Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
If these articles:
are your friends then do not waste your time on this post, please.
The scenario is the same where user sits behind her machine A and access simple ASPX page on box B that access file on share on box C, like this:
What I have so far is:
Now I have scenario where employee that tries to access corporate web site she used to use while inside corp walls but this time over Internet.
Another scenario would be where my customers access my web site from Internet and I manage customers identity store using Active Directory (not as just LDAP store rather full blown AD Domain, for LDAP store use ADAM - free download).
I presume in these scenarios the web site would be accessible only over port 443 (default SSL port) - no chance for Windows integrated authentication (which only supported by limited number of browsers... I mean authentication, not SSL).
Here comes in Protocol Transition (PT). Windows 2003 has cool feature - creating windows security context out of thin air - no password and LogonUser WIN API call required....
Keith Brown goes really deep while Exploring S4U Kerberos Extensions in Windows Server 2003
I go for it, here some additions to what was already done in Identity Flow Through Physical Tiers - Delegation:
string upn = txtCustomUPN.Text;//CAN COME FROM ANY PLACE//DO INPUT VALIDATION HERE!!!!!
WindowsIdentity wi = new WindowsIdentity(upn);
WindowsPrincipal wp = new WindowsPrincipal(wi);
HttpContext.Current.User = wp;
WindowsImpersonationContext wic = wi.Impersonate();
// ACCESS NETWORK RESOURCE
No when I ran my app here is what I get (no impersonation):
Now I simulate passing UPN that came from custom authentication (email@example.com is valid AD account):
the code above is ran after pressing "Protocol Transition" button
and here is the result of access audit:
Techniques for file access audit are here:
Windows Authentication Identity Flow Through Physical Tiers Identity Flow Through Physical Tiers - Impersonation
I was delivering "Authentication Explained" session for Security User Group. First of - thanks for attending
I was delivering "Authentication Explained" session for Security User Group. First of - thanks