M
martin
Hi,
I am having trouble using impersonation -- with integrated security - on a
domain controller.
The authentication on IIS is set to integrated security only --- (NO
annoymosy access allowed)
The authentication element in webconfig is set to <authentication
mode="Windows" />
The identity element in webconfig is set to <identity impersonate="true"/>
I have placed the following code in my page load event
Response.Write("User - [" & Page.User.Identity.Name & "]<br>")
Response.Write("Windows Account running page - [" &
System.Security.Principal.WindowsIdentity.GetCurrent().Name & "]<br>")
Response.Write("Thread - [" &
System.Threading.Thread.CurrentPrincipal.Identity.Name & "]<br>")
on my dev machine I get my domain account that I am logged on with for each
of the values above -- which I would expect.
On the domain controller the application gives an access denied error
whenever I add the following identity element fo web.config
<identity impersonate="true"/>
The intesting thing is that the code above when run on the domain controller
gives the "IWAN_..." account as the value of the "Windows Account running
page".
The only theory that I have come up with so far is that the account on the
DC that is running the webpage (ie the standard account .. " IWAN_..." in
the example above) does NOT have permission to impersonate an account.
can anybody tell me now to work around this situation.
many thanks in advance
martin.
I am having trouble using impersonation -- with integrated security - on a
domain controller.
The authentication on IIS is set to integrated security only --- (NO
annoymosy access allowed)
The authentication element in webconfig is set to <authentication
mode="Windows" />
The identity element in webconfig is set to <identity impersonate="true"/>
I have placed the following code in my page load event
Response.Write("User - [" & Page.User.Identity.Name & "]<br>")
Response.Write("Windows Account running page - [" &
System.Security.Principal.WindowsIdentity.GetCurrent().Name & "]<br>")
Response.Write("Thread - [" &
System.Threading.Thread.CurrentPrincipal.Identity.Name & "]<br>")
on my dev machine I get my domain account that I am logged on with for each
of the values above -- which I would expect.
On the domain controller the application gives an access denied error
whenever I add the following identity element fo web.config
<identity impersonate="true"/>
The intesting thing is that the code above when run on the domain controller
gives the "IWAN_..." account as the value of the "Windows Account running
page".
The only theory that I have come up with so far is that the account on the
DC that is running the webpage (ie the standard account .. " IWAN_..." in
the example above) does NOT have permission to impersonate an account.
can anybody tell me now to work around this situation.
many thanks in advance
martin.