Client-side application and impersonation

Client-side application and impersonation

am 31.03.2008 16:56:04 von martin

Can a browser-based cient-side application impersonate a domain user?

I am trying to host a client-side assembly in a browser. I need to
then impersonate a domain user account in the assembly to give me
access to network resources, and I'm not sure if I'm able to
impersonate a domain account on a client-side application. I've tried
using various samples for impersonation that use the LogonUser API
call in order to get a token, but this fails in my client app, due to
a security exception.

This is an Intranet environment, with the web server running XP. I
have tried running as a trusted site, but no difference.

Apologies in advance if this has gone to the wrong group.

Regards,
Martin

Re: Client-side application and impersonation

am 02.04.2008 03:54:50 von Alvin Bruney

You are probably aware that this is no ordinary request, right? You can only
do this if your client can 'see' a domain account. Typically, your client
hosted in the browser has no direct access to the server so if the domain
account is on the server you won't be able to do this easily. If your code
running your client has access to a user context, you can extract the user
from the context and turn around and fire a active directory query but in
most cases the user context is null. The cheap way to see if your existing
code works is simply to turn cas policy off at the command prompt and see if
the application works. If it does, then you simply need to configure CAS
policy.

One way is to have an app or web service running on the server that can do
what you want. From your client, you just fire a web request to the server
to 'authenticate' the client.

--

Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------




"Martin" wrote in message
news:f3319f04-ecb5-4b20-9871-3f6019e70a4f@p25g2000hsf.google groups.com...
> Can a browser-based cient-side application impersonate a domain user?
>
> I am trying to host a client-side assembly in a browser. I need to
> then impersonate a domain user account in the assembly to give me
> access to network resources, and I'm not sure if I'm able to
> impersonate a domain account on a client-side application. I've tried
> using various samples for impersonation that use the LogonUser API
> call in order to get a token, but this fails in my client app, due to
> a security exception.
>
> This is an Intranet environment, with the web server running XP. I
> have tried running as a trusted site, but no difference.
>
> Apologies in advance if this has gone to the wrong group.
>
> Regards,
> Martin

Re: Client-side application and impersonation

am 02.04.2008 10:05:39 von martin

Hi Alvin,

Thanks for the reply on this - I was aware it was probably not
something I was going to be able to do with ease! I am probably being
a bit lazy, and was really hoping I could reuse the existing control
without much work.

It looks like I'll be doing as you say, and writing a web service.

Thanks again.

Martin