impersonating windows authenticated user?

[Jamie]

I have a asp.net web application that i wrote for internal use in my
company. The problem i'm having is being able to test the application as
other users see it. The security for the asp.net app is Windows
Authentication. I'd like to be able to (for testing purposes) impersonate
another user so i can see things as they see them. I don't want to have to
change all of my active directory permissions to match their permissions,
that's not an option. Also, there is no way i can test certain features of
the application without being logged in as some specific users. I'm sure i
could do this if i wrote my own IsInRole method and passed in a username of
my choice and an active directory group and then interfaced with active
directory myself, but i was hoping there is an easier way that affects less
existing code.

Is there a way to stuff Page.User with an impersonated windows user? If so,
how would i create a valid impersonated windows user?


Thanks,
Jamie

[Hernan de Lahitte]

Hi,

Have you tried using IIS Basic Authentication? I think this is the fastest
way of doing this.

--
Hernan de Lahitte
Lagash Systems S.A.




"Jamie" <spammerssuck@nospam.com> wrote in message
news:eAQVohy7DHA.2644@TK2MSFTNGP11.phx.gbl...

> I have a asp.net web application that i wrote for internal use in my
> company. The problem i'm having is being able to test the application as
> other users see it. The security for the asp.net app is Windows
> Authentication. I'd like to be able to (for testing purposes) impersonate
> another user so i can see things as they see them. I don't want to have

to

> change all of my active directory permissions to match their permissions,
> that's not an option. Also, there is no way i can test certain features of
> the application without being logged in as some specific users. I'm sure

i

> could do this if i wrote my own IsInRole method and passed in a username

of

> my choice and an active directory group and then interfaced with active
> directory myself, but i was hoping there is an easier way that affects

less

> existing code.
>
> Is there a way to stuff Page.User with an impersonated windows user? If

so,

> how would i create a valid impersonated windows user?
>
>
> Thanks,
> Jamie
>
>

[Jamie]

Thanks for the suggestion. But that won't work. We need to use the more
secure Windows Authentication.


"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:OwmVqF07DHA.488@TK2MSFTNGP12.phx.gbl...

> Hi,
>
> Have you tried using IIS Basic Authentication? I think this is the fastest
> way of doing this.
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
>
>
>
>
> "Jamie" <spammerssuck@nospam.com> wrote in message
> news:eAQVohy7DHA.2644@TK2MSFTNGP11.phx.gbl...

> > I have a asp.net web application that i wrote for internal use in my
> > company. The problem i'm having is being able to test the application as
> > other users see it. The security for the asp.net app is Windows
> > Authentication. I'd like to be able to (for testing purposes)

impersonate

> > another user so i can see things as they see them. I don't want to have

> to

> > change all of my active directory permissions to match their

permissions,

> > that's not an option. Also, there is no way i can test certain features

of

> > the application without being logged in as some specific users. I'm

sure

> i

> > could do this if i wrote my own IsInRole method and passed in a username

> of

> > my choice and an active directory group and then interfaced with active
> > directory myself, but i was hoping there is an easier way that affects

> less

> > existing code.
> >
> > Is there a way to stuff Page.User with an impersonated windows user? If

> so,

> > how would i create a valid impersonated windows user?
> >
> >
> > Thanks,
> > Jamie
> >
> >

>
>

[Joe Kaplan \(MVP - ADSI\)]

It is possible to change your IE settings so that Integrated authentication
always prompts for credentials instead of just passing in the default
credentials of the current user.

Maybe that would help with your testing. You will still need to be able to
get the credentials of different users to do testing. You need a user's
credentials to create a token in Windows.

Joe K.

"Jamie" <spammerssuck@nospam.com> wrote in message
news:%23rE$6J17DHA.1504@TK2MSFTNGP12.phx.gbl...

> Thanks for the suggestion. But that won't work. We need to use the more
> secure Windows Authentication.
>
>
> "Hernan de Lahitte" <hernan@lagash.com> wrote in message
> news:OwmVqF07DHA.488@TK2MSFTNGP12.phx.gbl...

> > Hi,
> >
> > Have you tried using IIS Basic Authentication? I think this is the

fastest

> > way of doing this.
> >
> > --
> > Hernan de Lahitte
> > Lagash Systems S.A.
> >
> >
> >
> >
> > "Jamie" <spammerssuck@nospam.com> wrote in message
> > news:eAQVohy7DHA.2644@TK2MSFTNGP11.phx.gbl...

> > > I have a asp.net web application that i wrote for internal use in my
> > > company. The problem i'm having is being able to test the application

as

> > > other users see it. The security for the asp.net app is Windows
> > > Authentication. I'd like to be able to (for testing purposes)

> impersonate

> > > another user so i can see things as they see them. I don't want to

have

> > to

> > > change all of my active directory permissions to match their

> permissions,

> > > that's not an option. Also, there is no way i can test certain

features

> of

> > > the application without being logged in as some specific users. I'm

> sure

> > i

> > > could do this if i wrote my own IsInRole method and passed in a

username

> > of

> > > my choice and an active directory group and then interfaced with

active

> > > directory myself, but i was hoping there is an easier way that affects

> > less

> > > existing code.
> > >
> > > Is there a way to stuff Page.User with an impersonated windows user?

If

> > so,

> > > how would i create a valid impersonated windows user?
> > >
> > >
> > > Thanks,
> > > Jamie
> > >
> > >

> >
> >

>
>

[Jamie]

Yeah, that's what i figured. That won't really help either as getting users
passwords isn't an option. I'll just use my own IsInRole method where i pass
in the users login which i'll supply if i'm testing and use
Page.User.Identity.Name otherwise.

Thanks.


"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:%2334ZDR17DHA.2472@TK2MSFTNGP10.phx.gbl...

> It is possible to change your IE settings so that Integrated

authentication

> always prompts for credentials instead of just passing in the default
> credentials of the current user.
>
> Maybe that would help with your testing. You will still need to be able

to

> get the credentials of different users to do testing. You need a user's
> credentials to create a token in Windows.
>
> Joe K.
>
> "Jamie" <spammerssuck@nospam.com> wrote in message
> news:%23rE$6J17DHA.1504@TK2MSFTNGP12.phx.gbl...

> > Thanks for the suggestion. But that won't work. We need to use the more
> > secure Windows Authentication.
> >
> >
> > "Hernan de Lahitte" <hernan@lagash.com> wrote in message
> > news:OwmVqF07DHA.488@TK2MSFTNGP12.phx.gbl...

> > > Hi,
> > >
> > > Have you tried using IIS Basic Authentication? I think this is the

> fastest

> > > way of doing this.
> > >
> > > --
> > > Hernan de Lahitte
> > > Lagash Systems S.A.
> > >
> > >
> > >
> > >
> > > "Jamie" <spammerssuck@nospam.com> wrote in message
> > > news:eAQVohy7DHA.2644@TK2MSFTNGP11.phx.gbl...
> > > > I have a asp.net web application that i wrote for internal use in my
> > > > company. The problem i'm having is being able to test the

application

> as

> > > > other users see it. The security for the asp.net app is Windows
> > > > Authentication. I'd like to be able to (for testing purposes)

> > impersonate

> > > > another user so i can see things as they see them. I don't want to

> have

> > > to
> > > > change all of my active directory permissions to match their

> > permissions,

> > > > that's not an option. Also, there is no way i can test certain

> features

> > of

> > > > the application without being logged in as some specific users. I'm

> > sure

> > > i
> > > > could do this if i wrote my own IsInRole method and passed in a

> username

> > > of
> > > > my choice and an active directory group and then interfaced with

> active

> > > > directory myself, but i was hoping there is an easier way that

affects

> > > less
> > > > existing code.
> > > >
> > > > Is there a way to stuff Page.User with an impersonated windows user?

> If

> > > so,
> > > > how would i create a valid impersonated windows user?
> > > >
> > > >
> > > > Thanks,
> > > > Jamie
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[Ken Schaefer]

There's no way you'd be able to impersonate someone without having their
credentials. Otherwise you could impersonate a Domain Administrator or
Enterprise Administrator account, and do whatever you wanted and there's no
real way of having it tracked back to you! :-)

Maybe ask your administrators to create some dummy accounts that have the
types of permissions that you want, and you could use those.

Cheers
Ken

"Jamie" <spammerssuck@nospam.com> wrote in message
news:%23lzJrV17DHA.696@tk2msftngp13.phx.gbl...
: Yeah, that's what i figured. That won't really help either as getting
users
: passwords isn't an option. I'll just use my own IsInRole method where i
pass
: in the users login which i'll supply if i'm testing and use
: Page.User.Identity.Name otherwise.
:
: Thanks.
:
:
: "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
: in message news:%2334ZDR17DHA.2472@TK2MSFTNGP10.phx.gbl...
: > It is possible to change your IE settings so that Integrated
: authentication
: > always prompts for credentials instead of just passing in the default
: > credentials of the current user.
: >
: > Maybe that would help with your testing. You will still need to be able
: to
: > get the credentials of different users to do testing. You need a user's
: > credentials to create a token in Windows.
: >
: > Joe K.
: >
: > "Jamie" <spammerssuck@nospam.com> wrote in message
: > news:%23rE$6J17DHA.1504@TK2MSFTNGP12.phx.gbl...
: > > Thanks for the suggestion. But that won't work. We need to use the
more
: > > secure Windows Authentication.
: > >
: > >
: > > "Hernan de Lahitte" <hernan@lagash.com> wrote in message
: > > news:OwmVqF07DHA.488@TK2MSFTNGP12.phx.gbl...
: > > > Hi,
: > > >
: > > > Have you tried using IIS Basic Authentication? I think this is the
: > fastest
: > > > way of doing this.
: > > >
: > > > --
: > > > Hernan de Lahitte
: > > > Lagash Systems S.A.
: > > >
: > > >
: > > >
: > > >
: > > > "Jamie" <spammerssuck@nospam.com> wrote in message
: > > > news:eAQVohy7DHA.2644@TK2MSFTNGP11.phx.gbl...
: > > > > I have a asp.net web application that i wrote for internal use in
my
: > > > > company. The problem i'm having is being able to test the
: application
: > as
: > > > > other users see it. The security for the asp.net app is Windows
: > > > > Authentication. I'd like to be able to (for testing purposes)
: > > impersonate
: > > > > another user so i can see things as they see them. I don't want
to
: > have
: > > > to
: > > > > change all of my active directory permissions to match their
: > > permissions,
: > > > > that's not an option. Also, there is no way i can test certain
: > features
: > > of
: > > > > the application without being logged in as some specific users.
I'm
: > > sure
: > > > i
: > > > > could do this if i wrote my own IsInRole method and passed in a
: > username
: > > > of
: > > > > my choice and an active directory group and then interfaced with
: > active
: > > > > directory myself, but i was hoping there is an easier way that
: affects
: > > > less
: > > > > existing code.
: > > > >
: > > > > Is there a way to stuff Page.User with an impersonated windows
user?
: > If
: > > > so,
: > > > > how would i create a valid impersonated windows user?
: > > > >
: > > > >
: > > > > Thanks,
: > > > > Jamie
: > > > >
: > > > >
: > > >
: > > >
: > >
: > >
: >
: >
:
: