httplistener, custom hosting and authentication/impersonation

[Enrico Sabbadin]

Hi,
I've developed in .net 2.0 a custom web server that hosts asp.net sites
using the httplistener and applicationhost.createapplicationhost.
When I tell to the httplistener to require authenticathion it does work,
however in the the asp.net site EVEN IF I require authentication=windows /
impersonate=true
System.security.prinvipal.windowsidentity.getcurrent() returns the identity
of the hosting process, not of the caller .. and
system.threading.currentprincipal.identity.name is empty.
(all works fine if I publish the same dir to IIS)
What wiring am I missing to have the identity flow from the httplistener to
the asp.net stack ?

i managed to solve it doing an explicit impersonate before forwarding the
call to the asp.net runtime , however i guess there is a better way to do it

Thank you

 

[bruce barker]

you are confusing two concepts with asp.net. authentication (how the
user is) and thread identity (impersonation).

authentication=windows inpersonate=true

is telling asp.net that the windows authenication was used, and to
impersonate the hosts identity.

you are coding it the same way as iis does. it impersonates the
webclient before accessing any resources (such as asp.net or the file
system).

-- bruce (sqlwork.com)

 

[Enrico Sabbadin]

i'm not confusing the 2 concepts , i know the difference..
i'm just asking if authentication=windows inpersonate=true is something i
should take care in custom web hosting , or it's something out of the box if
i code properly

 

[Enrico Sabbadin]

i found the solution here
http://www.leastprivilege.com/HttpListenerAuthenticationAndASPNET.aspx