i found the solution here
http://www.leastprivilege.com/HttpLi...AndASPNET.aspx
"Enrico Sabbadin" <x> wrote in message
news:(E-Mail Removed)...
> i'm not confusing the 2 concepts , i know the difference..
> i'm just asking if authentication=windows inpersonate=true is something i
> should take care in custom web hosting , or it's something out of the box
> if
> i code properly
>
> "bruce barker" <(E-Mail Removed)> wrote in message
> news:%23wUXQ%(E-Mail Removed)...
>> you are confusing two concepts with asp.net. authentication (how the user
>> is) and thread identity (impersonation).
>>
>> authentication=windows inpersonate=true
>>
>> is telling asp.net that the windows authenication was used, and to
>> impersonate the hosts identity.
>>
>> you are coding it the same way as iis does. it impersonates the webclient
>> before accessing any resources (such as asp.net or the file system).
>>
>> -- bruce (sqlwork.com)
>>
>>
>>
>> Enrico Sabbadin wrote:
>>> Hi,
>>> I've developed in .net 2.0 a custom web server that hosts asp.net sites
>>> using the httplistener and applicationhost.createapplicationhost.
>>> When I tell to the httplistener to require authenticathion it does work,
>>> however in the the asp.net site EVEN IF I require authentication=windows
>>> / impersonate=true
>>> System.security.prinvipal.windowsidentity.getcurrent() returns the
>>> identity of the hosting process, not of the caller .. and
>>> system.threading.currentprincipal.identity.name is empty.
>>> (all works fine if I publish the same dir to IIS)
>>> What wiring am I missing to have the identity flow from the httplistener
>>> to the asp.net stack ?
>>>
>>> i managed to solve it doing an explicit impersonate before forwarding
>>> the call to the asp.net runtime , however i guess there is a better way
>>> to do it
>>>
>>> Thank you
>>>
Similar Threads
