R
Rich
I am running IIS6 on a Win2k3 server.
I have an ASP.Net app (C#) that a user logs into and then I use
LogonUser to validate them and log them onto the server. I have
Windows Authentication ONLY checked on the site in IIS.
My problem is that eventhough I am using LogonUser to log on to the
server as the user, I am still getting the Windows Authentication
Challenge (login window).
There are groups/users setup on the server for this app, so I don't
want to turn windows auth off because I am afraid my LogonUser usage
is only seeing if they have access to the server not to that
particular file.
Am I missing something? I was hoping LogonUser would act as if the
user had entered their own info into the windows challenge login
window.
I plan use forms auth to keep track of session later on, so right now
I have my web.config setup as:
<authentication mode="Forms">
<forms name="frmLogin" loginUrl="login.aspx"></forms>
</authentication>
<identity impersonate="True"/>
Here is most of my C# code:
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
public static extern int LogonUser(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("ADVAPI32.DLL")]
public static extern int RevertToSelf();
[DllImport("ADVAPI32.DLL")]
public static extern int ImpersonateLoggedOnUser(IntPtr phToken);
IntPtr tok = IntPtr.Zero;
private void btnLogin_Click(object sender, System.EventArgs e)
{
if(impersonateValidUser (txtUser.Text
, "cgi.securenet01.com",
txtPassword.Text))
{ Response.Redirect("reportLogin.aspx");
undoImpersonation();
}
else { lblError.Text="Login Failed"; }
}
public void undoImpersonation()
{ RevertToSelf(); }
public Boolean impersonateValidUser(String name
, String domain, String
passwd)
{
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_PROVIDER_DEFAULT = 0;
int result = LogonUser(name, domain, passwd,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref tok);
if(result!= 0)
{ int result1 = ImpersonateLoggedOnUser(tok);
if(result1 != 0) { return true; }
else { return false; }
}
else { return false; }
}
Any help is appreciated....
I have an ASP.Net app (C#) that a user logs into and then I use
LogonUser to validate them and log them onto the server. I have
Windows Authentication ONLY checked on the site in IIS.
My problem is that eventhough I am using LogonUser to log on to the
server as the user, I am still getting the Windows Authentication
Challenge (login window).
There are groups/users setup on the server for this app, so I don't
want to turn windows auth off because I am afraid my LogonUser usage
is only seeing if they have access to the server not to that
particular file.
Am I missing something? I was hoping LogonUser would act as if the
user had entered their own info into the windows challenge login
window.
I plan use forms auth to keep track of session later on, so right now
I have my web.config setup as:
<authentication mode="Forms">
<forms name="frmLogin" loginUrl="login.aspx"></forms>
</authentication>
<identity impersonate="True"/>
Here is most of my C# code:
[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
public static extern int LogonUser(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("ADVAPI32.DLL")]
public static extern int RevertToSelf();
[DllImport("ADVAPI32.DLL")]
public static extern int ImpersonateLoggedOnUser(IntPtr phToken);
IntPtr tok = IntPtr.Zero;
private void btnLogin_Click(object sender, System.EventArgs e)
{
if(impersonateValidUser (txtUser.Text
, "cgi.securenet01.com",
txtPassword.Text))
{ Response.Redirect("reportLogin.aspx");
undoImpersonation();
}
else { lblError.Text="Login Failed"; }
}
public void undoImpersonation()
{ RevertToSelf(); }
public Boolean impersonateValidUser(String name
, String domain, String
passwd)
{
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_PROVIDER_DEFAULT = 0;
int result = LogonUser(name, domain, passwd,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref tok);
if(result!= 0)
{ int result1 = ImpersonateLoggedOnUser(tok);
if(result1 != 0) { return true; }
else { return false; }
}
else { return false; }
}
Any help is appreciated....