locked
identity impersonation with asp.net RRS feed

  • Question

  • User-19719568 posted

    my pages have an editing function to modify the records in the table of a db using a user login.  So the field can show who modified the record. The login uses windows authentication. I searched from web and it said add "<identity impersonate="true"/> under <system.web>  in the web,config. It did not change and still shows "NT Authority/System" on the field for any user's logon. if I added 

    <identity impersonate="true" username="DOMAIN\UserName" password="Password" /> then it shows  this user no matter who logins. 

    Where is the tip to show user associated the login user?

    Thanks.

    Sunday, February 15, 2015 12:56 PM

Answers

All replies

  • User475983607 posted

    Set impersonation to false.

    Impersonation does exactly what it sounds like.  The web application runs under the the identity being impersonated.

    Sunday, February 15, 2015 1:21 PM
  • User-19719568 posted

    does not work

    Sunday, February 15, 2015 9:24 PM
  • User2008642861 posted

    Hi SMDQVTMM,

    From your setting you post, it is correct. It's hard for me to give you some correct suggestions without the details. Also, I suggest that you could refer to the library at MSDN, you may find the solution.

    https://msdn.microsoft.com/en-us/library/xh507fc5(v=vs.100).aspx

    Hope this could be helpful to you.

    Best regards,

    Archer

    Monday, February 16, 2015 3:54 AM
  • User475983607 posted

    does not work

    What does not work?

    Monday, February 16, 2015 6:23 AM
  • User-19719568 posted

    set impersonate to false does not work

    Monday, February 16, 2015 10:19 AM
  • User475983607 posted

    Unclear...

    Post the web.config and relevant VB/C# source code.

    Monday, February 16, 2015 11:00 AM
  • User-19719568 posted

    Here is my web.config:

    <?xml version="1.0"?>
    <!--
    For more information on how to configure your ASP.NET application, please visit
    http://go.microsoft.com/fwlink/?LinkId=169433
    -->
    <configuration>
    <connectionStrings>
    <add name="ApplicationServices" connectionString="data source=XXXXX\XXXX; Initial Catalog=aspnetdb;Integrated Security=True" providerName="System.Data.SqlClient"/>
    <add name="ConnectionString" connectionString="Data Source=xxxxx\xxxxx;Initial Catalog=xxxx;Integrated Security=True" providerName="System.Data.SqlClient"/>
    </connectionStrings>
    <system.web>
    <customErrors mode="Off">
    </customErrors>
    <compilation debug="true" targetFramework="4.0">
    <assemblies>
    <add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken="/>
    <add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken="/>
    <add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken="/>
    <add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken="/>
    <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken="/>
    <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken="/>
    <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken="/>
    </assemblies>
    </compilation>
    <authentication mode="Forms">
    <forms name=".ASPXFORMSAUTH" loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />
    </authentication>
    <identity impersonate="true" />
    <authorization>
    <deny users="*" />
    <allow roles="Admin" />
    </authorization>
    <membership>
    <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false"
    enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="3" minRequiredPasswordLength="15" minRequiredNonalphanumericCharacters="0"
    passwordAttemptWindow="10" applicationName="/"/>
    </providers>
    </membership>
    <profile>
    <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
    </providers>
    </profile>
    <roleManager enabled="true">
    <providers>
    <clear/>
    <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider"/>
    <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
    </providers>
    </roleManager>
    </system.web>
    <system.webServer>

    <defaultDocument enabled="true">
    <files>
    <clear />
    <add value="Default.aspx"/>
    </files>
    </defaultDocument>
    <modules runAllManagedModulesForAllRequests="true"/>
    <validation validateIntegratedModeConfiguration="false"/>
    </system.webServer>
    </configuration>

    Monday, February 16, 2015 11:14 AM
  • User753101303 posted

    Hi,

    Instead always tells what happens rather than just that it doesn't work. It seems your intent is to save the user name doing a change Inside a db. It could be better to just pass explicitely this value to the db as connecting using the user identity will have also some unwanted effects (connection pooling) so IMO it's best to use this if you want to use this information because you have account based security Inside the database.

    If this is just to record the current user, just pass this value explicitely.

    Monday, February 16, 2015 11:23 AM
  • User475983607 posted

    You're using forms authentication not Windows authentication. 

        <authentication mode="Forms">
          <forms name=".ASPXFORMSAUTH" loginUrl="~/Account/Login.aspx" defaultUrl="~/Default.aspx" />
        </authentication>

    The SQL connection is using Windows Authentication and whatever account the app pool is running under.

    You'll need to pass the current username to the DB.

    Monday, February 16, 2015 11:36 AM
  • User-19719568 posted

    I used the stored procedure to set current user by using System_User. So if need to pass this value explicitly, how can I do this? any reference or examples?

    Thanks.

    Monday, February 16, 2015 12:19 PM
  • User753101303 posted

    You'll just add another parameter to your stored procedure and you'll pass User.Identity.Name (or maybe the http://en.wikipedia.org/wiki/Security_Identifier or GUID depending on want you want to handle renamed accounts for example).

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, February 17, 2015 7:31 AM