Call function under different security context

[john]

Is there a way in .Net to call a function or web service
under a different security context as the one that the
user is logged into?

For example, if a user calls web service 1 (WS1), WS1 is
now running under the user's security context. Is there a
way for WS1 to call another web service, WS2, but to
impersonate a totally different user account for the call?

 

[Nicholas Paldino [.NET/C# MVP]]

john,

It depends on the mechanism that is used to authenticate the user on the
remote web service. If it is using a windows challenge/response mechanism,
then you will have to change the current user to be the one that you want to
impersonate. If it is just using basic authentication, then you can just
set those parameters in the call, and you would not have to change the
current user that the process is running under.

Hope this helps.

 

[Nicholas Paldino [.NET/C# MVP]]

John,

Take a look at the documentation for the Impersonate method on the
WindowsIdentity class. It will detail how you can use a call to the
LoginUser API function through the P/Invoke layer to get a handle to a user
that you can impersonate.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

the second WS would use NT authentication to check for
access. I dont want the user calling WS1 to have rights
to WS2, but i want WS1 to call WS2 and impersonate a new
user account. How would i go about doing this?

-----Original Message-----
john,

It depends on the mechanism that is used to authenticate the user on the
remote web service. If it is using a windows challenge/response mechanism,
then you will have to change the current user to be the one that you want to
impersonate. If it is just using basic authentication, then you can just
set those parameters in the call, and you would not have to change the
current user that the process is running under.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Is there a way in .Net to call a function or web service
under a different security context as the one that the
user is logged into?

For example, if a user calls web service 1 (WS1), WS1 is
now running under the user's security context. Is there a
way for WS1 to call another web service, WS2, but to
impersonate a totally different user account for the

call?


.

 

[john]

Perfect! Thanks

-----Original Message-----
John,

Take a look at the documentation for the Impersonate method on the
WindowsIdentity class. It will detail how you can use a call to the
LoginUser API function through the P/Invoke layer to get a handle to a user
that you can impersonate.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

the second WS would use NT authentication to check for
access. I dont want the user calling WS1 to have rights
to WS2, but i want WS1 to call WS2 and impersonate a new
user account. How would i go about doing this?

-----Original Message-----
john,

It depends on the mechanism that is used to authenticate the user on the
remote web service. If it is using a windows challenge/response mechanism,
then you will have to change the current user to be the one that you want to
impersonate. If it is just using basic authentication, then you can just
set those parameters in the call, and you would not

have
to change the

current user that the process is running under.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Is there a way in .Net to call a function or web service
under a different security context as the one that the
user is logged into?

For example, if a user calls web service 1 (WS1), WS1 is
now running under the user's security context. Is there a
way for WS1 to call another web service, WS2, but to
impersonate a totally different user account for the call?


.

.