Last post Feb 12, 2020 10:44 PM by WhyallBen
Feb 12, 2020 10:44 PM|WhyallBen|LINK
I have a web application, hosted on IIS on windows 2016, it uses forms authentication validating against an active directory, as we need to do some client certificate checking.
When the user logs in all appears to be running as them, until the system makes a database call, when it logs in using integrated security as the user account running the application pool.
When I try and do any imperosnation using WindowsIdenty.Impersonate it fails to make the database call trying with ntauthority/anonymous user.
All the examples I can find seem to want to use the unmanaged LogonUser, which needs the password to logon and get the token. We don't want to have to store the clients password somewhere for the duration of the session.
Thanks for any help