Asp.net impersonate

[Joe Kaplan \(MVP - ADSI\)]

I don't think impersonation loads the user profile of the account being
impersonated. If you think about it, that would make impersonation very
slow.

Do you need the user profile loaded for some reason?

Joe K.

"Frederik Vermeersch via .NET 247" <anonymous@dotnet247.com> wrote in
message news:%23$tKgsPjEHA.3148@TK2MSFTNGP10.phx.gbl...

> Hi,
>
> My global.asax contains:
> <authentication mode="Windows" />
> <identity impersonate="true"/>
>
> in my aspx page Environment.UserName returns the correct impersonated

username,

> but Environment.GetEnvironmentVariable("USERPROFILE") returns the

userprofile of the ASPNET user, being: C:\Documents and
Settings\COMPUTERNAME\ASPNET

> (Strange behaviour, but I asume that this is by design.)
> Is there no way to return the userprofile for the impersonated account?
>
> Thanks,
> Frederik
>
> -----------------------
> Posted by a user from .NET 247 ([url]http://www.dotnet247.com/[/url])
>
> <Id>EUpSiezJAUCDSil1IuWbOg==</Id>

[Patrick.O.Ige]

Hi Joe,
If i use this web config file:-
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Can i control the GROUPS the users would be able to validate against the
Active Directory?For example if i allow only members in a security group in
the Active Directory to authenticate and deny the others.Would it work?
Check this link at :-
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/act[/url]
ive_directory_authentication_from_asp__net.asp
Thanks




"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eW$kZLXjEHA.394e [email]4@tk2msftngp13.phx.gbl[/email]...

> I don't think impersonation loads the user profile of the account being
> impersonated. If you think about it, that would make impersonation very
> slow.
>
> Do you need the user profile loaded for some reason?
>
> Joe K.
>
> "Frederik Vermeersch via .NET 247" <anonymous@dotnet247.com> wrote in
> message news:%23$tKgsPjEHA.3148@TK2MSFTNGP10.phx.gbl...

> > Hi,
> >
> > My global.asax contains:
> > <authentication mode="Windows" />
> > <identity impersonate="true"/>
> >
> > in my aspx page Environment.UserName returns the correct impersonated

> username,

> > but Environment.GetEnvironmentVariable("USERPROFILE") returns the

> userprofile of the ASPNET user, being: C:\Documents and
> Settings\COMPUTERNAME\ASPNET

> > (Strange behaviour, but I asume that this is by design.)
> > Is there no way to return the userprofile for the impersonated account?
> >
> > Thanks,
> > Frederik
> >
> > -----------------------
> > Posted by a user from .NET 247 ([url]http://www.dotnet247.com/[/url])
> >
> > <Id>EUpSiezJAUCDSil1IuWbOg==</Id>

>
>

[Joe Kaplan \(MVP - ADSI\)]

For this you would usually do something like:

<authorization>
<allow roles="domain\groupname"/>
<deny users="*"/>
</authorization>

You can use multiple groups separated by commas in the allow list.

HTH,

Joe K.

"Patrick.O.Ige" <patrickige@acn.waw.pl> wrote in message
news:Oqj4gJcjEHA.3428@TK2MSFTNGP11.phx.gbl...

> Hi Joe,
> If i use this web config file:-
> <authorization>
> <deny users="?"/>
> <allow users="*"/>
> </authorization>
> Can i control the GROUPS the users would be able to validate against the
> Active Directory?For example if i allow only members in a security group

in

> the Active Directory to authenticate and deny the others.Would it work?
> Check this link at :-
>

[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/act[/url]

> ive_directory_authentication_from_asp__net.asp
> Thanks
>
>
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:eW$kZLXjEHA.394e [email]4@tk2msftngp13.phx.gbl[/email]...

> > I don't think impersonation loads the user profile of the account being
> > impersonated. If you think about it, that would make impersonation very
> > slow.
> >
> > Do you need the user profile loaded for some reason?
> >
> > Joe K.
> >
> > "Frederik Vermeersch via .NET 247" <anonymous@dotnet247.com> wrote in
> > message news:%23$tKgsPjEHA.3148@TK2MSFTNGP10.phx.gbl...

> > > Hi,
> > >
> > > My global.asax contains:
> > > <authentication mode="Windows" />
> > > <identity impersonate="true"/>
> > >
> > > in my aspx page Environment.UserName returns the correct impersonated

> > username,

> > > but Environment.GetEnvironmentVariable("USERPROFILE") returns the

> > userprofile of the ASPNET user, being: C:\Documents and
> > Settings\COMPUTERNAME\ASPNET

> > > (Strange behaviour, but I asume that this is by design.)
> > > Is there no way to return the userprofile for the impersonated

account?

> > >
> > > Thanks,
> > > Frederik
> > >
> > > -----------------------
> > > Posted by a user from .NET 247 ([url]http://www.dotnet247.com/[/url])
> > >
> > > <Id>EUpSiezJAUCDSil1IuWbOg==</Id>

> >
> >

>
>

[naijacoder naijacoder]

Web config problem:-
-------------------
If i want to Allow only some GROUPS to login and DENY the others how
would i do it.

For example i have security GROUPS S_A,S_B,S_V and i want all user to
login but if they are not if the following groups above they should be
denied.
How should the WEB CONFIG look like.
Thanks alot.
This ine below doesn't work!!
<deny users="?"/>
<allow users="?"
roles="S_A,S_B,S_V"//>


*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!