Using NetSqlAzman with an ASP.NET page and passing in an Active Directory user account.

May 18, 2009 at 3:36 PM

If you want to check authorizations against an Active Directory user account that is not the NTAuthority\Network Service or IUSR account that the ASP.NET page is running under, you can create a Windows Identity token to use with NetSqlAzMan based on the Active Directory account using this statement:  

 

Dim identity As WindowsIdentity = New WindowsIdentity(j.doe@mydomain.ext)

 

But to get this statement to work, I needed to use impersonation with a domain account that had privileges sufficient to create the Windows Identity token.

 

I used the impersonation code found at this link:  http://weblogs.asp.net/ralfw/archive/2003/11/24/39479.aspx

 

And then used this code to create the account:

 

  Dim ctx As WindowsImpersonationContext = WindowsIdentity.Impersonate(IntPtr.Zero)

  Dim aa As New MyNamespace.AliasAccount("MyDomainAccount", "MyPassword”)

  aa.BeginImpersonation()

 

  Dim identity As WindowsIdentity = New WindowsIdentity(j.doe@mydomain.ext)

 

  aa.EndImpersonation()

  ctx.Undo()

 

Then you can call NetSqlAzman routines based on the AD identity contained in the variable ‘identity’:

 

  authorization = _

    storage.CheckAccess("NetSqlAzManStore", appName, authFilter, _

    CType(identity, System.Security.Principal.WindowsIdentity), DateTime.Now, False)