Newbie question about impersonation

  • Thread starter Thread starter Romuald
  • Start date Start date
R

Romuald

Hi all,
I'm facing a little issue and I don't know if the cause comes from ASP.Net
itself, the way I use ASP.Net or VirtualBox. Let me explain.

I wrote an ASP.Net web interface which runs some powershell scripts. For my
site (purely internal), I'm using impersonation through the web.config file:

<identity impersonate="true" userName="<domain>\robot" password="<password>"
/>

The issue is despite this impersonation (which seems to work well)
VirtualBox uses the systemprofile to get its configuration.

Any idea or suggestion would be greatly appreciated. Thanks.
 
Romuald said:
Hi all,
I'm facing a little issue and I don't know if the cause comes from ASP.Net
itself, the way I use ASP.Net or VirtualBox. Let me explain.

I wrote an ASP.Net web interface which runs some powershell scripts. For
my
site (purely internal), I'm using impersonation through the web.config
file:

<identity impersonate="true" userName="<domain>\robot"
password="<password>"
/>

The issue is despite this impersonation (which seems to work well)
VirtualBox uses the systemprofile to get its configuration.

Any idea or suggestion would be greatly appreciated. Thanks.

Don't really follow about the virtualbox stuff.
However, there's a big bad gotcha with impersonation.

Impersonation only gets one hop,
So you can hand your credentials to say a web server.
This in turn cannot hand those credentials on to a database server.

So in many instances an asp.net app can't use impersonation to access a sql
database.
Kerberos offers one way round this issue.

Could of course be something completely different, I'm just guessing.
 
Could you be more specific ?

For now my understanding is that you would like to impersonate a user and
then would like to run something using a vbox configuration specific to that
user ???

Mostly because I really don't see how impersonating a user in an already
launched vbox that runs ASP.NET would cause a problem with the vbox
configuration (as it has been already launched).

If I remember a problem could be that the profile is not loaded when running
in non interactive mode (i.e. the user is impersonated but its profile is
not loaded).

Describing what you are trying to do could be helpfull...
 
Hi all,
I'm facing a little issue and I don't know if the cause comes from ASP.Net
itself, the way I use ASP.Net or VirtualBox. Let me explain.

I wrote an ASP.Net web interface which runs some powershell scripts. For my
site (purely internal), I'm using impersonation through the web.config file:

<identity impersonate="true" userName="<domain>\robot" password="<password>"
/>

The issue is despite this impersonation (which seems to work well)
VirtualBox uses the systemprofile to get its configuration.

Any idea or suggestion would be greatly appreciated. Thanks.

Set IIS authentication to basic or digest and authentication mode to
Windows. Here's the matrix that illustrate the resultant identity
based on settings.
http://msdn.microsoft.com/en-us/library/aa302377.aspx
 
Thanks Patrice.

No VirtualBox doesn't run before, it is launched by my scripts.

And yes, that's a profil issue. I f manually run my script, VB gets its
VirtualBox.xml config file from the current logged in user, here "robot".


If run through the web interface, it tried to get its config from
system32\config\systemprofile.

I've check the impersonation works and it does, the process running my
script belongs to "robot" as expected. But I may be have forget some ASP.Net
tricks or this is a VirtualBox issue.
 
Back
Top