Mixing
![How test parent protected method calling [SOLVED]](https://lh5.googleusercontent.com/-RTxv-W8D5Ts/AAAAAAAAAAI/AAAAAAAAE5k/WSJ_k4GZ6M0/s72-c/photo.jpg?sz=32)
Passing IIS Basic Authentication to SQL Server in .NET Core 2.1
A little background for this question:
I've got an ASP.NET Intranet application that accesses sensitive data in an MS SQL Server database. Because of the nature of the data, the database table itself is locked down to only select users. We're using Basic Authentication in IIS and impersonation in order to use integrated security when accessing the data.
All of that works fine, but we're now in the process of converting our Intranet site to .NET Core. I understand that impersonation of the sort we're using isn't directly supported in Core, but are there any options or workarounds available that would make this work?
sql-server iis asp.net-core basic-authentication asked Nov 20 '18 at 14:32
JeffJeff
32
add a comment |
A little background for this question:
I've got an ASP.NET Intranet application that accesses sensitive data in an MS SQL Server database. Because of the nature of the data, the database table itself is locked down to only select users. We're using Basic Authentication in IIS and impersonation in order to use integrated security when accessing the data.
All of that works fine, but we're now in the process of converting our Intranet site to .NET Core. I understand that impersonation of the sort we're using isn't directly supported in Core, but are there any options or workarounds available that would make this work?
sql-server iis asp.net-core basic-authentication asked Nov 20 '18 at 14:32
JeffJeff
32
add a comment |
A little background for this question:
I've got an ASP.NET Intranet application that accesses sensitive data in an MS SQL Server database. Because of the nature of the data, the database table itself is locked down to only select users. We're using Basic Authentication in IIS and impersonation in order to use integrated security when accessing the data.
All of that works fine, but we're now in the process of converting our Intranet site to .NET Core. I understand that impersonation of the sort we're using isn't directly supported in Core, but are there any options or workarounds available that would make this work?
sql-server iis asp.net-core basic-authentication asked Nov 20 '18 at 14:32
JeffJeff
32
A little background for this question:
I've got an ASP.NET Intranet application that accesses sensitive data in an MS SQL Server database. Because of the nature of the data, the database table itself is locked down to only select users. We're using Basic Authentication in IIS and impersonation in order to use integrated security when accessing the data.
All of that works fine, but we're now in the process of converting our Intranet site to .NET Core. I understand that impersonation of the sort we're using isn't directly supported in Core, but are there any options or workarounds available that would make this work?
sql-server iis asp.net-core basic-authentication sql-server iis asp.net-core basic-authentication asked Nov 20 '18 at 14:32
JeffJeff
32
asked Nov 20 '18 at 14:32
JeffJeff
32
asked Nov 20 '18 at 14:32
JeffJeff
32
asked Nov 20 '18 at 14:32
JeffJeff
32
asked Nov 20 '18 at 14:32
JeffJeff
32
32
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
There are two options for you:
Try
WindowsIdentity.RunImpersonatedwhich will use the current user identity to login to sql server.
public IActionResult About()
{
IList<Blog> blogs = new List<Blog>();
var user = (WindowsIdentity)User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
var impersonatedUser = WindowsIdentity.GetCurrent();
blogs = _context.Blogs.ToList();
});
return Ok(blogs);
//_context
//ViewData["Message"] = "Your application description page.";
//return View();
}
You could run the .net core project under the user account in iis which has permission to access sql server, then check the user identity to see whether he has permission to access the sql server dynamically before he access the controller which will call db action method.
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53395286%2fpassing-iis-basic-authentication-to-sql-server-in-net-core-2-1%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
There are two options for you:
Try
WindowsIdentity.RunImpersonatedwhich will use the current user identity to login to sql server.
public IActionResult About()
{
IList<Blog> blogs = new List<Blog>();
var user = (WindowsIdentity)User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
var impersonatedUser = WindowsIdentity.GetCurrent();
blogs = _context.Blogs.ToList();
});
return Ok(blogs);
//_context
//ViewData["Message"] = "Your application description page.";
//return View();
}
You could run the .net core project under the user account in iis which has permission to access sql server, then check the user identity to see whether he has permission to access the sql server dynamically before he access the controller which will call db action method.
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
add a comment |
There are two options for you:
Try
WindowsIdentity.RunImpersonatedwhich will use the current user identity to login to sql server.
public IActionResult About()
{
IList<Blog> blogs = new List<Blog>();
var user = (WindowsIdentity)User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
var impersonatedUser = WindowsIdentity.GetCurrent();
blogs = _context.Blogs.ToList();
});
return Ok(blogs);
//_context
//ViewData["Message"] = "Your application description page.";
//return View();
}
You could run the .net core project under the user account in iis which has permission to access sql server, then check the user identity to see whether he has permission to access the sql server dynamically before he access the controller which will call db action method.
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
add a comment |
There are two options for you:
Try
WindowsIdentity.RunImpersonatedwhich will use the current user identity to login to sql server.
public IActionResult About()
{
IList<Blog> blogs = new List<Blog>();
var user = (WindowsIdentity)User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
var impersonatedUser = WindowsIdentity.GetCurrent();
blogs = _context.Blogs.ToList();
});
return Ok(blogs);
//_context
//ViewData["Message"] = "Your application description page.";
//return View();
}
You could run the .net core project under the user account in iis which has permission to access sql server, then check the user identity to see whether he has permission to access the sql server dynamically before he access the controller which will call db action method.
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
There are two options for you:
Try
WindowsIdentity.RunImpersonatedwhich will use the current user identity to login to sql server.
public IActionResult About()
{
IList<Blog> blogs = new List<Blog>();
var user = (WindowsIdentity)User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
var impersonatedUser = WindowsIdentity.GetCurrent();
blogs = _context.Blogs.ToList();
});
return Ok(blogs);
//_context
//ViewData["Message"] = "Your application description page.";
//return View();
}
You could run the .net core project under the user account in iis which has permission to access sql server, then check the user identity to see whether he has permission to access the sql server dynamically before he access the controller which will call db action method.
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
answered Nov 21 '18 at 7:28
Tao ZhouTao Zhou
5,66631229
5,66631229
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
add a comment |
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
The first option was unfortunately not an option owing to how we have authentication set up for the site as a whole, but the second option is a good workaround to bypass the issue entirely. Thanks.
– Jeff
Nov 27 '18 at 17:17
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53395286%2fpassing-iis-basic-authentication-to-sql-server-in-net-core-2-1%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
