The abstract of my problem is that after a user authenticates against active directory, with impersonation on, the calls to the database execute with the context of IIS's anonymous IUSR. What I don't get is why doesn't the thread execute under the security context of the authenticated user when there is no physical seperation, and because the DataPortal is running locally, I don't see cross thread calls that would cause a double hop?
Line 91: using (SqlConnection dbConnection = new SqlConnection(Database.BillingConnection)) |
[SqlException (0x80131904): Login failed for user 'LNGSEAL028596B\IUSR_LNGSEAL028596B'.] |
Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1309
Date: 1/16/2008
Time: 7:19:31 AM
User: N/A
Computer: LNGSEAL028596B
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 1/16/2008 7:19:31 AM
Event time (UTC): 1/16/2008 3:19:31 PM
Event ID: 17bfb1671e584064a96b6198f413d30c
Event sequence: 5
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT-1-128449697688516508
Trust level: Full
Application Virtual Path: /
Application Path: c:\inetpub\wwwroot\
Machine name: LNGSEAL028596B
Process information:
Process ID: 2984
Process name: aspnet_wp.exe
Account name: LNGSEAL028596B\ASPNET
Exception information:
Exception type: TargetInvocationException
Exception message: Exception has been thrown by the target of an invocation.
Request information:
Request URL: http://localhost/Client/ClientList.aspx
Request path: /Client/ClientList.aspx
User host address: 127.0.0.1
User: Matthew.Linscott
Is authenticated: True
Authentication Type: Forms
Thread account name: LNGSEAL028596B\ASPNET
Thread information:
Thread ID: 1
Thread account name: LNGSEAL028596B\ASPNET
Is impersonating: False
Stack trace: at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Web.UI.WebControls.ObjectDataSourceView.InvokeMethod(ObjectDataSourceMethod method, Boolean disposeInstance, Object& instance)
at System.Web.UI.WebControls.ObjectDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments)
at System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback)
at System.Web.UI.WebControls.DataBoundControl.PerformSelect()
at System.Web.UI.WebControls.BaseDataBoundControl.DataBind()
at System.Web.UI.WebControls.GridView.DataBind()
at System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound()
at System.Web.UI.WebControls.CompositeDataBoundControl.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Custom event details:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18456
Date: 1/16/2008
Time: 7:20:06 AM
User: LNGSEAL028596B\IUSR_LNGSEAL028596B
Computer: LNGSEAL028596B
Description:
Login failed for user 'LNGSEAL028596B\IUSR_LNGSEAL028596B'. [CLIENT: 10.65.20.71]
protected void Application_AcquireRequestState(object sender, System.EventArgs e)
{
if (System.Web.HttpContext.Current.Session == null)
return;
Csla.ApplicationContext.User = new ADBB.Security.MembershipPrincipal(HttpContext.Current.User);
}
<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"/>
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings>
<add key="CslaAuthentication" value="Windows"/>
</appSettings>
<connectionStrings>
<clear/>
<add name="LocalSqlServer" connectionString="Data Source=.\;User ID=zzzAdmin;Password=zzzYYY;Initial Catalog=zzzSecurityDatabase;"/>
<add name="BillingConnection" connectionString="Data Source=.\;Integrated Security=SSPI;Initial Catalog=zzzBillingDatabase;"/>
<add name="zzzDomainConnectionString" connectionString="LDAP://zzzServer/OU=Employees,DC=zzzDomain,DC=com" />
</connectionStrings>
<system.web>
<pages>
<controls>
<add tagPrefix="csla" namespace="Csla.Web" assembly="Csla" />
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</controls>
</pages>
<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="10" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
<membership defaultProvider="ADIClientADMembershipProvider">
<providers>
<add name="ADIClientADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="zzzDomainConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="zzzDomain\zzzAdmin" connectionPassword="zzzPath" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="BillingRoleProvider" cacheRolesInCookie="true" cookieName=".RolesCookie" cookieTimeout="30" cookieSlidingExpiration="true" cookieProtection="All">
<providers>
<add name="BillingRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="zzzWeb" description="Sql Role Provider"/>
</providers>
</roleManager>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</assemblies>
</compilation>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</handlers>
</system.webServer>
</configuration>
using System;
using System.Collections.Generic;
using System.Text;
namespace AppliedDiscovery.Billing.Business.Security
{
[Serializable()]
public class MembershipPrincipal : Csla.Security.BusinessPrincipalBase
{
private System.Security.Principal.IPrincipal _principal;
public MembershipPrincipal(System.Security.Principal.IPrincipal principal) : base(principal.Identity)
{
_principal = principal;
}
public override bool IsInRole(string role)
{
return _principal.IsInRole(role);
}
}
}
Copyright (c) Marimer LLC