Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.

Published byNeal Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara."— Presentation transcript:

1 CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara

2 CS795 Introduction What is Impersonation? Why Impersonation? How Impersonation? Levels of Impersonation Advantages and Disadvantages

3 CS795 What is impersonation? Impersonation is the process of assigning a user account to an unknown user. Impersonation is one of the most useful mechanisms in Windows security.

4 CS795 Mechanism This mechanism allows a server process to run using the security credentials of the client. When the server is impersonating the client, any operations performed by the server are performed using the client's credentials. Impersonation does not allow the server to access remote resources on behalf of the client

5 CS795 Impersonation

6 CS795 Why Impersonation? The usual reason for doing this is to avoid dealing with authentication and authorization issues in the ASP.NET application code. Instead, you rely on Microsoft Internet Information Services (IIS) to authenticate the user

7 CS795 How to configure Impersonation? By default the impersonation is disabled at the machine level A minimal configuration file to enable impersonation is as follows

8 CS795 Different types of impersonation Impersonate the IIS Authenticated Account or User Impersonate a Specific User for All the Requests of an ASP.NET Application Impersonate the Authenticating User in Code

9 CS795 Impersonate the IIS Authenticated Account or User Impersonate a Specific User for All the Requests of an ASP.NET Application

10 CS795 Impersonate the Authenticating User in Code: System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); //Insert your code that runs under the security context of the authenticating user here. impersonationContext.Undo();

11 CS795 Impersonating by using LogonUser bool loggedOn = LogonUser( user, domain, password, LogonType.Interactive, LogonProvider.Default, out userHandle); if(!loggedOn) // Begin impersonating the user WindowsImpersonationContext impersonationContext = WindowsIdentity.Imper sonate(userHandle.Token); DoSomeWorkWhileImpersonating(); // Clean up CloseHandle(userHandle); impersonationContext.Undo();

12 CS795 Impersonating by using the WindowsIdentity Constructor using System.Security.Principal;... WindowsIdentity wi = new WindowsIdentity(userName@fullyqualifieddomainName); WindowsImpersonationContext ctx = null; try { ctx = wi.Impersonate(); // Thread is now impersonating } catch { // Prevent exceptions propagating. } finally { // Ensure impersonation is reverted ctx.Undo(); }

13 CS795 Levels of Impersonation A Server process can control to what extent a service is able to act as the client by selecting an impersonation level when it connects to the service.

14 CS795 Four levels of Impersonation Anonymous Identify Impersonate Delegate

15 CS795 Anonymous The client is anonymous to the service. The service can impersonate the client but the impersonation token does not contain any information about the client. Identify The service can get the identity of the client and use this information in its own security mechanism, but it cannot impersonate the client.

16 CS795 Impersonate The service can impersonate the client. If the service is on the same computer as the client process, it can access network resources as the client. Delegate The service can impersonate the client not only when it accesses resources on the service's computer but also when it accesses resources on other computers.

17 CS795 Advantages Auditing Auditing across tiers Granular access controls

18 CS795 Disadvantages Scalability Increased administration effort

19 CS795 References http://msdn2.microsoft.com/en-us/library/ms998351.aspx http://blogs.msdn.com/shawnfa/archive/2005/03/21/400088.aspx http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.WhatIsImpersonation

20 CS795 Questions?

Download ppt "CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara."

Similar presentations

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.

Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.

Chapter 13 – Site Security. Internet Information Server ASP.NET Applications.NET Framework Windows NT/2000 Operating System Forms Passport Windows Certificates.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Proprietary & Confidential How to enable Windows Remote Desktop Connection.

Proprietary & Confidential How to enable Windows Remote Desktop Connection.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Security Aspects Of Directory Enabled Applications Praerit Garg Program Manager Windows NT Security Microsoft Corporation.

Security Aspects Of Directory Enabled Applications Praerit Garg Program Manager Windows NT Security Microsoft Corporation.
Working with Workgroups and Domains

Working with Workgroups and Domains
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET

Similar presentations

Ads by Google