Menu
I'm writing an Intranet application. Target framework in project.json is dnx451. That's my publishing command:
dnu publish --runtime dnx-clr-win-x86.1.0.0-rc1-update1 --no-source
Database Connection string:
Server=name;Database=name;Trusted_Connection=True;
I'm trying to impersonate the database access but it's not working. When I start the application my windows user is recognized and it says Hello, Domain\Username on top right. As soon as I try to access the database I get the error "Login failed for user Domain\Computername". If I run the application pool under my user then everything works fine.
IIS: .NET CLR Versio is v4.0, Managed Pipline Mode Classic and Identity is ApplicationPoolIdentity. Website authentications: ASP.NET Impersonation and Windows Authentication are enabled.
What do I need to change that impersonation is finally working?
899
Impersonation is the process of executing code in the context of another user identity. By default, all ASP.NET code is executed using a fixed machine-specific account. To execute code using another identity we can use the built-in impersonation capabilities of ASP.NET.
Impersonate method to retrieve a WindowsImpersonationContext object. This object implements IDisposable , so generally should be called from a using block. using (WindowsImpersonationContext context = WindowsIdentity. Impersonate(userHandle)) { // do whatever you want as this user. }
In the application's Web. config file, set the impersonate attribute in the identity element to true. Set the NTFS access control list (ACL) for the ManagerInformation directory to allow access to only those identities that are in the Windows Manager group and any required system accounts.
Core does not support impersonation because all web code is out of proc, hosted by Kestrel. If you want to do it you need to take the current Principal, as a WindowsPrincipal, then manually impersonate at the point where you need it.
One thing to note is that in RC1 you don't get a WindowsPrincipal, so you can't do this right now. It'll be fixed in RC2.
102
If you want every page request to impersonate the user, you can configure your own Middleware to run before MVC;
public class Impersonate
{
private readonly RequestDelegate next;
public Impersonate(RequestDelegate next) {
this.next = next;
}
public async Task Invoke(HttpContext context) {
var winIdent = context.User.Identity as WindowsIdentity;
if (winIdent == null) {
await next.Invoke(context);
}else {
WindowsIdentity.RunImpersonated(winIdent.AccessToken, () => {
next.Invoke(context).Wait();
});
}
}
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) {
....
app.UseMiddleware<Impersonate>();
app.UseMvc(...);
...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
