Home/ Questions/Q 4257862
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T05:34:16+00:00

I have the following scenario where I’m planning in using windows authentication. 1.1) I

  • 0

I have the following scenario where I’m planning in using windows authentication.

1.1) I have a web server which will run within a domain.
1.2) The web site will run under the credentials of a domain user with a set of configured permissions (One which will be allowed access to the file system, SQL server database etc).
1.3) Users visiting the web site will belong to the same domain, so I’m planning in using windows authentication.

So at this point, an authenticated user, would access the site, but I guess that from code, “CurrentUser” would be the one under which the site is running.

I’d like the following.

2.1) To authenticate the user accessing the site with windows authentication. (Domain controller would be responsible for this).
2.2) For the site to run under the configured user from step 1.2. So it would have all of its permissions.
2.3) But I’d like to know the initial user used to authenticate from (step 2.1).

This way I could do the following:

3.1) User “A” decides to access the site, as he belongs to the same domain as the web server, he authenticates successfully.
3.2) From code I detect that “A” authenticated, so I’ll go and fetch his roles. “Role1, Role2, Role3”.
3.3) I then want the code to run under the user configured in step 1.2, but I’ll assign the Principal all of the roles retrieved from 3.2.

I’ve thought that maybe I could use Impersonation for this.

4.1) So user “A” decides to access the site and authenticates.
4.2) The site would initially run with “A” credentials, so the “CurrentUser” would be “A”.
4.3) Switch the user (somehow) back to the one from 1.2
4.4) I could retrieve all of 4.1 configured Roles.
4.5) Assign the Current Principal the roles retrieved from 4.4.

So in the end the web site will use Windows Authentication with Impersonation, but from code I’d switch back to user 1.2.

If you’ve reached this point thanks for reading! I’d like to know if this is possible and if it seems achievable or if I’m overcomplicating things.

Also suggestions in how can I plug into and where to do all the role retrieving and user switching.
Many thanks!

UPDATE 1

@ Code Jammr , you’re right, no need to do any crazy stuff. But I think I still need to look into HttpModules,..

After doing a few tests, searching etc…

I’ve started to understand the difference between these IIdentity objects:

HttpContext.Current.User.Identity
Thread.CurrentPrincipal.Identity
WindowsIdentity i2 = WindowsIdentity.GetCurrent();

I posted another question to help me understand them:
Help understanding impersonation

I think this answers my question.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are several code samples out there for doing Impersonation. Most involve dealing with tokens and Win API calls. But if you really must do it this way, I say this not knowing what your webserver type is. IIS 6 or IIS7, then there are many code samples out there to guide you along.

    Here is one link for ya that pretty much gives you a starting point.
    http://msdn.microsoft.com/en-us/library/aa331755(v=vs.71).aspx

    Here is a link on AD authentication and you may not have to do anything crazy.
    http://support.microsoft.com/kb/326340

    You may want to look into asp.net impersonation, app pool settings, etc… to see if there is a better way.

    • 0