我使用Kerberos访问外部资源期运用ASP.NET 3.5和IIS有一个Web应用程序。
I have a web application using Kerberos to access an external resource useing ASP.NET 3.5 and IIS.
当用户与应用程序连接,Kerberos身份验证自动神奇地允许我连接到作为使用授权的用户的外部资源。这是不容易做到。这是很好的,但我有一个问题。有时候,我需要连接到使用具有比用户更多权限的帐户外部资源。应用程序池在其下运行该服务帐户拥有我需要的除了权利。如何删除用户的Kerberos身份并使用该服务帐户下运行的应用程序池的Kerberos连接?
When a user connects with the application, Kerberos authentication auto-magically allows me to connect to external resources acting as the user using delegation. This was not easy to do. It is nice, but I've a problem. Sometimes I need to connect to an external resource using an account with more rights than the user. The service account which the app-pool is running under has the addition rights I need. How can I remove the user's Kerberos identification and connect with Kerberos using the service account running the application pool?
更新
我不知道为什么我根本没有得到响应的。我从来没有看到过。请张贴问题,他们可能会澄清的问题(我也是)。
I'm not sure why I am getting no responses at all. I've never seen that before. Please post questions, they may clarify the problem (to me too).
推荐答案我有一个类:
public class ProcessIdentityScope : IDisposable { private System.Security.Principal.WindowsImpersonationContext _impersonationContext; private bool _disposed; public ProcessIdentityScope() { _impersonationContext = System.Security.Principal.WindowsIdentity.Impersonate(IntPtr.Zero); } #region IDisposable Members public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (!_disposed) { _impersonationContext.Undo(); _impersonationContext.Dispose(); _disposed = true; } else throw new ObjectDisposedException("ProcessIdentityScope"); } #endregion }和我使用它像这样:
using(ProcessIdentityScope identityScope = new ProcessIdentityScope()) { // Any code in here runs under the Process Identity. }这code基于此MSDN文章:msdn.microsoft/en-us/library/ms998351.aspx
This code is based on this MSDN article: msdn.microsoft/en-us/library/ms998351.aspx
更多推荐
如何与QUOT;未冒充" Kerberos中(联合国代表?)
发布评论