WindowsAuthentication from code

[Alan Mendelevich]

Hi,

I'm trying to build a login system where users login via web form, but then
they are logged in as they would with windows authentication only not
involving chalenge/response or basic authentication. I was able to login
user via LogonUser() function and to get WindowsIdentity and
WindowsPrincipal objects. But when I assign WindowsPrincipal object to the
HttpContext.Current.User property it get's assigned
(HttpContext.Current.User.Identity.Name becomes the name of the user and
IsAuthenticated becomes true) but lasts only for the current request. For
the next request HttpContext.Current.User.Identity.Name is Anonymous and
IsAuthenticated is false.

What should I do for this authentication to persist across requests?

Thanks in advance for your help!

Best regards,
Alan Mendelevich

[MS Newsgroups]

This is how i done it:

Logon using API call to get a token, create a new WindowsIdentity Object and
create a new Windows principal

Add the principal to the session with

session.add("AuthID", ctype(myNewPrincipal,object))

Change userID for this call with:

context.User = CType(Session.Item("AuthID"), WindowsPrincipal)

Then i use global.asax to change the identity for every request

Private Sub Global_PreRequestHandlerExecute(ByVal sender As Object, ByVal e
As System.EventArgs) Handles MyBase.PreRequestHandlerExecute

If Not Session.Item("AuthIdentity") Is Nothing Then
Context.User = CType(Session.Item("AuthIdentity"),
WindowsPrincipal)
End If

What i have also done, but not included here, is that i save the anonymous
principal to the session before switching, so i can switch back if i would
like the user to be able to perform a log off and continue as anonymous

Any questions,

Let me know

Niclas Lindblom


"Alan Mendelevich" <ng@ailon.org> wrote in message
news:OpjxwrjkDHA.2068@TK2MSFTNGP09.phx.gbl...

> Hi,
>
> I'm trying to build a login system where users login via web form, but

then

> they are logged in as they would with windows authentication only not
> involving chalenge/response or basic authentication. I was able to login
> user via LogonUser() function and to get WindowsIdentity and
> WindowsPrincipal objects. But when I assign WindowsPrincipal object to the
> HttpContext.Current.User property it get's assigned
> (HttpContext.Current.User.Identity.Name becomes the name of the user and
> IsAuthenticated becomes true) but lasts only for the current request. For
> the next request HttpContext.Current.User.Identity.Name is Anonymous and
> IsAuthenticated is false.
>
> What should I do for this authentication to persist across requests?
>
> Thanks in advance for your help!
>
> Best regards,
> Alan Mendelevich
>
>

[Alan Mendelevich]

Hi Niclas,

Thanks for the quick reply! As far as I can tell from the code it still is a
workaround. I mean IIS doesn't know that something like windows
authentication occured. What I try to achieve in the long run is that when
users access non-asp.net content protected by IIS with windows
authentication they don't have to enter login information once more.

Best regards,
Alan.

"MS Newsgroups" <nospam@nospam.com> wrote in message
news:uNcIF3kkDHA.372@TK2MSFTNGP11.phx.gbl...

> This is how i done it:
>
> Logon using API call to get a token, create a new WindowsIdentity Object

and

> create a new Windows principal
>
> Add the principal to the session with
>
> session.add("AuthID", ctype(myNewPrincipal,object))
>
> Change userID for this call with:
>
> context.User = CType(Session.Item("AuthID"), WindowsPrincipal)
>
> Then i use global.asax to change the identity for every request
>
> Private Sub Global_PreRequestHandlerExecute(ByVal sender As Object, ByVal

e

> As System.EventArgs) Handles MyBase.PreRequestHandlerExecute
>
> If Not Session.Item("AuthIdentity") Is Nothing Then
> Context.User = CType(Session.Item("AuthIdentity"),
> WindowsPrincipal)
> End If
>
> What i have also done, but not included here, is that i save the anonymous
> principal to the session before switching, so i can switch back if i would
> like the user to be able to perform a log off and continue as anonymous
>
> Any questions,
>
> Let me know
>
> Niclas Lindblom
>
>
> "Alan Mendelevich" <ng@ailon.org> wrote in message
> news:OpjxwrjkDHA.2068@TK2MSFTNGP09.phx.gbl...

> > Hi,
> >
> > I'm trying to build a login system where users login via web form, but

> then

> > they are logged in as they would with windows authentication only not
> > involving chalenge/response or basic authentication. I was able to login
> > user via LogonUser() function and to get WindowsIdentity and
> > WindowsPrincipal objects. But when I assign WindowsPrincipal object to

the

> > HttpContext.Current.User property it get's assigned
> > (HttpContext.Current.User.Identity.Name becomes the name of the user and
> > IsAuthenticated becomes true) but lasts only for the current request.

For

> > the next request HttpContext.Current.User.Identity.Name is Anonymous and
> > IsAuthenticated is false.
> >
> > What should I do for this authentication to persist across requests?
> >
> > Thanks in advance for your help!
> >
> > Best regards,
> > Alan Mendelevich
> >
> >

>
>

[MS Newsgroups]

I agree on that, I have been trying to use impersonation to get the user to
proper WindowsIdentity as seen from IIS but i can not get this to work.

I was thinking a concept like this:

Dim myToken as intPtr

mytoken=logonuser bla bla API call

Dim myNewID as new WindowsIdentity(mytoken)

Dim myNewContext as WindowsImpersonationContext

myNewContext=myNewID.impersonate

I have tested this and also the sample for how to imperonate a specific user
in

[url]http://support.microsoft.com/default.aspx?scid=306158[/url]

But i get an "Impersonation Failure" thrown when the contxt is about to
switch. I have given ASPNET account the "Act as part of operating system"
right add added the identity impersonate tag in web.config.

Let me know what you think, or if you have any success with this

Thanks

Niclas


"Alan Mendelevich" <ng@ailon.org> wrote in message
news:eZsPtClkDHA.2312@TK2MSFTNGP12.phx.gbl...

> Hi Niclas,
>
> Thanks for the quick reply! As far as I can tell from the code it still is

a

> workaround. I mean IIS doesn't know that something like windows
> authentication occured. What I try to achieve in the long run is that when
> users access non-asp.net content protected by IIS with windows
> authentication they don't have to enter login information once more.
>
> Best regards,
> Alan.
>
> "MS Newsgroups" <nospam@nospam.com> wrote in message
> news:uNcIF3kkDHA.372@TK2MSFTNGP11.phx.gbl...

> > This is how i done it:
> >
> > Logon using API call to get a token, create a new WindowsIdentity Object

> and

> > create a new Windows principal
> >
> > Add the principal to the session with
> >
> > session.add("AuthID", ctype(myNewPrincipal,object))
> >
> > Change userID for this call with:
> >
> > context.User = CType(Session.Item("AuthID"), WindowsPrincipal)
> >
> > Then i use global.asax to change the identity for every request
> >
> > Private Sub Global_PreRequestHandlerExecute(ByVal sender As Object,

ByVal

> e

> > As System.EventArgs) Handles MyBase.PreRequestHandlerExecute
> >
> > If Not Session.Item("AuthIdentity") Is Nothing Then
> > Context.User = CType(Session.Item("AuthIdentity"),
> > WindowsPrincipal)
> > End If
> >
> > What i have also done, but not included here, is that i save the

anonymous

> > principal to the session before switching, so i can switch back if i

would

> > like the user to be able to perform a log off and continue as anonymous
> >
> > Any questions,
> >
> > Let me know
> >
> > Niclas Lindblom
> >
> >
> > "Alan Mendelevich" <ng@ailon.org> wrote in message
> > news:OpjxwrjkDHA.2068@TK2MSFTNGP09.phx.gbl...

> > > Hi,
> > >
> > > I'm trying to build a login system where users login via web form, but

> > then

> > > they are logged in as they would with windows authentication only not
> > > involving chalenge/response or basic authentication. I was able to

login

> > > user via LogonUser() function and to get WindowsIdentity and
> > > WindowsPrincipal objects. But when I assign WindowsPrincipal object to

> the

> > > HttpContext.Current.User property it get's assigned
> > > (HttpContext.Current.User.Identity.Name becomes the name of the user

and

> > > IsAuthenticated becomes true) but lasts only for the current request.

> For

> > > the next request HttpContext.Current.User.Identity.Name is Anonymous

and

> > > IsAuthenticated is false.
> > >
> > > What should I do for this authentication to persist across requests?
> > >
> > > Thanks in advance for your help!
> > >
> > > Best regards,
> > > Alan Mendelevich
> > >
> > >

> >
> >

>
>

[Alan Mendelevich]

I think impersonation is not really what is needed here. As far as I
understand impersonation makes it look like asp.net process is running under
different identity than it's actually is. After putting some thought into
whole this situation I'm leaning toward the conclusion that this kind of a
problem could not be solved. I think that in whole this windows
authentication process not only server but browser should also know that
some authentication has happened. At least in the case of basic
authentication actually browser sends credentials with every request no
matter that the logon dialog is shown only once. So if we "fake" windows
authentication on the server and browser knows nothing about it, then next
request is sent from the browser like nothing happened.

All these are just some random thoughts and I might be wrong. Maybe it's
possible to send some header back to the browser or something like that.
Please, let me know if you find any solution, and I'll let you know if I do.

Best regards,
Alan.

"MS Newsgroups" <nospam@nospam.com> wrote in message
news:OFpWoVlkDHA.1728@TK2MSFTNGP11.phx.gbl...

> I agree on that, I have been trying to use impersonation to get the user

to

> proper WindowsIdentity as seen from IIS but i can not get this to work.
>
> I was thinking a concept like this:
>
> Dim myToken as intPtr
>
> mytoken=logonuser bla bla API call
>
> Dim myNewID as new WindowsIdentity(mytoken)
>
> Dim myNewContext as WindowsImpersonationContext
>
> myNewContext=myNewID.impersonate
>
> I have tested this and also the sample for how to imperonate a specific

user

> in
>
> [url]http://support.microsoft.com/default.aspx?scid=306158[/url]
>
> But i get an "Impersonation Failure" thrown when the contxt is about to
> switch. I have given ASPNET account the "Act as part of operating system"
> right add added the identity impersonate tag in web.config.
>
> Let me know what you think, or if you have any success with this
>
> Thanks
>
> Niclas
>
>
> "Alan Mendelevich" <ng@ailon.org> wrote in message
> news:eZsPtClkDHA.2312@TK2MSFTNGP12.phx.gbl...

> > Hi Niclas,
> >
> > Thanks for the quick reply! As far as I can tell from the code it still

is

> a

> > workaround. I mean IIS doesn't know that something like windows
> > authentication occured. What I try to achieve in the long run is that

when

> > users access non-asp.net content protected by IIS with windows
> > authentication they don't have to enter login information once more.
> >
> > Best regards,
> > Alan.
> >
> > "MS Newsgroups" <nospam@nospam.com> wrote in message
> > news:uNcIF3kkDHA.372@TK2MSFTNGP11.phx.gbl...

> > > This is how i done it:
> > >
> > > Logon using API call to get a token, create a new WindowsIdentity

Object

> > and

> > > create a new Windows principal
> > >
> > > Add the principal to the session with
> > >
> > > session.add("AuthID", ctype(myNewPrincipal,object))
> > >
> > > Change userID for this call with:
> > >
> > > context.User = CType(Session.Item("AuthID"), WindowsPrincipal)
> > >
> > > Then i use global.asax to change the identity for every request
> > >
> > > Private Sub Global_PreRequestHandlerExecute(ByVal sender As Object,

> ByVal

> > e

> > > As System.EventArgs) Handles MyBase.PreRequestHandlerExecute
> > >
> > > If Not Session.Item("AuthIdentity") Is Nothing Then
> > > Context.User = CType(Session.Item("AuthIdentity"),
> > > WindowsPrincipal)
> > > End If
> > >
> > > What i have also done, but not included here, is that i save the

> anonymous

> > > principal to the session before switching, so i can switch back if i

> would

> > > like the user to be able to perform a log off and continue as

anonymous

> > >
> > > Any questions,
> > >
> > > Let me know
> > >
> > > Niclas Lindblom
> > >
> > >
> > > "Alan Mendelevich" <ng@ailon.org> wrote in message
> > > news:OpjxwrjkDHA.2068@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > I'm trying to build a login system where users login via web form,

but

> > > then
> > > > they are logged in as they would with windows authentication only

not

> > > > involving chalenge/response or basic authentication. I was able to

> login

> > > > user via LogonUser() function and to get WindowsIdentity and
> > > > WindowsPrincipal objects. But when I assign WindowsPrincipal object

to

> > the

> > > > HttpContext.Current.User property it get's assigned
> > > > (HttpContext.Current.User.Identity.Name becomes the name of the user

> and

> > > > IsAuthenticated becomes true) but lasts only for the current

request.

> > For

> > > > the next request HttpContext.Current.User.Identity.Name is Anonymous

> and

> > > > IsAuthenticated is false.
> > > >
> > > > What should I do for this authentication to persist across requests?
> > > >
> > > > Thanks in advance for your help!
> > > >
> > > > Best regards,
> > > > Alan Mendelevich
> > > >
> > > >
> > >
> > >

> >
> >

>
>