Windows identity during asynchronous calls

[Dave Mullen]

I'm trying to access a SQL server from a thread started from an asp.net
application and get a "Cannot log into database as user null..." error. How
can I make the thread inherit the same identity as the calling process?
When I spin off the thread I have seen that it typically runs as NT
ANONYMOUS\SYSTEM (via
System.Security.Principal.WindowsIdentity.GetCurre nt().Name). I have had
intermittent success
passing the token of the calling process and impersonating it in the called
process but once in a while hit an exception when trying to impersonate.

Web Config of calling process:
<authentication mode="Forms" >
<forms name="adAuthCookie" loginUrl="_mem_bin/formslogin.aspx"
protection="All" path="/" timeout="60" ></forms>
</authentication>
<identity impersonate="true" />

Web Site Directory Security of calling process is set to Anonymous Access.
Account used for anonymous access is a user w/ permissions to our SQL Server
db. Windows Integrated Authentication is also checked.

calling asynchronous process:
ThreadPool.QueueUserWorkItem(New WaitCallback(AddressOf lfd.SubmitRequest),
System.Security.Principal.WindowsIdentity.GetCurre nt().Token)

Impersonation Logic:
Sub SubmitRequest(ByVal Token As Object)
System.Security.Principal.WindowsIdentity.Imperson ate(CType(Token,
System.IntPtr))

Thanks,

Dave

[Dave Mullen]

I'm trying to access a SQL server from a thread started from an asp.net
application and get a "Cannot log into database as user null..." error. How
can I make the thread inherit the same identity as the calling process?
When I spin off the thread I have seen that it typically runs as NT
ANONYMOUS\SYSTEM (via
System.Security.Principal.WindowsIdentity.GetCurre nt().Name). I have had
intermittent success
passing the token of the calling process and impersonating it in the called
process but once in a while hit an exception when trying to impersonate.

Web Config of calling process:
<authentication mode="Forms" >
<forms name="adAuthCookie" loginUrl="_mem_bin/formslogin.aspx"
protection="All" path="/" timeout="60" ></forms>
</authentication>
<identity impersonate="true" />

Web Site Directory Security of calling process is set to Anonymous Access.
Account used for anonymous access is a user w/ permissions to our SQL Server
db. Windows Integrated Authentication is also checked.

calling asynchronous process:
ThreadPool.QueueUserWorkItem(New WaitCallback(AddressOf lfd.SubmitRequest),
System.Security.Principal.WindowsIdentity.GetCurre nt().Token)

Impersonation Logic:
Sub SubmitRequest(ByVal Token As Object)
System.Security.Principal.WindowsIdentity.Imperson ate(CType(Token,
System.IntPtr))

Thanks,

Dave

[Tian Min Huang]

Hi Dave,

Thanks for posting in the group.

Because forms users usually are not Microsoft Windows users, they do not
have any roles associated with them by default. Thus, you must attach the
roles of the authenticating user to that user's identity so that you can
implement the role-based security inside your code.

Generally speaking, we can achieve it in Application_AuthenticateRequest
event handler in global.asax. For detailed sample codes, please refer to KB
article:
HOW TO: Implement Role-Based Security with Forms-Based Authentication in
Your ASP.NET Application by Using Visual C# .NET
[url]http://support.microsoft.com/?id=311495[/url]

Another article is also useful in this area.
HOW TO: Authenticate Against the Active Directory by Using Forms
Authentication and Visual C# .NET
[url]http://support.microsoft.com/?id=316748[/url]

Hope this help.

Regards,

HuangTM
Microsoft Online Partner Support
MCSE/MCSD

Get Secure! ¨C [url]www.microsoft.com/security[/url]
This posting is provided ¡°as is¡± with no warranties and confers no rights.