Impersonate in a web service

V

VBAHole22

Contributor
Joined
Oct 21, 2003
Messages
432
Location
VA
I am trying to access network resources from a web method as follows:

PHP: 
<WebMethod(Description:="Authorize")> _
               Public Function TestImpersonate() As String
        If File.Exists("//0501DD/PRO/12546/ENT.doc") Then
            Return "Authorized"
        Else
            Return "Locked Out"
        End If
    End Function

I am locked out at all times. I have tried the following incantations of the impersonate line in my web.config:

Code: 
<identity impersonate="true" userName="administrator" password=""/>
<identity impersonate="true" userName="administrator"/>
<identity impersonate="true" />

I am an admin on this machine and I can see these files in windows explorer. I have tried adding in my actual login name instead of 'administrator' but then I can't even compile. I cannot compile with my login.domain either.
Any suggestions?
What would be the proper way to express one's full login name:
First.Last/domain
First.Last\domain
First.Last@domain
 
I am on win2k. What is UPN?
I have tried

\\domain\username
\domain\username
domain\username

None will compile. It's as if Vis Studio is checking the username value at compile and it won't continue if it doesn't like it.
 
I figured it out by looking at the IIS properties for both the web service and the asp.net page side by side.
The only difference between the two was in the Directory Security>Edit Tab titled Authentication Methods. The asp.net page had anonymous access off and the web service had it checked. Once I unchecked it the web method works.

I guess the reasoning is that if you have anonymous access then there can be no impersonating anyhow.
 
Alright, the plot thickens.

The method is authorized to check if the File.Exists with the following stub

<identity impersonate="true"/>

BUT... I have a web method that runs a function on a different thread that I spawn. That thread is NOT authorized to do anything to the file.

Don't the threads you spawn run under the same scenario as the calling code?
 
I pity anyone else in this predicament. MS says that this is 'behavior by design'. Basically it's a security threat for a secondary thread to run on the same impersonation as the primary thread.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;842790

This article offers 3 solutions. Two of which I have tried (1 & 2) and do not work. The third option is to edit machine.config and set the processmodel from Machine to System. Does anyone know what the implications of said change would be? I am loathe to try it. My only other option is to give up the performance that I was gaining from the twin threads and go back to synchronous.
Oh well.
MS giveth and MS taketh away.
 
Back
Top