M
Matthias Wohlmann
Hi,
I've got an ASP.NET Web-Application written in C#.
In IIS 6.0 (Windows Server 2003) I have set the application to allow
anonymous access, but instead of the default user I use an own
windows-user account. That account does not have too much rights (just
access to the application directory and the windows\Microsoft.Net
directory). In Web.config I have also set
<identity impersonate="true" userName=<myUser> password=<myPWD>/>
Everything works fine exept for this:
In my application, I start a thread. I know that impersonation is not
taken over by the thread so I copy the current impersonation by
System.IntPtr windowsIdentityToken;
System.IntPtr newToken = System.IntPtr.Zero;
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
DuplicateToken(currentIdentity.Token, 2, ref newToken);
this.windowsIdentityToken = newToken;
and inside the thread I re-impersonate with:
WindowsImpersonationContext impersonatedUser =
WindowsIdentity.Impersonate(this.windowsIdentityToken);
After that, acces to files inside the thread is working, but two things
don't work:
- Sending Mails: I get this error:
System.Web.HttpException: Could not create 'CDO.Message' object.
on Command:
System.Web.Mail.SmtpMail.Send(msg);
- I also use encryption inside the thread. Command
SymmetricAlgorithm symm = new TripleDESCryptoServiceProvider();
leads to Exception:
System.Security.Cryptography.CryptographicException: Cryptographic
service provider (CSP) could not be found for this algorithm.
If I don't impersonate the thread by commenting out
//WindowsImpersonationContext impersonatedUser =
WindowsIdentity.Impersonate(this.windowsIdentityToken);
both commands work, but the thread can't access some files I need.
does anyone have an idea?
Thanks,
matthias
I've got an ASP.NET Web-Application written in C#.
In IIS 6.0 (Windows Server 2003) I have set the application to allow
anonymous access, but instead of the default user I use an own
windows-user account. That account does not have too much rights (just
access to the application directory and the windows\Microsoft.Net
directory). In Web.config I have also set
<identity impersonate="true" userName=<myUser> password=<myPWD>/>
Everything works fine exept for this:
In my application, I start a thread. I know that impersonation is not
taken over by the thread so I copy the current impersonation by
System.IntPtr windowsIdentityToken;
System.IntPtr newToken = System.IntPtr.Zero;
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
DuplicateToken(currentIdentity.Token, 2, ref newToken);
this.windowsIdentityToken = newToken;
and inside the thread I re-impersonate with:
WindowsImpersonationContext impersonatedUser =
WindowsIdentity.Impersonate(this.windowsIdentityToken);
After that, acces to files inside the thread is working, but two things
don't work:
- Sending Mails: I get this error:
System.Web.HttpException: Could not create 'CDO.Message' object.
on Command:
System.Web.Mail.SmtpMail.Send(msg);
- I also use encryption inside the thread. Command
SymmetricAlgorithm symm = new TripleDESCryptoServiceProvider();
leads to Exception:
System.Security.Cryptography.CryptographicException: Cryptographic
service provider (CSP) could not be found for this algorithm.
If I don't impersonate the thread by commenting out
//WindowsImpersonationContext impersonatedUser =
WindowsIdentity.Impersonate(this.windowsIdentityToken);
both commands work, but the thread can't access some files I need.
does anyone have an idea?
Thanks,
matthias