Hi everybody,

I'm developing an ASP.NET application which calls business components in a
remote server located at the DMZ (this is, a non domain member server). The
problem I'm facing is that because the server is not a domain member, it is
not able to access the active directory in order to authenticate the
impersonated user. Does anybody know another approach to do impersonation in
a non domain member server?

Thank in advance for your help!!!

Johann Granados
Costa Rica, Central America

Hello,

when you are using System.DirectoryServices.DirectoryEntry, you can pass
along custom credentials in the constructor. No need for impersonation.

Best regards,
Henning Krause


"Johann Granados" <JohannGranados (AT) discussions (DOT) microsoft.com> wrote in
message news2195796-4F63-457F-8E84-9EC94335183B (AT) microsoft (DOT) com...

Hi Henning,

Thanks for your kind reply. I need to impersonate the user in order for it
to be able to access some resources on behalf the impersonated account. I
think using DirectoryServices is not a suitable case here (unless we
implement our own rights management system, or am I wrong?)

Best regards
--
Johann Granados

"Henning Krause [MVP - Exchange]" wrote:

Hi,

first of all you are not forced to use auto impersonation (in config) - you
can always manually impersonate before you are doing the resource access...

or

undo impersonation temporarily when talking to resources that are not "compatible"
with impersonation

sounds reasonable?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)