Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

"Impersonating" session in a web service call

I am trying to write a web service that returns session variables. The application that calls this web service has access to the the Session ID of the current session.

I tried doing this by creating a "ASPNet_SessionID" cookie and then attaching setting it as the cookie container of a proxy class to the web service but that does not work. I did this like so,

 protected void CallService(string sessionID)
    {
        localhost.AuthService auths = new localhost.AuthService(); //Service Proxy class
        System.Net.CookieContainer cookieJar = new System.Net.CookieContainer();


        System.Net.Cookie newCookie = new System.Net.Cookie("ASPNet_SessionID", sessionID);
        newCookie.Domain = "http://localhost";
        cookieJar.Add(newCookie);
        auths.CookieContainer = cookieJar;


        string SessionData = auths.GetSessionData();

The GetSessionData web method simply returns the Session data like so:

[WebMethod(EnableSession=true)]
public string GetSessionData(string sessionID) {return ((string)Session["user"]);}

Should this approach work, or am I doing something completely wrong?

UPD:This link actually solved my problem - I was able to access all the sessions InProc and was able to select the correct one by ID:

http://weblogs.asp.net/imranbaloch/archive/2010/04/05/reading-all-users-session.aspx

like image 861
Matt Kagan Avatar asked Jul 21 '11 20:07

Matt Kagan


People also ask

What does impersonation do when used within a service?

Impersonation is the ability of a server application to take on the identity of the client. It is common for services to use impersonation when validating access to resources.

What is server impersonation?

With impersonation enabled, a server can run protocols under the client's user account instead of the server account. Clients can then use their network security credentials, instead of the server account credentials, to access network resources with exactly the privileges assigned to their user's account.

What is impersonation in authentication?

Impersonation is the process of assigning a user account to an unknown user.

What is the difference between impersonation and delegation?

Impersonation allows the service to act as the client while performing the action. Delegation allows a front-end service to forward the client's request to a back-end service in such a way that the back-end service can also impersonate the client.


1 Answers

"I am trying to enable a third party application to see what user is logged on to my website."

To achieve this goal you would be far better to use ASP.NET Membership over Session to track users.

Then, to see logged-in status you can simply do this:

bool isLoggedIn = Membership.GetUser("Joe.User").IsOnline;
like image 135
saille Avatar answered Oct 08 '22 22:10

saille