How to verify authorizations from another user

May 28, 2009 at 7:22 PM

Hello.

I'm using the NetSqlAzMan for securing an Intranet site. All work fine, great tool.

 

The way it is working is checking by WindowsIdentity, loaded with the current logged user.

But now, we need to "impersonate" users in our development enviroment, to test their access as if were them logged on the Intranet.

We can't obviously have their passwords to perform such tests, this way we can't create random WindowsIdentity objects (as far I searched about).

 

Is there any way we can resolve this scenario? In short, test the authorizations for another users in NetSqlAzMan using WindowsIdentity option (DBUsers option is not a good for us).

 

Coordinator
May 28, 2009 at 8:44 PM

of course yes …

please check this thread: http://netsqlazman.codeplex.com/Thread/View.aspx?ThreadId=50108

Regards,

Andrea.

May 28, 2009 at 9:13 PM
Edited May 29, 2009 at 12:31 PM

hmm thx for the reply, but my development machine isn't a windows server 2003 (it's Windows XP). Any suggestion else?

Coordinator
May 28, 2009 at 9:18 PM

XP does not support KPT.

These code could be also useful:

String user = “MYDOMAIN\\myuser”;

NTAccount nta = new NTAccount(user);

SecurityIdentifier sid = (SecurityIdentifier)nta.Translate(typeof(SecurityIdentifier));

IAzManSid azmanSid = new SqlAzManSid(sid); //This is the Sid of another user

Regards,

Andrea.

May 29, 2009 at 1:10 PM

Hey Andrea.

I have searched what I can do with that IAzManSid, but can't find any way to use that where I need.

The CheckAccessHelper constructor requires a WindowsIdentity object, so I need to convert that sid to a WindowsIdentity. Rigth?

Any way to do this conversion?

Or... how I use that sid in a default CheckAccessHelper class?

Coordinator
May 30, 2009 at 8:11 AM

I think that on Windows XP there is no way.

Could you use a virtual machine for development ?

Unfortunately, on Windows XP Kerberos Protocol Transition is not working and there's no way.

Regards,

Andrea

__________________________________
Andrea Ferendeles
NetSqlAzMan - Project Coordinator

http://netsqlazman.codeplex.com