Last post Nov 05, 2008 09:23 AM by renMike
Nov 03, 2008 01:55 PM|renMike|LINK
My ASP.NET app needs to make a security call against an authorization store (in this case AzMan). I've been told that using the users windows token is a far more efficient method than using their name as the token holds much of the required information already.
My solution works fine on my development server as it's logged on as me, but when I publish it to a test server it fails as no-one is logged on so it assumes the identity of the service account. What I would like to be able to do is pass the token of the requesting
web user to the store to have it authenticate that.
I guess i'm gonna need to have impersonation set to true on the application so that it thinks it is running under the users credentials rather than the application pools?
Any ideas how I get hold of the current users token?
Nov 05, 2008 09:23 AM|renMike|LINK
Impersonation was the way forward. I needed to set <identity impersonate="true"/> in my applications web.config and then configure the ADAM
and AzMan stores to allow read access to both NETWORK SERVICE and our domain user group. Having made these changes I needn't find the current users token as it recognised the current user anyway.
It does now cause me a problem when attempting to use a named user, but that's a topic for another discussion.