[Mono-list] Impersonating users with mod_mono
Joshua Tauberer
jit at occams.info
Sat Apr 19 07:32:08 EDT 2008
Johann MacDonagh wrote:
> I am developing an ASP.NET application running on OpenSUSE for a set
> of users. These users will have accounts on the OpenSUSE box. I was
> wondering if it was possible to set up Apache and my web.config file
> to prompt the user for their account information (using a HTTP 401
> request), and have the current apache thread impersonate and actually
> run as that user.
There's no way to do it through a simple configuration, as far as I
know. mod_mono passes off requests to the mod-mono-server process, so
the user switching would have to be done in mod-mono-server, not in
Apache. mod-mono-server runs as the apache (or equivalent) user, so the
password would have to be passed into mod-mono-server (I'm not sure if
that happens now with HTTP auth) and different privileges could I think
only be achieved by shelling 'su'.
--
- Josh Tauberer
http://razor.occams.info
"Yields falsehood when preceded by its quotation! Yields
falsehood when preceded by its quotation!" Achilles to
Tortoise (in "Godel, Escher, Bach" by Douglas Hofstadter)
More information about the Mono-list
mailing list