ASP.NET ASP.NET code for the page is working, although impersonation is disabled

Question

ASP.NET ASP.NET code for the page is working, although impersonation is disabled

I have a test application created in VS 2005 as an ASP.NET application. MSDN says that

By default, ASP.NET does not use impersonation, and your code is executed using the ASP.NET application process ID.

And I have the following web.config

<configuration>

    <appSettings/>
    <connectionStrings/>

    <system.web>
        <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
        <compilation debug="true" defaultLanguage="c#" />
        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
        <authentication mode="Windows"/>
        <identity impersonate="false"/>
        <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    </system.web>
</configuration>

So, it seems that impersonation is disabled in the same way as the proposed article .

My aspx is empty by default, and codebehind

namespace TestWebapp
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            System.Diagnostics.Debug.WriteLine(String.Format("Before1: Current Princupal = {0}", Thread.CurrentPrincipal.Identity.Name));
            WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);
            try
            {
                int a = 0;
                System.Diagnostics.Debug.WriteLine(String.Format("After: Current Princupal = {0}", Thread.CurrentPrincipal.Identity.Name));
            } finally
            {
                ctx.Undo();
            }

        }
    }
}

When I reload the page, I get the following debug output:

[5288] Before1: Current Princupal = DOMAIN \ User [5288] After: Current Princupal = DOMAIN \ User

Result matches

<identity impersonate="false"/>

- NETWORK SERVICE . , web.config, , w3p.exe NETWORK SERVICE.

?

!

@Edit: , ! $user , , : , NT AUTHORITY\NETWORK SERVICE, DOMAIN\User WindowsIdentity.Impersonate(IntPtr.Zero) "No Token. Thread ". . Thread.CurrentPrincipal.Identity.Name HttpContext.Current.User.Identity.Name - DOMAIN\User .

@Edit: , Thread.CurrentPrincipal HttpContext.Current.User :

Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
HttpContext.Current.User = Thread.CurrentPrincipal;

, , . sharepoint shared services, , .

+3

authentication asp.net impersonation

axk 29 . '08 16:49

3

Rob Stevenson-Leggett · Answer 1 · 2008-10-29T16:58:16+0000

, , :

Debug $user , .

, :

// Declare the logon types as constants
const long LOGON32_LOGON_INTERACTIVE = 2;
const long LOGON32_LOGON_NETWORK = 3;

// Declare the logon providers as constants
const long LOGON32_PROVIDER_DEFAULT = 0;
const long LOGON32_PROVIDER_WINNT50 = 3;
const long LOGON32_PROVIDER_WINNT40 = 2;
const long LOGON32_PROVIDER_WINNT35 = 1;

[DllImport("advapi32.dll", EntryPoint = "LogonUser")]
private static extern bool LogonUser(
    string lpszUsername,
    string lpszDomain,
    string lpszPassword,
    int dwLogonType,
    int dwLogonProvider,
    ref IntPtr phToken);

public static WindowsImpersonationContext ImpersonateCurrentUserBegin(System.Net.NetworkCredential credential)
{
    WindowsImpersonationContext impersonationContext = null;
    if (credential == null || credential.UserName.Length == 0 || credential.Password.Length == 0 || credential.Domain.Length == 0)
    {
        throw new Exception("Incomplete user credentials specified");
    }
    impersonationContext = Security.Impersonate(credential);
    if (impersonationContext == null)
    {
        return null;
    }
    else
    {
        return impersonationContext;
    }
}

public static void ImpersonateCurrentUserEnd(WindowsImpersonationContext impersonationContext)
{
    if (impersonationContext != null)
    {
        impersonationContext.Undo();
    }
}

dove · Answer 2 · 2008-10-29T16:58:25+0000

HttpContext.User.Identity.Name?

, IIS, ?

, ?

kushan raj · Answer 3 · 2019-07-03T11:20:57+0000

I think I understand your problem here.

What you need to know before moving on,

While the application is running, there is a different security context. Like System.Security.Principal.WindowsIdentity.GetCurrent().Name, and System.Security.Principal.WindowsIdentity.GetCurrent().Name, which you mentioned above, i.e.System.Threading.Thread.CurrentPrincipal.Identity.Name
The web application is System.Threading.Thread.CurrentPrincipal.Identityalways provided HttpContext.Current.User.Identity.

Coming to your point. If you want to change System.Threading.Thread.CurrentPrincipal.Identity, then change HttpContext.Current.User.Identitywhich is initially provided by your authentication mechanism.

ASP.NET ASP.NET code for the page is working, although impersonation is disabled

More articles: