I am trying to write a web service that returns session variables. The application that calls this web service has access to the the Session ID of the current session.
I tried doing this by creating a "ASPNet_SessionID" cookie and then attaching setting it as the cookie container of a proxy class to the web service but that does not work. I did this like so,
protected void CallService(string sessionID)
{
localhost.AuthService auths = new localhost.AuthService(); //Service Proxy class
System.Net.CookieContainer cookieJar = new System.Net.CookieContainer();
System.Net.Cookie newCookie = new System.Net.Cookie("ASPNet_SessionID", sessionID);
newCookie.Domain = "http://localhost";
cookieJar.Add(newCookie);
auths.CookieContainer = cookieJar;
string SessionData = auths.GetSessionData();
The GetSessionData web method simply returns the Session data like so:
[WebMethod(EnableSession=true)]
public string GetSessionData(string sessionID) {return ((string)Session["user"]);}
Should this approach work, or am I doing something completely wrong?
UPD:This link actually solved my problem - I was able to access all the sessions InProc and was able to select the correct one by ID:
http://weblogs.asp.net/imranbaloch/archive/2010/04/05/reading-all-users-session.aspx
Impersonation is the ability of a server application to take on the identity of the client. It is common for services to use impersonation when validating access to resources.
With impersonation enabled, a server can run protocols under the client's user account instead of the server account. Clients can then use their network security credentials, instead of the server account credentials, to access network resources with exactly the privileges assigned to their user's account.
Impersonation is the process of assigning a user account to an unknown user.
Impersonation allows the service to act as the client while performing the action. Delegation allows a front-end service to forward the client's request to a back-end service in such a way that the back-end service can also impersonate the client.
"I am trying to enable a third party application to see what user is logged on to my website."
To achieve this goal you would be far better to use ASP.NET Membership over Session to track users.
Then, to see logged-in status you can simply do this:
bool isLoggedIn = Membership.GetUser("Joe.User").IsOnline;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With