R
Ram P. Dash
Now this is a classic. The impersonation fails for CASE I but doesn't fail
for CASE II or III.
Case I:
Client Side Code
-----------------
System.Net.NetworkCredential credential = new
System.Net.NetworkCredential("myUserName", "myPassword", "myDomain");
ServiceA a = new ServiceA();
a.Credentials = credential;
a.SomeMethod();
Server Side Code
------------------
Web.config
-----------
<authentication mode="Windows" />
<identity impersonate="true" />
ServiceA
---------
[WebMethod]
public void SomeMethod() {
// Write to share drive code (the share drive has myUserName in ACL
list, myUserName should be able to write to it)
// But it fails
}
Case II:
Everything being same if I change only the Web.config as follows, it works:
<authentication mode="Windows" />
<identity impersonate="true" userName="myDomain\myUserName"
password="myPassword" />
Case III:
Web.config
------------
<authentication mode="Windows" />
<!-- No impersonation -->
ServiceA
---------
[WebMethod]
public void SomeMethod() {
Impersonate i = new Impersonate();
i.StartImpersonate();
// Write to share drive code (the share drive has myUserName in ACL
list, myUserName should be able to write to it)
// This time it works
i.UndoImpersonate();
}
public class Impersonate {
// Usual code using the following
[DllImport("advapi32.dll")]
public static extern int LogonUserA(...);
}
I've tried the following for CASE I as suggested in
http://support.microsoft.com/default.aspx?scid=KB;en-us;q306158. But nothing
works.
a) Changing the "userName" attribute from "machine" to "system" in
"processModel" node in machine.config
b) Including ASPNET user in following Group Policy:
\Local Computer Policy\Computer Configuration\Windows Settings\Local
Policies\User Rights Assignment\"Act as part of the operating system"
Infrastructure: Windows XP Pro (Service Pack 1); .NET Frmaework 1.0 (No
service pack)
Our corporate policy strongly favors doing things as in CASE I. How can I
make it work?
Thanks,
Ram
for CASE II or III.
Case I:
Client Side Code
-----------------
System.Net.NetworkCredential credential = new
System.Net.NetworkCredential("myUserName", "myPassword", "myDomain");
ServiceA a = new ServiceA();
a.Credentials = credential;
a.SomeMethod();
Server Side Code
------------------
Web.config
-----------
<authentication mode="Windows" />
<identity impersonate="true" />
ServiceA
---------
[WebMethod]
public void SomeMethod() {
// Write to share drive code (the share drive has myUserName in ACL
list, myUserName should be able to write to it)
// But it fails
}
Case II:
Everything being same if I change only the Web.config as follows, it works:
<authentication mode="Windows" />
<identity impersonate="true" userName="myDomain\myUserName"
password="myPassword" />
Case III:
Web.config
------------
<authentication mode="Windows" />
<!-- No impersonation -->
ServiceA
---------
[WebMethod]
public void SomeMethod() {
Impersonate i = new Impersonate();
i.StartImpersonate();
// Write to share drive code (the share drive has myUserName in ACL
list, myUserName should be able to write to it)
// This time it works
i.UndoImpersonate();
}
public class Impersonate {
// Usual code using the following
[DllImport("advapi32.dll")]
public static extern int LogonUserA(...);
}
I've tried the following for CASE I as suggested in
http://support.microsoft.com/default.aspx?scid=KB;en-us;q306158. But nothing
works.
a) Changing the "userName" attribute from "machine" to "system" in
"processModel" node in machine.config
b) Including ASPNET user in following Group Policy:
\Local Computer Policy\Computer Configuration\Windows Settings\Local
Policies\User Rights Assignment\"Act as part of the operating system"
Infrastructure: Windows XP Pro (Service Pack 1); .NET Frmaework 1.0 (No
service pack)
Our corporate policy strongly favors doing things as in CASE I. How can I
make it work?
Thanks,
Ram