My colleague has been working on a web part in an FBA environment. Among other things, the web part pulls some data from SQL server. The grand plan for this project dictates that a DBA configures data level security in SQL (għall-kuntrarju inkorporazzjoni ID utent query SQL jew xi approċċ ieħor).
The problem is that SQL server doesn’t know anything about our FBA environment so it can’t trust us. We solved this problem by, għal nuqqas ta 'kelma aħjar, manually impersonating an AD user so that we could connect to SQL such that SQL data level security works.
Anki jekk FBA hija karatteristika ASP.NET, aħna nies Nazzjon SharePoint jkunu mgħallma l-search engines varji li jekk int mistoqsi għal FBA, you must mean you want know how to configure FBA in SharePoint. I failed to find find any information on how to enable an FBA oriented ASP.NET application to communicate with SQL in the way we needed.
Fil-kors ta 'riċerka dan, aħna jerġa 'jaqra dan l-artikolu: ASP.NET Impersonizzazzjoni
Aktar riċerka wassal lilna biex dan l-artikolu codproject: http://www.codeproject.com/KB/cs/cpimpersonation1.aspx
Li għen lilna jikteb il-kodiċi tagħna, which I’ve included below. It’s not the most elegant stuff, but it worked. I hope you find it helpful.
Hawn il-kodiċi li ħadmu għalina:
protetti null btnSearchCarrier_Click(mittent oġġett, EventArgs e) { jippruvaw { U = ImpersonateUser ġdid ImpersonateUser(); // ALL: Ibdel kredenzjali ("DomainName", "UserName", "Password"); // KODIĊI // iU.Undo(); } qabda (Eċċezzjoni ex) { } } // Bl-użu Impersonizzazzjoni klassi kif imsemmi hawn taħt. pubbliku klassi ImpersonateUser { [DllImport("advapi32.dll", SetLastError = vera)] pubbliku statiku esternament bool LogonUser( LpszUsername String, String lpszDomain, String lpszPassword, dwLogonType int, int dwLogonProvider, ref IntPtr phToken); [DllImport("kernel32.dll", Charset = CharSet.Auto)] privat esternament statiku bool CloseHandle(IntPtr manku); privat statiku IntPtr tokenHandle = ġdid IntPtr(0); privat statiku WindowsImpersonationContext impersonatedUser; // Jekk jinkorpora dan il-kodiċi fis DLL, kun żgur li titlob li // runs bil FullTrust. [PermissionSetAttribute(SecurityAction.Demand, Isem = "FullTrust")] pubbliku null impersonate(string DomainName, Username string, password string) { jippruvaw { // Uża l-funzjoni LogonUser ġestjonati biex jiksbu l-token utent għal // l-utent speċifikat, dominju, u password. const int LOGON32_PROVIDER_DEFAULT = 0; // Tgħaddi dan il-parametru tikkawża LogonUser li jinħoloq token primarja. const int LOGON32_LOGON_INTERACTIVE = 2; tokenHandle = IntPtr.Zero; // Pass -1 Sejħa LogonUser tikseb manku għal token aċċess. bool returnValue = LogonUser( Username, isem tad-dominju, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, Proprjetà tokenHandle); // tokenHandle - token tas-sigurtà ġdid jekk (falza == returnValue) { int ret = Marshal.GetLastWin32Error(); WriteLine("LogonUser call failed with error code : " + dritt); tarmi System.ComponentModel ġdida.Win32Exception(dritt); } // Pass - 2 WindowsIdentity newId = ġdid WindowsIdentity(tokenHandle); // Pass -3 impersonatedUser = newId.Impersonate(); } qabda (Eċċezzjoni ex) { WriteLine("Exception occurred. " + ex.Message); } } /// <sommarju> /// Waqfiet Impersonizzazzjoni /// </sommarju> pubbliku null jħoll() { impersonatedUser.Undo(); // Ħielsa l tokens. jekk (tokenHandle != IntPtr.Zero) CloseHandle(tokenHandle); } }
</aħħar>
David Kmieni