Under which credentials COM makes calls from another process?

Discussion in 'Server Security' started by Antonio, Jul 7, 2004.

  1. Antonio

    Antonio Guest

    Hello everybody,

    We are trying to access some objects hosted by our service application from
    ASP (IIS). Is it possible somehow to execute all the methods under specific
    user account? NOTE: We can not put impersonation code into each method, we
    want to be able to impersonate once in ASP, call required methods on
    required objects and then revert if needed. How can this be implemented?

    In our service application we also have access to objects that represent
    clients connections authenticated via SSPI. Those objects have methods
    Impersonate() and Revert() (accessible from ASP) which impersonate current
    thread with the credentials of particular authenticated client and revert
    this impersonation appropriately. Can we use these methods somehow for
    described above scenario? It seems that when we just call Impersonate() we
    impersonate a thread inside our application's process but we can not be sure
    that the next call will be executed in exactly the same thread. Therefore we
    see that sometimes following calls are executed under SYSTEM account and
    sometimes under authenticated one.

    A relative question: when COM marshals call from one process to another,
    does it also save somehow information under whose credentials this call was
    made? Can we for example impersonate thread inside ASP and make a COM call
    from it?

    Thanks in advance,
    Antonio, Jul 7, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.