Identity not persistant in redirect

Hey there i got a boring problem:
my page running on win2003-iis with AD in the same server do an impersonate
of an AD user and i can see its ok since the windowsIdentity.GetCurrent gives
me the right name in the same page but when i do a redirect to another page
the result is that the impersonate is lost and i get back to the iusr_machine
(or if the page i redirect is without anonymous user flag with NTLM asking me
with the usual popup credential to come in)
Some1 can say me why and what should i check? its a policy or a code problem?
thanks guys

Re: Identity not persistant in redirect

When you do a redirect, then the client is making a fresh request for a new
webpage. Unless the client has authenticated, and you impersonate again, the
identity will revert to the default.

Cheers
Ken

"Mr Wolf" wrote in message
news:FC21FD55-9B16-4680-8FA5-2DD3D4A538EF@microsoft.com...
> Hey there i got a boring problem:
> my page running on win2003-iis with AD in the same server do an
> impersonate
> of an AD user and i can see its ok since the windowsIdentity.GetCurrent
> gives
> me the right name in the same page but when i do a redirect to another
> page
> the result is that the impersonate is lost and i get back to the
> iusr_machine
> (or if the page i redirect is without anonymous user flag with NTLM asking
> me
> with the usual popup credential to come in)
> Some1 can say me why and what should i check? its a policy or a code
> problem?
> thanks guys

Re: Identity not persistant in redirect

ok but cant be only this the problem since i done 2 test:

1) I try to use in the same page of the impersonate (right after the
impersonate call) a service that needs the identity and doesnt work (on the
event viewer server side I see i logon of machinename$ that overwrite my user)

2) i need the impersonate to do a redirect on a page that need
authentication without the boring authenticatioin popup so if i cant do it
with impersonate how can i do it?

Thanks again.

"Ken Schaefer" wrote:

> When you do a redirect, then the client is making a fresh request for a new
> webpage. Unless the client has authenticated, and you impersonate again, the
> identity will revert to the default.
>
> Cheers
> Ken
>
> "Mr Wolf" wrote in message
> news:FC21FD55-9B16-4680-8FA5-2DD3D4A538EF@microsoft.com...
> > Hey there i got a boring problem:
> > my page running on win2003-iis with AD in the same server do an
> > impersonate
> > of an AD user and i can see its ok since the windowsIdentity.GetCurrent
> > gives
> > me the right name in the same page but when i do a redirect to another
> > page
> > the result is that the impersonate is lost and i get back to the
> > iusr_machine
> > (or if the page i redirect is without anonymous user flag with NTLM asking
> > me
> > with the usual popup credential to come in)
> > Some1 can say me why and what should i check? its a policy or a code
> > problem?
> > thanks guys
>
>

Re: Identity not persistant in redirect

"Mr Wolf" wrote in message
news:5FCB3349-6B3B-4BC3-84C4-334C379A2AD6@microsoft.com...
> ok but cant be only this the problem since i done 2 test:
>
> 1) I try to use in the same page of the impersonate (right after the
> impersonate call) a service that needs the identity and doesnt work (on
> the
> event viewer server side I see i logon of machinename$ that overwrite my
> user)

How are you doing the impersonation? Do you actually have the user's
username and password?


> 2) i need the impersonate to do a redirect on a page that need
> authentication without the boring authenticatioin popup so if i cant do it
> with impersonate how can i do it?

Again - how are you doing the impersonation?

Cheers
Ken





> Thanks again.
>
> "Ken Schaefer" wrote:
>
>> When you do a redirect, then the client is making a fresh request for a
>> new
>> webpage. Unless the client has authenticated, and you impersonate again,
>> the
>> identity will revert to the default.
>>
>> Cheers
>> Ken
>>
>> "Mr Wolf" wrote in message
>> news:FC21FD55-9B16-4680-8FA5-2DD3D4A538EF@microsoft.com...
>> > Hey there i got a boring problem:
>> > my page running on win2003-iis with AD in the same server do an
>> > impersonate
>> > of an AD user and i can see its ok since the windowsIdentity.GetCurrent
>> > gives
>> > me the right name in the same page but when i do a redirect to another
>> > page
>> > the result is that the impersonate is lost and i get back to the
>> > iusr_machine
>> > (or if the page i redirect is without anonymous user flag with NTLM
>> > asking
>> > me
>> > with the usual popup credential to come in)
>> > Some1 can say me why and what should i check? its a policy or a code
>> > problem?
>> > thanks guys
>>
>>

Re: Identity not persistant in redirect

You damn right...i was making a wrong test on the service, the impersonate
localy works well...so the problem is: how can i redirect to another page
that doesnt allow anonymous user? how can I send my Identity, my network
credential in a redirect?

Thanks a lot Ken.


"Ken Schaefer" wrote:

> "Mr Wolf" wrote in message
> news:5FCB3349-6B3B-4BC3-84C4-334C379A2AD6@microsoft.com...
> > ok but cant be only this the problem since i done 2 test:
> >
> > 1) I try to use in the same page of the impersonate (right after the
> > impersonate call) a service that needs the identity and doesnt work (on
> > the
> > event viewer server side I see i logon of machinename$ that overwrite my
> > user)
>
> How are you doing the impersonation? Do you actually have the user's
> username and password?
>
>
> > 2) i need the impersonate to do a redirect on a page that need
> > authentication without the boring authenticatioin popup so if i cant do it
> > with impersonate how can i do it?
>
> Again - how are you doing the impersonation?
>
> Cheers
> Ken
>
>
>
>
>
> > Thanks again.
> >
> > "Ken Schaefer" wrote:
> >
> >> When you do a redirect, then the client is making a fresh request for a
> >> new
> >> webpage. Unless the client has authenticated, and you impersonate again,
> >> the
> >> identity will revert to the default.
> >>
> >> Cheers
> >> Ken
> >>
> >> "Mr Wolf" wrote in message
> >> news:FC21FD55-9B16-4680-8FA5-2DD3D4A538EF@microsoft.com...
> >> > Hey there i got a boring problem:
> >> > my page running on win2003-iis with AD in the same server do an
> >> > impersonate
> >> > of an AD user and i can see its ok since the windowsIdentity.GetCurrent
> >> > gives
> >> > me the right name in the same page but when i do a redirect to another
> >> > page
> >> > the result is that the impersonate is lost and i get back to the
> >> > iusr_machine
> >> > (or if the page i redirect is without anonymous user flag with NTLM
> >> > asking
> >> > me
> >> > with the usual popup credential to come in)
> >> > Some1 can say me why and what should i check? its a policy or a code
> >> > problem?
> >> > thanks guys
> >>
> >>
>
>

Re: Identity not persistant in redirect

"MrWolf" wrote in message
news:0D5DEB54-22AB-4A8B-B47C-F0A9FFCC3D12@microsoft.com...
> You damn right...i was making a wrong test on the service, the impersonate
> localy works well...so the problem is: how can i redirect to another page
> that doesnt allow anonymous user? how can I send my Identity, my network
> credential in a redirect?

You can't.

The client sends the credentials to the server. You can't force the client
to do that.

On the new page, you can get the credentials that the client sent, and use
those to impersonate the user.

You need to understand how a redirect works. All it does is send a HTTP 302
status to the client with a "this page has moved to " header.
It is up to the client to make a new request for this page at the new
location.

Cheers
Ken




> Thanks a lot Ken.
>
>
> "Ken Schaefer" wrote:
>
>> "Mr Wolf" wrote in message
>> news:5FCB3349-6B3B-4BC3-84C4-334C379A2AD6@microsoft.com...
>> > ok but cant be only this the problem since i done 2 test:
>> >
>> > 1) I try to use in the same page of the impersonate (right after the
>> > impersonate call) a service that needs the identity and doesnt work (on
>> > the
>> > event viewer server side I see i logon of machinename$ that overwrite
>> > my
>> > user)
>>
>> How are you doing the impersonation? Do you actually have the user's
>> username and password?
>>
>>
>> > 2) i need the impersonate to do a redirect on a page that need
>> > authentication without the boring authenticatioin popup so if i cant do
>> > it
>> > with impersonate how can i do it?
>>
>> Again - how are you doing the impersonation?
>>
>> Cheers
>> Ken
>>
>>
>>
>>
>>
>> > Thanks again.
>> >
>> > "Ken Schaefer" wrote:
>> >
>> >> When you do a redirect, then the client is making a fresh request for
>> >> a
>> >> new
>> >> webpage. Unless the client has authenticated, and you impersonate
>> >> again,
>> >> the
>> >> identity will revert to the default.
>> >>
>> >> Cheers
>> >> Ken
>> >>
>> >> "Mr Wolf" wrote in message
>> >> news:FC21FD55-9B16-4680-8FA5-2DD3D4A538EF@microsoft.com...
>> >> > Hey there i got a boring problem:
>> >> > my page running on win2003-iis with AD in the same server do an
>> >> > impersonate
>> >> > of an AD user and i can see its ok since the
>> >> > windowsIdentity.GetCurrent
>> >> > gives
>> >> > me the right name in the same page but when i do a redirect to
>> >> > another
>> >> > page
>> >> > the result is that the impersonate is lost and i get back to the
>> >> > iusr_machine
>> >> > (or if the page i redirect is without anonymous user flag with NTLM
>> >> > asking
>> >> > me
>> >> > with the usual popup credential to come in)
>> >> > Some1 can say me why and what should i check? its a policy or a code
>> >> > problem?
>> >> > thanks guys
>> >>
>> >>
>>
>>

Re: Identity not persistant in redirect

You can't do that in a secure authentication protocol.

The sort of delegated authentication that you want to do can be done
with Windows Live ID.

Or built-in support of Kerberos within Windows.

But if you want to wonder outside the standard authentication
protocols, you're on your own to figure out how to do delegation and
federation properly and securely. As it should be.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Sep 3, 11:24 pm, MrWolf wrote:
> You damn right...i was making a wrong test on the service, the impersonate
> localy works well...so the problem is: how can i redirect to another page
> that doesnt allow anonymous user? how can I send my Identity, my network
> credential in a redirect?
>
> Thanks a lot Ken.
>
>
>
> "Ken Schaefer" wrote:
> > "Mr Wolf" wrote in message
> >news:5FCB3349-6B3B-4BC3-84C4-334C379A2AD6@microsoft.com...
> > > ok but cant be only this the problem since i done 2 test:
>
> > > 1) I try to use in the same page of the impersonate (right after the
> > > impersonate call) a service that needs the identity and doesnt work (on
> > > the
> > > event viewer server side I see i logon of machinename$ that overwrite my
> > > user)
>
> > How are you doing the impersonation? Do you actually have the user's
> > username and password?
>
> > > 2) i need the impersonate to do a redirect on a page that need
> > > authentication without the boring authenticatioin popup so if i cant do it
> > > with impersonate how can i do it?
>
> > Again - how are you doing the impersonation?
>
> > Cheers
> > Ken
>
> > > Thanks again.
>
> > > "Ken Schaefer" wrote:
>
> > >> When you do a redirect, then the client is making a fresh request for a
> > >> new
> > >> webpage. Unless the client has authenticated, and you impersonate again,
> > >> the
> > >> identity will revert to the default.
>
> > >> Cheers
> > >> Ken
>
> > >> "Mr Wolf" wrote in message
> > >>news:FC21FD55-9B16-4680-8FA5-2DD3D4A538EF@microsoft.com...
> > >> > Hey there i got a boring problem:
> > >> > my page running on win2003-iis with AD in the same server do an
> > >> > impersonate
> > >> > of an AD user and i can see its ok since the windowsIdentity.GetCurrent
> > >> > gives
> > >> > me the right name in the same page but when i do a redirect to another
> > >> > page
> > >> > the result is that the impersonate is lost and i get back to the
> > >> > iusr_machine
> > >> > (or if the page i redirect is without anonymous user flag with NTLM
> > >> > asking
> > >> > me
> > >> > with the usual popup credential to come in)
> > >> > Some1 can say me why and what should i check? its a policy or a code
> > >> > problem?
> > >> > thanks guys- Hide quoted text -
>
> - Show quoted text -