How can I trigger an MVC action through WebRequest and validate the request through Active Directory?

I know that the name is a sip. I already have most of the things. I just need confirmation if I can do what I'm trying.

I am using ASP.NET MVC 3. I have one application that has a controller that I use as a web service. There is a single method on the controller and it returns a string which is json. This method authenticates the user against the active directory.

An application that runs WebRequest to the above is also an MVC application. This application (to query AD without a specific username and password) uses the impersonation in web.config. The application personifies an account that has permission to request AD; however, the user information on the page (for example, which groups they have) is what I check.

In short (and I don’t quite understand this part), the impersonation is strictly so that ASP.NET can query Active Directory. The users who load the page are still considered themselves when I request the active directory for their information.

The AD code is as follows (this code works):

   public static ADUserInfo GetUserInfo(IPrincipal User)
    {
        StringBuilder userAdInfo = new StringBuilder();
        ADUserInfo userInfo = new ADUserInfo();
        String domain = ConfigurationManager.AppSettings["ADdomain"];

        try
        {
            using (var context = new PrincipalContext(ContextType.Domain, domain))
            {
                if (User == null)
                    userAdInfo.AppendLine("User is null.");
                else if (User.Identity == null)
                    userAdInfo.AppendLine(" User is not null. User.Identitiy is.");
                else
                    userAdInfo.AppendLine(" Neither User nor User.Identity is null. " +
                        User.Identity.Name);

                using (var user = UserPrincipal.FindByIdentity(context, User.Identity.Name))
                {
                    userInfo.FullName = user.Name;
                    userInfo.Email = user.EmailAddress;
                    userInfo.AssociateId = user.EmployeeId;
                    userInfo.DomainName = User.Identity.Name;
                    userInfo.SamAccountName = user.SamAccountName;
                    userInfo.DistinguishedUserName = user.DistinguishedName;
               }
            }
        }
        catch (Exception e)
        {
            LogUtil.WriteException(e);
        }
        return userInfo;
    }

The IIS site for this application does not allow anonymous access.

, AD, . , WebRequest JSON.

WebRequest :

    public class WebRequestUtil
    {
        public static StreamReader GetWebRequestStream(
             string url,
             string contentType,
             bool useDefaultCredentials)
        {
            var request = WebRequest.Create(url);
            request.ContentType = contentType;
            request.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
            //request.UseDefaultCredentials = useDefaultCredentials;
            //ICredentials ic = new NetworkCredential();

            //request.Credentials = 
            var response = (HttpWebResponse)request.GetResponse();
            return new StreamReader(response.GetResponseStream());
        }
    }

ImpersonationLevel... ....

MVC 3, WebRequest, :

public class ProxyServiceController : Controller
    {

        public ProxyServiceController()
        {

        }

       public string CheckForProxy(string applicationName, string associateId)
        {
            RequestResultDetails requestDetails = new RequestResultDetails();
            string json = string.Empty;

            //This correctly gets the Active directory information for the user
            //and fills out a custom ADUserInfo object.
            **ADUserInfo adUserInfo = ADService.GetUserInfo(this.User);**

            try
            {

                if (!ADService.DoesUrlDataMatchAD(
                                adUserInfo,
                                associateId)
                    )
                {
                    throw new Exception(StaticText.UserDataMismatch);
                }

                resultList = //query db for data given the associateId

                if (resultList.ListIsNotNullOrEmpty())
                {
                    requestDetails.RelationshipExists = true;
                }
                else
                {
                    requestDetails.RelationshipExists = false;
                }

                requestDetails.Details = resultList;

            }
            catch (Exception e)
            {
                LogUtil.WriteException(e);
                requestDetails.ErrorProcessingRequest = true;
                requestDetails.ErrorDetails = ErrorProcessing.GetFullExceptionDetails(e);
            }

            json = JsonConvert.SerializeObject(requestDetails);

            LogUtil.Write("json: " + json);

            return json;

        }
}       

, , MVC 3 Controller/Action URL-, :

Http://: 90/MyApp/Service.aspx/CheckForProxy//555

JSON . , WebRequest URL- , , Active Directory , . - , , , Active Directory .

, , , , . , mvc , WebRequest (, , ), , ?

.

PER jmrnet COMMENT

, . , -, -:

  public static StreamReader GetWebRequestStream(
         string url,
         string contentType,
         bool useDefaultCredentials,
         IPrincipal user)
    {

        var impersonationContext = ((WindowsIdentity)user.Identity).Impersonate();            
        var request = WebRequest.Create(url);

        try
        {
            request.ContentType = contentType;
            request.AuthenticationLevel = System.Net.Security.AuthenticationLevel.MutualAuthRequested;
            request.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
            var response = (HttpWebResponse)request.GetResponse();
            return new StreamReader(response.GetResponseStream());
        }
        catch (Exception e)
        {
            impersonationContext.Undo();
            throw e;
        }

    }

.