|
Home > Archive > IIS Server Security > November 2006 > ISAPI filter with Basic Authentication and Asp.net impersonation
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ISAPI filter with Basic Authentication and Asp.net impersonation
|
|
| midway76@gmail.com 2006-11-01, 7:26 pm |
| Hello,
Is it possible in the context of an ISAPI filter (with Basic
Authentication) managing the authentication to use impersonation in a
asp.net project? I'm new to ISAPI filter...
Here's my problem. I'm working in a Sharepoint 2003 (WSS) context.
Instead of using the Active Directory from the Sharepoint server, we're
using a ISAPI filter to authenticate the users by connecting to a Web
service that returns true or false depending if the user credential are
good or not. The problem is that on our Sharepoint portal we have
multiple webparts that impersonate the administrator. For that, we're
using code from that source:
http://msdn2.microsoft.com/en-us/li...ercannotaccess.
>From the tests I've done, when we activate Basic authentication, we get
"The request failed with HTTP status 401: Unauthorized" from the web
parts using impersonation. If both Basic Anthentication and Windows
Integrated Authentication are activated, the page load correctly like
if there was no ISAPI filter at all (credentials from the server AD
need to be used).
So is it possible to used the asp.net Impersonation when in "Basic
Authentication" mode?
Thank you,
Chris
| |
| David Wang 2006-11-01, 7:26 pm |
| "Basic Authentication" has no correlation to ASP.Net Impersonation.
What happens is that:
1. IIS first negotiates Basic Authentication
2. On success, IIS impersonates credentials obtained through
authentication on its thread and executes ASP.Net
3. In turn, ASP.Net loads up .Net Framework to run your managed code,
which can certainly change the user token on the thread if the managed
code is allowed
The problems could be either:
1. The ISAPI Filter is not working correctly
2. Sharepoint has restrictions on Web Parts
3. Managed Code is not allowed to change thread impersonation
Not really IIS-related issues at all.
//David
http://w3-4u.blogspot.com
//
midway76@gmail.com wrote:
> Hello,
>
> Is it possible in the context of an ISAPI filter (with Basic
> Authentication) managing the authentication to use impersonation in a
> asp.net project? I'm new to ISAPI filter...
>
> Here's my problem. I'm working in a Sharepoint 2003 (WSS) context.
> Instead of using the Active Directory from the Sharepoint server, we're
> using a ISAPI filter to authenticate the users by connecting to a Web
> service that returns true or false depending if the user credential are
> good or not. The problem is that on our Sharepoint portal we have
> multiple webparts that impersonate the administrator. For that, we're
> using code from that source:
>
> http://msdn2.microsoft.com/en-us/li...ercannotaccess.
>
> "The request failed with HTTP status 401: Unauthorized" from the web
> parts using impersonation. If both Basic Anthentication and Windows
> Integrated Authentication are activated, the page load correctly like
> if there was no ISAPI filter at all (credentials from the server AD
> need to be used).
>
> So is it possible to used the asp.net Impersonation when in "Basic
> Authentication" mode?
>
> Thank you,
> Chris
|
|
|
|
|