No IsInRole AD groups with Impersonation

Question

5.00/5 (1 vote)

See more:

Hello All,

I am creating a web application that has a database. To log onto that database by impersonating a user with right to the db in the web.config file:

<identity impersonate="true" username="domain\user" password="password" />

This impersonate works correctly and I am able to get to the database with no problems.

On page init I need to check to see if the user has access to the application. For this I have defined 3 groups: Admin, Write and Read.

This is where the problem come into play.

I am using the following code to return to the system user:

using (WindowsImpersonationContext impersonated = WindowsIdentity.Impersonate(IntPtr.Zero))
            {
                WindowsIdentity curIdentity = WindowsIdentity.GetCurrent();
                WindowsPrincipal wp = new WindowsPrincipal(curIdentity);
                bool isInRole = .IsInRole(WebConfigurationManager.AppSettings[role.ToString()]);
            
            }

I have verified that this gives me the current user who is logged onto the system but for some reason it brings back False for all groups.

For testing purposes I removed the impersonation clause from the web.config file and re-ran the IsInRole process and received True for all groups.

The other thing I tried was to again remove the impersonation clause from the web.config file. Next I created a impersonation class that I used after I had grabbed the users roles. This allowed me to get the correct roles but to keep them I would have to store them in a session variable (which I do not want to do for security reasons) because as soon as I impersonate I can't go back and re-grab the security groups.

How am I losing the systems users rights when I do an impersonation?

Thanks for your time,
Aaron

Posted 8-Apr-11 7:06am

wooga111

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Ramu Sangabathula Original · Answer 1 · 2011-04-08T14:47:00

Solution 1

Not sure, I have created a sample with impersonation and checked whether the signed in user belong to a role or not, and without impersanation also, both gave me positive results. Not sure why you are facing the issue. can you send me your code to repro. But if you want to connect to database using a user having access to db, why not use connection string, with the user name and password.

When you use connection string, it uses the specified user to connect to db, irrespective of the user logged in.

Posted 8-Apr-11 14:47pm

Ramu Sangabathula Original

Comments

wooga111 12-Apr-11 10:31am

Thanks for your comment. I am not able to use ConnectionStrings to connect to the database because of Windows Authentication. Though I may have figured out why my problem is happening. I started up a small project to send to you in VS2010 (I am developing my project in VS2008) and my code worked perfectly! So I opened the VS2010 project in VS2008 and it did not work. Oh further testing I upgraded my whole project and sure enough it worked great in VS2010.

Thanks for your help,
Aaron