Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to.

Published byAusten Lloyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to."— Presentation transcript:

1 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to perform a task for which the current user does not have permissions example: accessing a master list on the WSS site on which the user might not be a member creating a list when a user only has reader privileges using windows authentication to access SQL database for which the currently logged in user does not have permissions

2 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – Web.config ASP.Net web.config allows various settings, - runs as process user - impersonates the currently logged user - impersonates the user specified SharePoint always defaults to impersonating the currently logged in user

3 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – WindowsIdentity In code, we can find out the user under which the code runs: Response.Write("Process runs as” + WindowsIdentity.GetCurrent().Name);

4 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – WindowsImpersonationContext In code, we can create WindowsImpersonationContext for a specific user: //create impersonation context (details are in SDK) WindowsImpersonationContext wic = CreateIdentity(user, domain, password).Impersonate(); //code that will run under impersonated user //Create a list wic.Undo(); //revert back to currently logged in user Kerberos delegation needs to be on if trying to connect to resources on different servers

5 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation – The New SharePoint Way SPSecurity.RunWithElevatedPrivileges(delegate() { // do things assuming the permission of the "system account"; using (SPSite site = new SPSite(web.Site.ID)) { Response.Write("content database name for this site is " + site.ContentDatabase.Name); } });

6 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Demo: Impersonation 1.Use SharePoint specific impersonation 2.Use ASP.Net impersonation

7 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Authentication Models Trusted Subsystem - the application (middle tier) authenticates with fixed identity –Offers database connection pooling. –Is less complex. –The group that owns and manages the back end gives access to one account that they manage. Impersonation and Delegation - the application (middle tier) impersonates the client and authenticates to back- end on client’s behalf –To enable auditing at the back end. –If there is per-user authorization at the back end.

8 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Connection String Options: SQL Authentication SQL Authentication: server=training; uid=sa; pwd=Pilot; database=Pilothou1_Site Advantage: easy to use, no special requirements. Disadvantage: username and password are clear text

9 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Connection String Options: Windows Authentication Windows Authentication Advantage: username and password are not clear text. Disadvantage: if application runs as a currently logged in user, that user must have access to DB. Windows Authentication with impersonation of the application pool user Advantage: uses application pool account to access db. Disadvantage: no significant disadvantages example: Integrated Security = SSPI; server=training; database = Pilothou1_Site

10 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Application Pool Account Impersonation Details using System.Security.Principal // revert to self WindowsImpersonationContext wic = WindowsIdentity.Impersonate(IntPtr.Zero); try { // perform db operations } finally { wic.Undo(); // resume impersonating }

11 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Demo: Using App Pool Account to Access DB 1.Accessing DB using Windows Authentication and application pool account

12 Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Links How to implement impersonation in ASP.NET application: http://support.microsoft.com/?id=306158 ASP.NET Impersonation: http://msdn.microsoft.com/library/default.asp?url=/library /en-us/cpguide/html/cpconaspnetimpersonation.asp ASP.NET Impersonation (Designing Distributed Applications with Visual Studio.N ET) http://msdn.microsoft.com/library/default.asp?url=/library /en-us/vsent7/html/vxconimpersonation.asp

Download ppt "Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to."

Similar presentations

Impersonation, SSO & custom web parts Using Impersonation and Single Sign-On to access corporate data from within a custom SharePoint web part Mike FITZSIMON.

Impersonation, SSO & custom web parts Using Impersonation and Single Sign-On to access corporate data from within a custom SharePoint web part Mike FITZSIMON.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
27. to 28. March 2007 | Geneva, Switzerland. Fabrice Romelard ilem SA Level 200.

27. to 28. March 2007 | Geneva, Switzerland. Fabrice Romelard ilem SA Level 200.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.

Chapter 10 Overview  Implement Microsoft Windows Authentication Mode and Mixed Mode  Assign login accounts to database user accounts and roles  Assign.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.

1 ASP.NET SECURITY Presenter: Van Nguyen. 2 Introduction Security is an integral part of any Web-based application. Understanding ASP.NET security will.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
SharePoint External Login Access – Forms Authentication vs Azure ACS.

SharePoint External Login Access – Forms Authentication vs Azure ACS.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software

Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation www.telerik.com.

Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Designing Active Directory for Security

Designing Active Directory for Security

Similar presentations

Ads by Google