.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WCF - SiteMinder Authentication + Impersonation

Posted By:      Posted Date: October 08, 2010    Points: 0   Category :ASP.Net

Hi Everyone,

I have a WCF service which provides some information based on the end-user's Windows Login ID.  The service exposes an end-point which uses Windows authentication.  Subsequently, instead of passing the UserID as a parameter to a operation contract, I can find out who invoked a service operation by looking at the context information as shown below:

WindowsIdentity id = ServiceSecurityContext.Current.WindowsIdentity;

This works fine for Windows Desktop Clients.  It also works well for ASP.NET Clients as long as the web app is configured for Windows Authentication AND Impersonation is turned ON.

However, some of the WCF's clients are ASP.NET apps which do NOT use Windows Integrated Authentication.  Instead, they use other mechanisms, such as SiteMinder.  In these cases, the above code would return the ID under which the web application runs (i.e. ASPNET user account).  Subsequently, I cannot get the actual end-user's windows ID.

Could you please provide some advice / guidance as to how to get the user ID.  In the ASP.NET app, I can get the userID from the SiteMinder request header ("SM_USER").  Is there a way to pass this information in a secure fashion (similar to how Windows Authentication works)?

Any advice is much

View Complete Post

More Related Resource Links

Active Directory user impersonation with forms authentication

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:<identity impersonate="true" /> but that doesn't seem to work. I also have the C# code using the WindowsImpersonationContext class, but still no luck. protected void titleTextBox_TextChanged(object sender, EventArgs e) { TextBox tb = (TextBox)sender; string fieldTitle = "job title"; string fieldName = "title"; if (userDirectoryEntry == null) CaptureUserIdentity(); try { WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate(); if (String.IsNullOrEmpty(tb.Text)) userDirectoryEntry.Properties[fieldName].Clear();

IIS 6 Windows Authentication + ASP.NET Impersonation when application resides on a UNC share

When the application resides on a local folder, the current user ((System.Threading.Thread.CurrentPrincipal.Identity.Name) is the windows authenticated user. OK. But..when the application resides on a UNC share, the current user is the windows user configured in IIS virtual directory to access the UNC share. This is not the desired behavior in my case, what I want is to have the same behavior as in the case where the application is in a local folder (current user matches the windows authenticated user)This is configurable in some way in IIS 6 or IIS 7?   thanks in advance,Alexander Wolff  

Sharepoint Authentication Impersonation


I am stumped on this one and really need a nudge in the right direction.


Scenario:  Currently have Sharepoint 2007 running using Windows Authentication to access any sites.  I have an application that will reside on client workstations (C# Windows Application) and i would like to grant them to a particular site automatically.  Essentially the application will spawn a form that opens the desired sharepoint site but uses predetermined credentials so they are not forced to login.

I have tried a few things trying to make impersonation work but this does not seem to do the trick as the second i access the sharepoint site up pops the windows authentication window.

Is it possible to gain access to Sharepoint (remotely and outside the sharepoint domain) in this way?  If it helps i am also stuck using .NET 2.0 for any applications that would be developed. 

WCF Authentication Problem with Impersonation



My current setup is as follows:

1 NLB Web Cluster pointing to 2 Windows Server 2008 R2 machines with IIS 7.5 both containing a single identical web site (let's call it Web Site A).

1 additional web machine (also Windows Server 2008 R2 with IIS 7.5) containing a different web site (Web Site B)

Web Site A uses ASP.NET Impersonation (i.e. <identity impersonate="true" />) and resides in a single app pool that runs as NETWORK SERVICE.

Web Site B uses ASP.NET Impersonation and resides in a single app pool that runs as NETWORK SERVICE.

Windows Authentication is setup on all sites.

Web Site B hosts a WCF service that is called by Web Site A. The WCF Service on Web Site B has the following configuration:

Web Site B has the following configuration:

   <binding name="webHttpBinding_WebServices">
    <security mode="TransportCredentialOnly">
     <transport clientCredentialType="Windows"/>
   <behavior name="WebSiteB.Web.WebService">

Explained: Forms Authentication in ASP.NET

This module explains how forms authentication works in ASP.NET version 2.0. It explains how IIS and ASP.NET authentication work together, and it explains the role and operation of the FormsAuthenticationModule class.

Using Forms Authentication in ASP.NET - Part 1

Classic ASP developers often had to "roll their own" authentication scheme, however, in ASP.NET much of the grunt work has been taken out. This article outlines how things have changed and how FormsAuthentication can be used to secure a Web site with a minimal amount of code.

ASP.NET Forms Authentication - Part 1

Often, in legacy Web applications, users authenticate themselves via a Web form. This Web form submits the user's credentials to business logic that determines their authorization level. Upon successful authentication, the application then submits a ticket in the form of a cookie, albeit a hard cookie or session variable. This ticket contains anything from just a valid session identification access token to customized personalization values.

ASP.NET forms authentication with roles

.A timeout is specified in minutes. This is "time since last request" not the "time since login". If a login is indicated to be persistent (described later) this is ignored.
.A protection method is specified for the cookie.
Next I wanted to specify a folder to which access is restricted to people who have logged in. To do this I entered the following code in the web.config file (beneath

Forms Authentication in ASP.NET

In this tutorial you will learn about Forms Authentication in ASP.NET 2.0 - Forms Authentication class, Cookie Domain, Forms Cookies, The Login Control, Signin, Signout, Authenticate, Redirect, Login Status, Login Name and Login View Controls.

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Problems with Forms Authentication in DD 4 site


Hello,  I am seeing a strange problem with Forms Authentication in my DD site.   A user logs into and can view/edit/delete data all day, but when they execute a Custom Filter against data (for example , a control DynamicData/Filters/CustomerLastNameSearch.ascx ) then the site auth fails, and redirects to the log in screen.

in web.config I have

     <authentication mode="Forms">
            <forms name=".Star" loginUrl="~/Login.aspx" protection="All" defaultUrl="~/Default.aspx" path="/" timeout="43200" cookieless="UseCookies" />     

Offhand, I am thinking two things : that DynamicData/Filters path requires some special handling for some reason, or the control extension ascx is causing auth to get confused.   Has anyone else experienced this or have any suggestions?  Thanks!

Wrong Account being used to access files - Help - No Impersonation


I run a simple .aspx website on a Windows Server 2008 machine.

There is NO impersonation, and System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\NETWORK SERVICE, which it the account which the application pool runs. In my web.config, I have <authentication mode="Forms">.


I tried to test the security of the application and server by removing file permissions to the .aspx files. I was greatly worried when the website continued to run without problem (it should not have been able to read the .aspx files).

By turning on file level auditing, I discovered that the .aspx files were being read by the machine$ account (if the machine is called Serv1, then the files would be read by the Serv1$ account, which seems to have access to all files on the local machine).


Is this a security breach or is this behaviour by design ?

Please can somebody assist, as I am worried.

Sharing authentication ticket between two applications


Hi all,

I have two web applications:

1. http://www.mysite.com - primary app running at the root of the web server

2. http://www.mysite.com/second_app - running in a virtual directory

At user authentication, I'm using FormsAuthenticationTicket to set up authentication cookies. Is it possible to share the same cookie for both the apps?

Any help would be much appreciated.

Many thanks!

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

How to authenticate local user usin ldap or non domain authentication



I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.. any how.... please help...

help needed: Ldap User authentication using userDN and password



Is it possible to authenticate a user using userDN and password? If so, then tell me the syntax.So far i have tried to authenticate using username and password from my c# code using directoryentry which takes the parameters like domainname,username and password. But i need to authenticate using Userdn and password.

helped needed: ASP LDAP authentication failed in IE 8


I use the following code to do the user authentication through Active Directory using LDAP.

entry = new DirectoryEntry("LDAP://" + server, user_name, password);
if (!string.IsNullOrEmpty(entry.Name))
EmployeeNetId = entry.Username.Substring(0, 3);

// Retrieve EmployeeId, and Employee Full Name
EmployeeId = -1;

It works for Chrome, Firefox with no problem. But with IE 8, it works sometimes, and failed on some computers. When it failed, I figured that I need to check SSL 2.0 in IE 8 Internet Options.  It's weird because in those computers that IE 8 works, SSL 2.0 is also unchecked.

Am I using some deprecated method? Or How do I specifiy the SSL version options in the LDAP connection?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend