"kedar" <kedarnag@hotmail.com> wrote in message
news:ec3MxsU9HHA.4752@TK2MSFTNGP04.phx.gbl...
> Hi,
>
> I have a asp.net application, which control virtual directory, we want any
> user to access and we do not want to use windows authentication(we do not
> want windows authentication dialog) or forms authentication(as we do not
> want any login page). However we want to impersonate the user.
>
> Could anyone tell how to achieve this.
>
> thanks,
> Kedar.
>

> How would you know who the user is to impersonate if you did not
> authenticate them somehow?
>
> Joe K.
>

> as Joe says - you need to auth the user to impersonate him.
>
> Depending on browser settings and other factors you can do that using
> windows authentication (without showing the logon dialog box).
>
> what's your scenario?
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications
> (http://www.microsoft.com/mspress/books/9989.asp)
>
>> How would you know who the user is to impersonate if you did not
>> authenticate them somehow?
>>
>> Joe K.
>>
>
>

> Dominick,
>
> We want to overcome the window authentication dialog, what you said
> make me feel something intresting. Could you tell me the browser
> setting and other factors that I need consider for windows
> authentication not to come up.
>
> thanks,
> Kedar.
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
> in message news:8e6a913a15f238c9c376e9660580@news.microsoft.com...
>
>> as Joe says - you need to auth the user to impersonate him.
>>
>> Depending on browser settings and other factors you can do that using
>> windows authentication (without showing the logon dialog box).
>>
>> what's your scenario?
>>
>> -----
>> Dominick Baier (http://www.leastprivilege.com)
>> Developing More Secure Microsoft ASP.NET 2.0 Applications
>> (http://www.microsoft.com/mspress/books/9989.asp)
>>
>>> How would you know who the user is to impersonate if you did not
>>> authenticate them somehow?
>>>
>>> Joe K.
>>>