Using NetSqlAzman with an ASP.NET page and passing in an Active Directory user account.

May 18, 2009 at 3:36 PM

If you want to check authorizations against an Active Directory user account that is not the NTAuthority\Network Service or IUSR account that the ASP.NET page is running under, you can create a Windows Identity token to use with NetSqlAzMan based on the Active Directory account using this statement:  


Dim identity As WindowsIdentity = New WindowsIdentity(j.doe@mydomain.ext)


But to get this statement to work, I needed to use impersonation with a domain account that had privileges sufficient to create the Windows Identity token.


I used the impersonation code found at this link:


And then used this code to create the account:


  Dim ctx As WindowsImpersonationContext = WindowsIdentity.Impersonate(IntPtr.Zero)

  Dim aa As New MyNamespace.AliasAccount("MyDomainAccount", "MyPassword”)



  Dim identity As WindowsIdentity = New WindowsIdentity(j.doe@mydomain.ext)





Then you can call NetSqlAzman routines based on the AD identity contained in the variable ‘identity’:


  authorization = _

    storage.CheckAccess("NetSqlAzManStore", appName, authFilter, _

    CType(identity, System.Security.Principal.WindowsIdentity), DateTime.Now, False)