2

I am trying to call an old VB6 dll (no source code available) from an ASP.NET project. The dll connects to a server using windows authentication, so I need to call functions as a specific user, not NETWORKSERVICE as it is now.

This would preferably be determined at call time, not load time because I am impersonating the remote user and would like for this to be the user calling the functions, not the application user and not NETWORKSERVICE as it is now.

So, theres the browser running as USER, connecting to the application impersonating USER, calling the dll as USER, but the dll is trying to connect to a remote server as NETWORKSERVICE, not USER.

Is it possible to make this dll connect to the remote server as USER? Or, if nothing else, connect as the application user?

Edit:
Impersonation is done in code by calling Impersonate() on the remote user's WindowsIdentity. The company I work for has a custom SecurityPrincipal and SecurityIdentity so it's kind of weird how I have to go about getting the WindowsIdentity (it's a little more in depth than User.Identity), but I have used this method before successfully and have verified that System.Security.Principal.WindowsIdentity.GetCurrent().Name is the correct user during the impersonation.

Chad Schouggins
  • 3,440
  • 2
  • 23
  • 29
  • @rkosegi Read the whole post, I am impersonating. – Chad Schouggins Jun 11 '12 at 20:40
  • If everything is in-process between the application and the DLL, but the DLL is still using another credentials, it probably means the issue is in the DLL code. – Simon Mourier Jun 14 '12 at 10:38
  • It might be helpful to post some code on exactly **how** you are impersonating. ASP.NET's application pools run under NETWORK SERVICE by default and unless you are properly switching user contexts, it will continue to use this user to access network resources. – Sumo Jun 20 '12 at 03:51

2 Answers2

1

I would first try to find out how the DLL is connecting as a different user (Process Explorer can help with this). Is it possible that the DLL is communicating with a service (or some other process) which is running on the box which is logged in as NETWORKSERVICE? If so, you can change that service to run as a different user. Just grasping at straws, hope you figure it out!

Community
  • 1
  • 1
paquetp
  • 1,639
  • 11
  • 19
0

I did eventually find the problem (which just lead to other problems, but anyway) it turned out to be I was missing an AspCompat="true" on my page. Actually the problem was that I was using a "Handler" and not a "Page". Handlers do not have the STA abilities that Pages have. What was happening was every time I tried to access the COM component, there would be a thread switch (impersonation lost) since the application is running in an MTA and the COM component must run in an STA.

Chad Schouggins
  • 3,440
  • 2
  • 23
  • 29