instance, ASP.NET
impersonates the token passed to it by IIS, which is either an authenticated
user or the anonymous Internet user account (IUSR_machinename).
<identity impersonate="true"
/>
|
Impersonation enabled for a specific identity. Above
example is to impersonate a specific user for all the requests on all pages of
an ASP.NET application, you can specify the userName and password
attributes in the <identity> tag of the Web.config file for that
application. For example
<identity impersonate="true"
userName="domain\user"
password="password" />
|
However
sometimes this is risky to impersonate any user to your sites, especially when
your application is embedded in SharePoint sites. Because if you do so; then
all users who logs in to the SharePoint site will be treated as impersonated
user which you have mentioned in the identity element.
For
example: if you have a system account used in identity element of a SharePoint
site, then after any log in to site, user will be considered as System Account
only, hence user will get full access to your site.
Since
we cannot add all users in Web.config based on their access rights. To avoid
such scenario, we can authenticate logged in users programmatically.
Below
is the small example in C# to authenticate user programmatically
System.Security.Principal.WindowsImpersonationContext
impersonationContext;
impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
\\Insert your code that runs under the security context
of the authenticating user here.
impersonationContext.Undo();
|
About Author:
Harshad Pednekar is budding technology geek, who helps Systems Plus with his creativity and research on technology. He works in Systems Plus and actively contributes to technology. To read more interesting articles from him , please follow: http://harshadpednekar.blogspot.in
No comments:
Post a Comment