Hello All,
I am creating a web application that has a database. To log onto that database by impersonating a user with right to the db in the web.config file:
<identity impersonate="true" username="domain\user" password="password" />
This impersonate works correctly and I am able to get to the database with no problems.
On page init I need to check to see if the user has access to the application. For this I have defined 3 groups: Admin, Write and Read.
This is where the problem come into play.
I am using the following code to return to the system user:
using (WindowsImpersonationContext impersonated = WindowsIdentity.Impersonate(IntPtr.Zero))
{
WindowsIdentity curIdentity = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = new WindowsPrincipal(curIdentity);
bool isInRole = .IsInRole(WebConfigurationManager.AppSettings[role.ToString()]);
}
I have verified that this gives me the current user who is logged onto the system but for some reason it brings back False for all groups.
For testing purposes I removed the impersonation clause from the web.config file and re-ran the IsInRole process and received True for all groups.
The other thing I tried was to again remove the impersonation clause from the web.config file. Next I created a impersonation class that I used after I had grabbed the users roles. This allowed me to get the correct roles but to keep them I would have to store them in a session variable (which I do not want to do for security reasons) because as soon as I impersonate I can't go back and re-grab the security groups.
How am I losing the systems users rights when I do an impersonation?
Thanks for your time,
Aaron