如何与QUOT;未冒充" Kerberos中(联合国代表?) [英] How to "un-impersonate" (un-delegate?) in Kerberos
问题描述
我使用Kerberos访问外部资源期运用ASP.NET 3.5和IIS有一个Web应用程序。
I have a web application using Kerberos to access an external resource useing ASP.NET 3.5 and IIS.
当用户与应用程序连接,Kerberos身份验证自动神奇地允许我连接到作为使用授权的用户的外部资源。这是不容易做到。这是很好的,但我有一个问题。有时候,我需要连接到使用具有比用户更多权限的帐户外部资源。应用程序池在其下运行该服务帐户拥有我需要的除了权利。如何删除用户的Kerberos身份并使用该服务帐户下运行的应用程序池的Kerberos连接?
When a user connects with the application, Kerberos authentication auto-magically allows me to connect to external resources acting as the user using delegation. This was not easy to do. It is nice, but I've a problem. Sometimes I need to connect to an external resource using an account with more rights than the user. The service account which the app-pool is running under has the addition rights I need. How can I remove the user's Kerberos identification and connect with Kerberos using the service account running the application pool?
更新
我不知道为什么我根本没有得到响应的。我从来没有看到过。请张贴问题,他们可能会澄清的问题(我也是)。
I'm not sure why I am getting no responses at all. I've never seen that before. Please post questions, they may clarify the problem (to me too).
推荐答案
我有一个类:
public class ProcessIdentityScope : IDisposable
{
private System.Security.Principal.WindowsImpersonationContext _impersonationContext;
private bool _disposed;
public ProcessIdentityScope()
{
_impersonationContext = System.Security.Principal.WindowsIdentity.Impersonate(IntPtr.Zero);
}
#region IDisposable Members
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (!_disposed)
{
_impersonationContext.Undo();
_impersonationContext.Dispose();
_disposed = true;
}
else
throw new ObjectDisposedException("ProcessIdentityScope");
}
#endregion
}
和我使用它像这样:
using(ProcessIdentityScope identityScope = new ProcessIdentityScope())
{
// Any code in here runs under the Process Identity.
}
这code基于此MSDN文章:<一href=\"http://msdn.microsoft.com/en-us/library/ms998351.aspx\">http://msdn.microsoft.com/en-us/library/ms998351.aspx
This code is based on this MSDN article: http://msdn.microsoft.com/en-us/library/ms998351.aspx
这篇关于如何与QUOT;未冒充&QUOT; Kerberos中(联合国代表?)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!