ISAPI filter with Basic Authentication and Asp.net impersonation

ISAPI filter with Basic Authentication and Asp.net impersonation

am 01.11.2006 20:04:46 von midway76

Hello,

Is it possible in the context of an ISAPI filter (with Basic
Authentication) managing the authentication to use impersonation in a
asp.net project? I'm new to ISAPI filter...

Here's my problem. I'm working in a Sharepoint 2003 (WSS) context.
Instead of using the Active Directory from the Sharepoint server, we're
using a ISAPI filter to authenticate the users by connecting to a Web
service that returns true or false depending if the user credential are
good or not. The problem is that on our Sharepoint portal we have
multiple webparts that impersonate the administrator. For that, we're
using code from that source:

http://msdn2.microsoft.com/en-us/library/aa505327.aspx#wssti pstricks_usingimpersonationtoaccessdatathatthecurrentusercan notaccess.

>From the tests I've done, when we activate Basic authentication, we get
"The request failed with HTTP status 401: Unauthorized" from the web
parts using impersonation. If both Basic Anthentication and Windows
Integrated Authentication are activated, the page load correctly like
if there was no ISAPI filter at all (credentials from the server AD
need to be used).

So is it possible to used the asp.net Impersonation when in "Basic
Authentication" mode?

Thank you,
Chris

Re: ISAPI filter with Basic Authentication and Asp.net impersonation

am 02.11.2006 01:39:43 von David Wang

"Basic Authentication" has no correlation to ASP.Net Impersonation.

What happens is that:
1. IIS first negotiates Basic Authentication
2. On success, IIS impersonates credentials obtained through
authentication on its thread and executes ASP.Net
3. In turn, ASP.Net loads up .Net Framework to run your managed code,
which can certainly change the user token on the thread if the managed
code is allowed

The problems could be either:
1. The ISAPI Filter is not working correctly
2. Sharepoint has restrictions on Web Parts
3. Managed Code is not allowed to change thread impersonation

Not really IIS-related issues at all.


//David
http://w3-4u.blogspot.com
//


midway76@gmail.com wrote:
> Hello,
>
> Is it possible in the context of an ISAPI filter (with Basic
> Authentication) managing the authentication to use impersonation in a
> asp.net project? I'm new to ISAPI filter...
>
> Here's my problem. I'm working in a Sharepoint 2003 (WSS) context.
> Instead of using the Active Directory from the Sharepoint server, we're
> using a ISAPI filter to authenticate the users by connecting to a Web
> service that returns true or false depending if the user credential are
> good or not. The problem is that on our Sharepoint portal we have
> multiple webparts that impersonate the administrator. For that, we're
> using code from that source:
>
> http://msdn2.microsoft.com/en-us/library/aa505327.aspx#wssti pstricks_usingimpersonationtoaccessdatathatthecurrentusercan notaccess.
>
> >From the tests I've done, when we activate Basic authentication, we get
> "The request failed with HTTP status 401: Unauthorized" from the web
> parts using impersonation. If both Basic Anthentication and Windows
> Integrated Authentication are activated, the page load correctly like
> if there was no ISAPI filter at all (credentials from the server AD
> need to be used).
>
> So is it possible to used the asp.net Impersonation when in "Basic
> Authentication" mode?
>
> Thank you,
> Chris