I have an HTTPModule which authenticates a user against AD based on a cookie token and sets the HttpContext.User property to a WindowsIdentity created from a token generated by the logonuser WIN32 function.
This allows me to simulate Windows authentication through a forms based credentials process. This is used on a ASP.Net app and a SharePoint site.
The issue I have is this code executes fine if the pool account is in the local admin group. Otherwise it throws the following exception.
SecurityModule.FBAToNTIntegratedModule [(null)] - Authentication Request
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Web.Hosting.IIS7WorkerRequest.SetPrincipal(IPrincipal user, IntPtr pManagedPrincipal)
at System.Web.HttpContext.SetPrincipalNoDemand(IPrincipal principal, Boolean needToSetNativePrincipal)
at System.Web.HttpContext.set_User(IPrincipal value)
at SecurityModule.FBAToNTIntegratedModule.context_AuthenticateRequest(Object sender, EventArgs e) in
I do not want to add the pool account to the admin group but I can give it additional privileges to make this work. Is it possible to configure this account so this process will work? What privileges does the account need?
View Complete Post