0

I have a small web server running ASP.NET MVC on it. The Server is running with User "abc" but the User "abc" do not have rights for "changes" in ActiveDirectory.

So I have to pass the user login in the PrincipalContext with.

using (PrincipalContext context = new PrincipalContext(ContextType.Domain, null, user, password))
{

    GroupPrincipal theGroup = GroupPrincipal.FindByIdentity(context, groupId);

    theGroup.Members.Add(context, IdentityType.SamAccountName, userId);

    theGroup.Save();

}

the Code does work. But I do not like to transfair a Password from Methode to Methode... => on MVC I have a SSO and the Server knows me

System.Web.HttpContext.Current.User.Identity

It is possible to Use this Information?

new PrincipalContext(ContextType.Domain, null, [System.Web.HttpContext.Current.User]) ???

Or MUST I give the password. And how to best pass from view to this method.

thanks

beari7
  • 105
  • 2
  • 15

1 Answers1

1

This is called "impersonation". As long as you are using Windows authentication, you can do it with the WindowsIdentity.Impersonate() method:

using (var ctx = ((WindowsIdentity) HttpContext.Current.User.Identity).Impersonate()) {
    // Anything done here will use the user's credentials
    using (var context = new PrincipalContext(ContextType.Domain)) {
        ...
    }
}
Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • this solution does not Work with PrincipalContext!? I think I'm doing something wrong. if I hand over the password directly, its possible to add users... the callback with WindowsIdentity is: "Access is denied" – beari7 Nov 23 '18 at 10:06
  • You are creating the `PrincipalContext` inside the `using`? – Gabriel Luci Nov 23 '18 at 11:45
  • And you removed the `user, password` from the `PrincipalContext` constructor? – Gabriel Luci Nov 23 '18 at 12:46