Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
374 views
in Technique[技术] by (71.8m points)

c# - ASP.NET Impersonate in .NETFramework 2 VS .NETFrameWork 4

We have an ASP.NET Site in .NetFramework 2 (with App Pool 2 Classic in IIS 7.5), We use mixed Authentication with Basic Authenticate and Form Authenticate.

The Configuration in IIS is:

enter image description here

And have specific user in Anonymous Authentication named: Guest.

When The user Login with another username like Admin we use impersonate:

string Token = GetSpecificTokenOfCurrentUser();
System.Security.Principal.WindowsIdentity WinUser = (WindowsIdentity) HttpContext.Current.Application["User_"+Token];
WinUser.Impersonate();

So every thing is perfect until we upgrade website to .NetFramework 4 and add a lot of features in .NET 4 to website, and we figured we have a new Problem.

The problem is the user login with Admin And open some pages (3-4) all together in same time, like quickly opened in new tab, the User Not impersonated in some cases. Like the first page impersonated correctly to Admin but another pages not impersonated and still have Guest User.

This is so weird, we don't have any changes in Authentication Part. the changes is we upgrade to .NetFrameWork 4 and App Pool is .NetFrameWork 4 - Classic.

We have a test in .Net 2 Version Of Website. every thing is OK, but we change the App Pool to .NetFrameWork 4 and the problem was shown.

So The question is what changes happened in .NetFramework 4 App Pool to Impersonate?

Is there any thing we missed? any suggestion?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I found Some points:

1- The Multi-Request behaves like Parallel processing, and as you know in classic mode we have some limitations with parallelism.

2- In Integrated mode we have some limitations in Impersonate Enable. The default behavior of Enable Impersonate is 500.24 Error: Internal Server Error An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode" if we want enable impersonate we need to add <validation validateIntegratedModeConfiguration="false"/> to <system.webServer> in web.config, So we don't get the error, but steel we have another limitation. The impersonate commands not worked in Begin_RequestAnd in AuthenticateRequest Methods, anything else worked perfectly.

The Breaking Changes for ASP.NET 2.0 applications running in Integrated mode on IIS 7.0 is very good article in this case.

So the solution is

Move to Integrated mode (Need Add tag) And Use Impersonate in any other methods instead of Begin_Request or AuthenticateRequest.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...