Hey! Thanks for the quick answer!
I think i was too rude ... i'm sorry for that.
I guess I dont understand the whole impersonation in your program. Can you please give me a overview of the steps with the according permissions/user used? or correct the following please ...
Starting from the point of calling slickticket as a new user, that has a valid account in the AD i understand the user impersonation, as you intendet it to work, as follows (sql server local)
- Call as User to the page
- IIS does Windows Integrated authentication (as set in web.config:
- IIS verifies Token (After the "Negotiate" Protocoll there is only a Kerberos Ticket i guess) since Windows INtegrated authentication does not send the password
- IIS starts aps.net and runs the page as the NetworkService (default)
- on profile.aspx (profile.aspx.cs) the user logged in through windows authentication is beeing impersonated by HostingEnvironment.Impersonate()
- The call to the database runs with the users credentials (again: sql LOCAL. On network there is the trust delegation problem with double hop to solve)
- The phone number is being retrieved
- The impersonation is being ended and the rest of the script runs as network service.
Wouldn't it be nice if there is no phone number stored in the mssql database?
I had this at first, but people sometimes wanted to be contacted at different numbers that the ones in their AD - you could easily change this if you want.
Ok, thats a point. But i personally dont like many different informations on the same topic and i have many colleges in other companies that do also think that way. but you are right. this seems to be a simple topic to change...
I am currently evaluation software like yours. currently yours is the most appropriate for our goal but this would be a tiny problem. if we choose to use your software in production i would definitly like to change that... since its a feature gain
for your software and does not destroy currently working versions (storing the sid for future accounts only) i am willing to give it to you if you are interested.