problem with aspnet "impersonation"

  • Thread starter Thread starter hellrazor
  • Start date Start date
H

hellrazor

HI there,

I am developing a client side app which requires me to launch another
program when a user clicks a button on a web page. I thought I'd create
an asp.net page (using c# ) to accomplish this. After much research I
found that it's not that simple. The asp process runs under an aspnet
user, which does not let me launch my program. I ran accross some code
that is supposed to impersonate the logged in user, but I get the
following error:


"An anonymous identity cannot perform an impersonation"


The web.config file contains the following:

<identity impersonate="true" />

and the code in the asp.net page:

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
System.Security.Principal.WindowsImpersonationContext
impersonationContext;

impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();

System.Diagnostics.Process.Start("notepad.exe")

impersonationContext.Undo();
}


any ideas on how I can get around this?


Thanks!

Jorge
 
You need to force the ASP.NET context to run under a specific identity that
has that privilege (impersonation is a specific right that not all accounts
have).

Still, launching EXEs from ASP pages is not such a good idea.
 
Exactly where such idea from!
PAtrick

Klaus H. Probst said:
You need to force the ASP.NET context to run under a specific identity that
has that privilege (impersonation is a specific right that not all accounts
have).

Still, launching EXEs from ASP pages is not such a good idea.
 
you have several problems

1) to do impersonation the asp.net account must have the "act as part of os"
permission
2) System.Diagnostics.Process.Start will start the process with the current
process id (asp.net) not the current thread identity anyway, so you don't
need above. look at the windows CreateProcessAsUser as support for this is
not in .net.
3) System.Diagnostics.Process.Start("notepad.exe") - notepad will fail
because it will try to open a window, not notmally allowed from a service.

-- bruce (sqlwork.com)



| HI there,
|
| I am developing a client side app which requires me to launch another
| program when a user clicks a button on a web page. I thought I'd create
| an asp.net page (using c# ) to accomplish this. After much research I
| found that it's not that simple. The asp process runs under an aspnet
| user, which does not let me launch my program. I ran accross some code
| that is supposed to impersonate the logged in user, but I get the
| following error:
|
|
| "An anonymous identity cannot perform an impersonation"
|
|
| The web.config file contains the following:
|
| <identity impersonate="true" />
|
| and the code in the asp.net page:
|
| private void Page_Load(object sender, System.EventArgs e)
| {
| // Put user code to initialize the page here
| System.Security.Principal.WindowsImpersonationContext
| impersonationContext;
|
| impersonationContext =
| ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
|
| System.Diagnostics.Process.Start("notepad.exe")
|
| impersonationContext.Undo();
| }
|
|
| any ideas on how I can get around this?
|
|
| Thanks!
|
| Jorge
 
you have several problems

1) to do impersonation the asp.net account must have the "act as part
of os" permission
2) System.Diagnostics.Process.Start will start the process with the
current process id (asp.net) not the current thread identity anyway,
so you don't need above. look at the windows CreateProcessAsUser as
support for this is not in .net.
3) System.Diagnostics.Process.Start("notepad.exe") - notepad will fail
because it will try to open a window, not notmally allowed from a
service.

-- bruce (sqlwork.com)



| HI there,
|
| I am developing a client side app which requires me to launch another
| program when a user clicks a button on a web page. I thought I'd
| create an asp.net page (using c# ) to accomplish this. After much
| research I found that it's not that simple. The asp process runs
| under an aspnet user, which does not let me launch my program. I ran
| accross some code that is supposed to impersonate the logged in user,
| but I get the following error:
|
|
| "An anonymous identity cannot perform an impersonation"
|
|
| The web.config file contains the following:
|
| <identity impersonate="true" />
|
| and the code in the asp.net page:
|
| private void Page_Load(object sender, System.EventArgs e)
| {
| // Put user code to initialize the page here
| System.Security.Principal.WindowsImpersonationContext
| impersonationContext;
|
| impersonationContext =
| ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate
| ();
|
| System.Diagnostics.Process.Start("notepad.exe")
|
| impersonationContext.Undo();
| }
|
|
| any ideas on how I can get around this?
|
|
| Thanks!
|
| Jorge

Thanks.

It's a local intranet app, so that's why I need to launch the .exe ...
The requirement is that the application needs to launch when a user
clicks a button on the webpage :0|
 
You have basically two problems to solve here.
1. You are trying to launch a program at the server side right? What kind of
program is it, does it have a UI. If the answer is yes, just forget it, this
will not work. If it's a pure non UI application not requiring a users
profile to be loaded, go on with 2.
2. Impersonate. Your asp.net runs in an impersonated security context of an
anonymous user. This identity cannot impersonate (why would it, it's already
impersonating).
What you should do is run your asp.net worker process using a fixed identity
with privileges to launch another program and turn off 'identity
impersonate' in your config file.

Willy.
 
Back
Top