Announcement Announcement Module
No announcement yet.
Confirm "impersonation" in Acegi Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Confirm "impersonation" in Acegi

    I'm new to Acegi and I need a firm answer to a simple question that I haven't yet been able to answer using the available docs and tutorials. Can Acegi do something like Windows' user impersonation?

    Assume I'm running code in a web server on behalf of someone who has been properly authenticated against some set of users in an Enterprise, which implies a large managed structure of users and roles in something like Active Directory. When the web server makes a request of an operating system or database, are the credentials of the web server, or of the authenticated user presented with the request?

    For example, suppose the web server is running under the id "webserver" and the remote, authenticated user is "jimbob". When the web server opens "c:\somedir\somefile" for reading, does the operating system weigh that request based on the rights associated with "webserver" or with "jimbob"?

  • #2
    It will use userid "webserver".

    Acegi Security does not switch operating system userid to the application-level logged in user. If you know of a Java-specific way to handle this (which does not cause application server issues), it wouldn't be hard to add this into an AuthenticationManager implementation.