Windows Authentication for ASP.NET

[AD]

I have a ASP.NET application with <authentication mode="Windows" /> and
<identity impersonate="false" />. IIS is configured to use only "Integrated
Windows authentication".

I need to get the NetworkCredential object from the logged in WINDOWS user
to pass it to another application. I tried to use the code below, however
the Domian, UserName and Password property of the NetworkCredential object
are all empty. Is there any way I can get the NetworkCredential object
using Impersonation in code.


//--Impersonation
System.Security.Principal.WindowsImpersonationContext impersonationContext;
impersonationContext =
((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();

impersonationContext
=System.Security.Principal.WindowsIdentity.GetCurrent().Impersonate();


System.Net.NetworkCredential
cred=(System.Net.NetworkCredential)System.Net.CredentialCache.DefaultCredent
ials;

string s="cred.Domain=" + cred.Domain + "<br>";
s+="cred.UserName=" + cred.UserName + "<br>";
s+="cred.Password=" + cred.Password + "<br>";

Response.Write(s);


Any help is much appreciated.


Thanks

AD

 

[Joe Kaplan \(MVP - ADSI\)]

With Windows integrated authentication (WIA), you don't get the plain text
credentials on the server side. Thus, you can't get the password directly.
Additionally, you need to impersonate in web.config if you want the
DefaultCredentials to belong to the user who logged on. Otherwise,
DefaultCredentials will belong to the process account.

Note that if you try to use the DefaultCredentials that you get from the
impersonated user to access a different website, you may run into a
double-hop issue. This is very common with WIA. A search of this group on
"double hop" and/or "delegation" will provide many useful links.

Joe K.

 

[Patrick.O.Ige]

Hi Joe,
But can i use the User.Identity.Name.
And later pass it on a QueryString?
Can i do this?
for example pass it to a SQL Database to retrieve Data from a Table?

 

[Joe Kaplan \(MVP - ADSI\)]

I suppose you could. I probably wouldn't as I tend to not expose data like
that on a query string, but you could. The other thing is that if your
authentication is working properly, you will have the Context.User property
in every request, so you shouldn't need to pass this around between
requests.

It isn't clear to me if you are trying to use the user's security context to
access SQL or if you are just wanting to pass their name as a parameter in a
query though. Can you provide more details?

Joe K.

 

[Patrick.O.Ige]

Yeah I just want to use the user's security context to
access SQL whcih means i should be able to pass their name as a parameter in
a Query.
For example a User A logs in using Windows Authentication.And since the user
A logged in i
want to be able to use the user logged in username to retrieve data to the
User which means
each user would see different Data or settings.
Hope you understand me now.
Thx

 

[Joe Kaplan \(MVP - ADSI\)]

Well, like I said before, if you just need to pass the user name in a query
to SQL, then you will have it. If you need to use the user's Windows
security context to access SQL via SSPI authentication, then you will need
to use impersonation, but since you are using WIA, you'll also need to
enable delegation as well.

This newsgroup is full of posts that you can search on for delegation if you
need that.

Cheers,

Joe K.