I’m doing a SharePoint deployment right now, I’ve planned out the service accounts I’m going to use, handed off those requirements to the IT department, who responded back that, yep, they’d been done. Call me paranoid but I’m thinking “did all those accounts get created with all the right passwords and user names”, I’m also … Continue reading Ad-Hoc or Bulk Testing of Windows Login Credentials
How do you overcome the identity double hop problem? Windows credentials can only make one “hop” between machines on a network. The first hop is from the user’s browser to the web server; from here, to get to another machine on your network, a second hop is required. There are two ways to work around … Continue reading Sharepoint Single Sign-On, Impersonation and the Double-Hop Problem
In an effort to understand how you might exploit the SSO for your own custom development in Sharepoint (MOSS) I wrote a Web Part to enumerate SSO Applications and Credentials, as shown below. The code for the web part is quite simple, as is the SSO SDK itself (at least as an SSO consumer).
I required a C# class to enable ad-hoc user account impersonation for accessing resources both on the local machine and also on network machines, which I’ve reproduced here. Of note, if you require impersonation in order to access network resources, you would intuitively select the logon type of LOGON32_LOGON_NETWORK, this however doesn’t work, as according to … Continue reading .NET (C#) Impersonation with Network Credentials
When writing pages or web parts for Sharepoint (or indeed just ASP.NET) their are 3 security identity contexts to take into account. 1. Process/Thread Identity This is the identity returned by calling WindowsIdentity.GetCurrent(). If ASP.NET impersonation is not enabled the identity returned will be the process identity (that of the IIS Application Pool). If ASP.NET impersonation … Continue reading Sharepoint Identity Contexts