WEB FORM --> DOMAIN USER AUTHENTICATION

[Ty Millwee]

Microsoft Knowledge Base Article - 306158
[[url]http://support.microsoft.com/default.aspx?scid=kb;en-[/url]
us;306158] shows a method to impersonate a specific user
in code via a web form.

The trouble is that the impersonation isn't being
persisted accost the web application. Once the user moves
onto the next page they are back in the NT
AUTHORITY\SYSTEM security context.

The desired scenario is:
1.) The user must enter there DOMAIN account username &
password into a WEB FORM (can't have the network logon
prompt popup).

2.) The application must run in this users security
context as long as they are 'IN' the application. So every
page the user accesses within the application runs under
their security context.

----------------------------------------------
Subject: RE: Domain Authentication via Web Form -
PERSISTANCE?
From: "Wei-Dong Xu [MSFT]" <v-wdxu@online.microsoft.com>
Sent: 8/7/2003 7:44:58 PM

Hi Ty,

In IIS6, if you choose the IIS6 worker process isolcation
mode(WPIM) to run
asp.net, the asp.net web application will run in a worker
process and the
application will decide how to impersonate the process. If
you select the
IIS5 isolation mode to execute the asp.net application,
the application
will run in aspnet process. The applicaiton will decide
his own entity as
well.

It appears that this is a ASP.net develop issue, not IIS.
To better serve
you, the Asp.net support team has created a aspnet
newsgroup for you. I
think these asp.net experts will help you a lot on this
issue. Please go to:
Microsoft.public.dotnet.framework.aspnet

Does this answer your question? Thank you for using
Microsoft NewsGroup!

Wei-Dong Xu
Microsoft Product Support Services
Get Secure! - [url]www.microsoft.com/security[/url]
This posting is provided "AS IS" with no warranties, and
confers no rights."
----------------------------------------------

[Yan-Hong Huang[MSFT]]

Hello Ty,

Thanks for posting in the group.

The KB article that you mentioned introduces some methods for impersonation in asp.net. If we want to enable asp.net
impersonation in the whole web app, we need to set it in web.config file. Coding it in a web form only enables it in this web
page.

After reviewing your post, I think what you need is a login page and logout page and you want to associate uses with domain
users. If so, I think you need to use form authentication method in the web application. Please refer to:
"Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication"
[url]http://msdn.microsoft.com/vcsharp/downloads/samples/default.aspx?pull=/library/en-us/dnnetsec/html/secnetht02.asp[/url]

Hope that helps.

Best regards,
Yanhong Huang
Microsoft Online Partner Support

Get Secure! - [url]www.microsoft.com/security[/url]
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
!Content-Class: urn:content-classes:message
!From: "Ty Millwee" <tmillwee@arclightsystems.com>
!Sender: "Ty Millwee" <tmillwee@arclightsystems.com>
!Subject: WEB FORM --> DOMAIN USER AUTHENTICATION
!Date: Fri, 8 Aug 2003 12:38:39 -0700
!Lines: 58
!Message-ID: <01e801c35de4$aa87a990$a401280a@phx.gbl>
!MIME-Version: 1.0
!Content-Type: text/plain;
! charset="iso-8859-1"
!Content-Transfer-Encoding: 7bit
!X-Newsreader: Microsoft CDO for Windows 2000
!X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
!Thread-Index: AcNd5KqHAKRIhAGCQO+/UzVa2CgdIw==
!Newsgroups: microsoft.public.dotnet.framework.aspnet.security
!Path: cpmsftngxa06.phx.gbl
!Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security: 6194
!NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
!X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
!
!Microsoft Knowledge Base Article - 306158
![[url]http://support.microsoft.com/default.aspx?scid=kb;en-[/url]
!us;306158] shows a method to impersonate a specific user
!in code via a web form.
!
!The trouble is that the impersonation isn't being
!persisted accost the web application. Once the user moves
!onto the next page they are back in the NT
!AUTHORITY\SYSTEM security context.
!
!The desired scenario is:
!1.) The user must enter there DOMAIN account username &
!password into a WEB FORM (can't have the network logon
!prompt popup).
!
!2.) The application must run in this users security
!context as long as they are 'IN' the application. So every
!page the user accesses within the application runs under
!their security context.
!
!----------------------------------------------
! Subject: RE: Domain Authentication via Web Form -
!PERSISTANCE?
! From: "Wei-Dong Xu [MSFT]" <v-wdxu@online.microsoft.com>
!Sent: 8/7/2003 7:44:58 PM
!
!Hi Ty,
!
!In IIS6, if you choose the IIS6 worker process isolcation
!mode(WPIM) to run
!asp.net, the asp.net web application will run in a worker
!process and the
!application will decide how to impersonate the process. If
!you select the
!IIS5 isolation mode to execute the asp.net application,
!the application
!will run in aspnet process. The applicaiton will decide
!his own entity as
!well.
!
!It appears that this is a ASP.net develop issue, not IIS.
!To better serve
!you, the Asp.net support team has created a aspnet
!newsgroup for you. I
!think these asp.net experts will help you a lot on this
!issue. Please go to:
!Microsoft.public.dotnet.framework.aspnet
!
!Does this answer your question? Thank you for using
!Microsoft NewsGroup!
!
!Wei-Dong Xu
!Microsoft Product Support Services
!Get Secure! - [url]www.microsoft.com/security[/url]
!This posting is provided "AS IS" with no warranties, and
!confers no rights."
!----------------------------------------------
!
!