Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to.

Slides:

Advertisements

Similar presentations

Impersonation, SSO & custom web parts Using Impersonation and Single Sign-On to access corporate data from within a custom SharePoint web part Mike FITZSIMON.

Advertisements

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

27. to 28. March 2007 | Geneva, Switzerland. Fabrice Romelard ilem SA Level 200.

Introduction To Windows NT ® Server And Internet Information Server.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Windows Security Mechanisms Al Bento - University of Baltimore.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

SharePoint External Login Access – Forms Authentication vs Azure ACS.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Designing Active Directory for Security

Secure ASP.NET MVC5 Application with Asp.Net Identity Changde Wu Self Introduction Professional.NET Developer in greater Boston area Specialized in WPF.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Overview Scale out architecture Servers, services, and topology in Central Administration.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Workflow Development Overview Architecture Requirements Types of workflows Stages of workflow.

Module 9 Authenticating and Authorizing Users. Module Overview Authenticating Connections to SQL Server Authorizing Logins to Access Databases Authorization.

Using the Bookshare API July Why do it? Developed in 2008, provides 3rd party developers access to Bookshare functionality in any application It.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

Module 14 Configuring Security for SQL Server Agent.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Customization Using SharePoint Designer 2007 Overview Editing look and feel –Master pages.

Module 4 : Installation Jong S. Bok

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

Module 10 Assigning Server and Database Roles. Module Overview Working with Server Roles Working with Fixed Database Roles Creating User-defined Database.

Securing Your ASP.NET Application Presented by: Rob Bagby Developer Evangelist Microsoft ( )

SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.

Module 11: Securing a Microsoft ASP.NET Web Application.

CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Profiles and Active Directory Overview User profiles –Import from Active Directory –Creating.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 The SqlConnection Object ADO.NET - Lesson 02  Training time: 10 minutes 

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Office Integration Outlook –SharePoint lists in outlook –Documents in outlook InfoPath.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Search Overview Search Features: WSS and Office Search Architecture Content Sources and.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

GUDURU PRAVEEN REDDY.NET IMPERSONATION. Contents Introduction Impersonation Enabled Impersonation Disabled Impersonation Class Libraries Impersonation.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Security Overview Functional security – users, groups, and permissions for sites, lists,

IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.

Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.

Module 5 : Security I Jong S. Bok

Impersonation Bharat Kadia CS-795. What is Impersonation ? Dictionary-: To assume the character or appearance of someone ASP.NET-: Impersonation is the.

Migrating an Enterprise Microsoft Product (TFS) on to Windows Azure Sriram Dhanasekaran SDE II, Microsoft.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Course Overview Introduction Target Audiences Course Structure Virtual PC Demo.

Configuring and Deploying Web Applications Lesson 7.

SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.

1 Chapter Overview Understanding the Authentication Process Understanding the Authorization Process Creating and Managing Logins.

©Copyright Audit Serve, Inc All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches:

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Web Parts Overview Web parts in SharePoint 2007 “Hello World” web part Typical deployment.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

Module 1: SQL Server Overview

Chapter 5 : Designing Windows Server-Level Security Processes

6/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Introduction to SQL Server 2000 Security

Common Security Mistakes

Designing Database Solutions for SQL Server

SharePoint Cloud hosted Apps

SharePoint Online Authentication Patterns

9/8/ :03 PM © 2006 Microsoft Corporation. All rights reserved.

Security - Forms Authentication

Presentation transcript:

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to perform a task for which the current user does not have permissions example: accessing a master list on the WSS site on which the user might not be a member creating a list when a user only has reader privileges using windows authentication to access SQL database for which the currently logged in user does not have permissions

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – Web.config ASP.Net web.config allows various settings, - runs as process user - impersonates the currently logged user - impersonates the user specified SharePoint always defaults to impersonating the currently logged in user

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – WindowsIdentity In code, we can find out the user under which the code runs: Response.Write("Process runs as” + WindowsIdentity.GetCurrent().Name);

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – WindowsImpersonationContext In code, we can create WindowsImpersonationContext for a specific user: //create impersonation context (details are in SDK) WindowsImpersonationContext wic = CreateIdentity(user, domain, password).Impersonate(); //code that will run under impersonated user //Create a list wic.Undo(); //revert back to currently logged in user Kerberos delegation needs to be on if trying to connect to resources on different servers

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – The New SharePoint Way SPSecurity.RunWithElevatedPrivileges(delegate() { // do things assuming the permission of the "system account"; using (SPSite site = new SPSite(web.Site.ID)) { Response.Write("content database name for this site is " + site.ContentDatabase.Name); } });

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Demo: Impersonation 1.Use SharePoint specific impersonation 2.Use ASP.Net impersonation

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Authentication Models Trusted Subsystem - the application (middle tier) authenticates with fixed identity –Offers database connection pooling. –Is less complex. –The group that owns and manages the back end gives access to one account that they manage. Impersonation and Delegation - the application (middle tier) impersonates the client and authenticates to back- end on client’s behalf –To enable auditing at the back end. –If there is per-user authorization at the back end.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Connection String Options: SQL Authentication SQL Authentication: server=training; uid=sa; pwd=Pilot; database=Pilothou1_Site Advantage: easy to use, no special requirements. Disadvantage: username and password are clear text

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Connection String Options: Windows Authentication Windows Authentication Advantage: username and password are not clear text. Disadvantage: if application runs as a currently logged in user, that user must have access to DB. Windows Authentication with impersonation of the application pool user Advantage: uses application pool account to access db. Disadvantage: no significant disadvantages example: Integrated Security = SSPI; server=training; database = Pilothou1_Site

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Application Pool Account Impersonation Details using System.Security.Principal // revert to self WindowsImpersonationContext wic = WindowsIdentity.Impersonate(IntPtr.Zero); try { // perform db operations } finally { wic.Undo(); // resume impersonating }

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Demo: Using App Pool Account to Access DB 1.Accessing DB using Windows Authentication and application pool account

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Links How to implement impersonation in ASP.NET application: ASP.NET Impersonation: /en-us/cpguide/html/cpconaspnetimpersonation.asp ASP.NET Impersonation (Designing Distributed Applications with Visual Studio.N ET) /en-us/vsent7/html/vxconimpersonation.asp