Making Windows Authentication and WKHTMLToPDF play nice
https://stackoverflow.com/questions/6341174
-
27-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
I'm faced with the task of generating a PDF from an HTML page on an ASP.NET website. (Something the users can save away/print nicely)
I've found that WKHTMLToPDF does the job very well having looked at this:
Calling wkhtmltopdf to generate PDF from HTML
However, I have a problem. Our website is an intranet site and uses Windows Authentication. I can pass in my credentials to WKHTMLToPDF using --username and --password and demonstrate to myself that the web page is generated as you would hope.
The problem is this: What to do for each different user that comes into our system? I can think of a number of possible solutions which may / may not work and I was hoping someone could give me some opinions/ guidance as I seem to have come to the end of my researches.
Possible solutions:
- Is there any way in ASP.NET that I can extract username and password from Users credentials for passing into WKHTMLToPDF? I suspect the answer to this is "no and for sensible reasons"
- Is it possible to run the Process and pass through the Users credentials? I can see it's possible to set Username / Password on process (though I don't know how I would pass this from the credentials since password seems not to be exposed). Perhaps there is another method for passing credentials directly to Process?
- I could create a separate PDFGenerator website which does not use windows authentication. I could then port out the HTML/CSS/images from the secured website to a shared directory and then redirect users to the PDFGenerator website to actually generate the PDF from the HTML without having to worry about authentication (and would clean up HTML etc after PDF generated).
I suspect that 3 is the solution that I will end up persuing but since that's essentially one big workaround to deal with the authentication issue I'm very open to better suggestions or help on 1 or 2!
Solução
You can set up impersonation in web.config:
http://msdn.microsoft.com/en-us/library/aa292118%28v=vs.71%29.aspx
This means anything that is executed is done as the user. This can cause problems though in certain scenarios. This means that the site is running with the user's credentials for that session rather than the identity of the app pool, and you'll have to jump through hoops to set up the web app to function properly and still be secure.
You should note that anything you run is going to take on the credentials of the app pool under most normal configurations. You can change the account for the app pool. This might allow you to keep things locked down by allowing access only from the user that is running the app pool.
Other alternatives might be to have another app aside from the main app that uses impersonation. This might be easier to manage than converting your entire app to use impersonation. (I don't have details of your project, so it is hard to make a concrete recommendation here.)
