.Net Impersonation - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

.Net Impersonation

Description:

CS795 .Net Impersonation... why & How? Presented by: Vijay Reddy Mara. CS795. Introduction ... When the server is impersonating the client, any operations ... – PowerPoint PPT presentation

Number of Views:152
Avg rating:3.0/5.0
Slides: 21
Provided by: olddominio
Learn more at: http://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: .Net Impersonation


1
.Net Impersonation why How?Presented by
Vijay Reddy Mara
2
Introduction
  • What is Impersonation?
  • Why Impersonation?
  • How Impersonation?
  • Levels of Impersonation
  • Advantages and Disadvantages

3
What is impersonation?
  • Impersonation is the process of assigning a user
    account to an unknown user.
  • Impersonation is one of the most useful
    mechanisms in Windows security .

4
Mechanism
  • This mechanism allows a server process to run
    using the security credentials of the client.
    When the server is impersonating the client, any
    operations performed by the server are performed
    using the client's credentials.
  • Impersonation does not allow the server to access
    remote resources on behalf of the client

5
Impersonation
6
Why Impersonation?
  • The usual reason for doing this is to avoid
    dealing with authentication and authorization
    issues in the ASP.NET application code.
  • Instead, you rely on Microsoft Internet
    Information Services (IIS) to authenticate the
    user

7
How to configure Impersonation?
  • By default the impersonation is disabled at the
    machine level
  • ltimpersonation enable"false"/gt
  • A minimal configuration file to enable
    impersonation is as follows
  • lt!-- Web.config file. --gt
  • ltidentity impersonate"true"/gt

8
Different types of impersonation
  • Impersonate the IIS Authenticated Account or User
  • Impersonate a Specific User for All the Requests
    of an ASP.NET Application
  • Impersonate the Authenticating User in Code

9
  • Impersonate the IIS Authenticated Account or User
  • ltidentity impersonate"true" /gt
  • Impersonate a Specific User for All the Requests
    of an ASP.NET Application
  • ltidentity impersonate"true" userName"accountna
    me" password"password" /gt

10
  • Impersonate the Authenticating User in Code
  • System.Security.Principal.WindowsImpersonationCon
    text impersonationContext
  • impersonationContext ((System.Security.Principa
    l.WindowsIdentity)User.Identity).Impersonate()
  • //Insert your code that runs under the security
    context of the authenticating user here.
  • impersonationContext.Undo()

11
Impersonating by using LogonUser
  • bool loggedOn  LogonUser(     user,     dom
    ain,     password,     LogonType.Interactive
    ,     LogonProvider.Default,     out userHan
    dle)if(!loggedOn)   // Begin impersonating
    the userWindowsImpersonationContext impersonation
    Context  WindowsIdentity.Impersonate(userHandle.T
    oken)DoSomeWorkWhileImpersonating()// Clean
    upCloseHandle(userHandle)impersonationContext.U
    ndo()

12
Impersonating by using the WindowsIdentity
Constructor
  • using System.Security.Principal
  • ...
  • WindowsIdentity wi new WindowsIdentity(userName_at_
    fullyqualifieddomainName)
  • WindowsImpersonationContext ctx null
  • try
  • ctx wi.Impersonate()
  • // Thread is now impersonating
  • catch
  • // Prevent exceptions propagating.
  • finally
  • // Ensure impersonation is reverted
  • ctx.Undo()

13
Levels of Impersonation
  • A Server process can control to what extent a
    service is able to act as the client by selecting
    an impersonation level when it connects to the
    service.

14
Four levels of Impersonation
  • Anonymous
  • Identify
  • Impersonate
  • Delegate

15
  • Anonymous    The client is anonymous to the
    service. The service can impersonate the client
    but the impersonation token does not contain any
    information about the client.
  • Identify    The service can get the identity of
    the client and use this information in its own
    security mechanism, but it cannot impersonate the
    client.

16
  • Impersonate    The service can impersonate the
    client. If the service is on the same computer as
    the client process, it can access network
    resources as the client.
  • Delegate    The service can impersonate the
    client not only when it accesses resources on the
    service's computer but also when it accesses
    resources on other computers.

17
Advantages
  • Auditing
  • Auditing across tiers
  • Granular access controls

18
Disadvantages
  • Scalability
  • Increased administration effort

19
References
  • http//msdn2.microsoft.com/en-us/library/ms998351.
    aspx
  • http//blogs.msdn.com/shawnfa/archive/2005/03/21/4
    00088.aspx
  • http//pluralsight.com/wiki/default.aspx/Keith.Gui
    deBook.WhatIsImpersonation

20
Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: ".Net Impersonation" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!