473,320 Members | 2,146 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Impersonation

My goal is to upload/download files to a shared folder. I have been granted
a "generic" account to be used for this purpose. I have designed a page
which will do this download. My quandry is when the user access the page, I
retrieve their "User.Identity" and log activity to that user on this screen
to the Database. If I used impersonation in web config file, then I really
loose the true user's identify and can not really log there usage into the
system because the "generic" id is substituted.

I have been reading that I can use Impersonation via code for a portion of
the page. This looks like a solution to my problem but I seem to be limited
to the account that is actually using the application. Is there a way for me
to create a WindowsIdentity object with my generic account? Do you have an
example?
Nov 19 '05 #1
4 2384
Here's what you need:

using System;
using System.Security.Principal;
using System.Security.Permissions;
using System.Runtime.InteropServices;
using System.Threading;

namespace Impersonate
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

// constants used by LogonUser() method
private const int LOGON32_LOGON_NETWORK = 3;
private const int LOGON32_PROVIDER_DEFAULT = 0;

private WindowsImpersonationContext wic = null;
private WindowsIdentity currentIdentity = null;

public ImpersonateUser(string login, string password, string domain)
{
// Get current Identity
currentIdentity = WindowsIdentity.GetCurrent();
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
}

public void Undo()
{
// Impersonate back to original identity
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
}

}

}
"Jim Heavey" wrote:
My goal is to upload/download files to a shared folder. I have been granted
a "generic" account to be used for this purpose. I have designed a page
which will do this download. My quandry is when the user access the page, I
retrieve their "User.Identity" and log activity to that user on this screen
to the Database. If I used impersonation in web config file, then I really
loose the true user's identify and can not really log there usage into the
system because the "generic" id is substituted.

I have been reading that I can use Impersonation via code for a portion of
the page. This looks like a solution to my problem but I seem to be limited
to the account that is actually using the application. Is there a way for me
to create a WindowsIdentity object with my generic account? Do you have an
example?

Nov 19 '05 #2
Did I not read that this will only work on Windows XP and will not work on
Windows 2000?....
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassIm personateTopic.htm

"Kevin Schlegelmilch" wrote:
Here's what you need:

using System;
using System.Security.Principal;
using System.Security.Permissions;
using System.Runtime.InteropServices;
using System.Threading;

namespace Impersonate
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

// constants used by LogonUser() method
private const int LOGON32_LOGON_NETWORK = 3;
private const int LOGON32_PROVIDER_DEFAULT = 0;

private WindowsImpersonationContext wic = null;
private WindowsIdentity currentIdentity = null;

public ImpersonateUser(string login, string password, string domain)
{
// Get current Identity
currentIdentity = WindowsIdentity.GetCurrent();
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
}

public void Undo()
{
// Impersonate back to original identity
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
}

}

}
"Jim Heavey" wrote:
My goal is to upload/download files to a shared folder. I have been granted
a "generic" account to be used for this purpose. I have designed a page
which will do this download. My quandry is when the user access the page, I
retrieve their "User.Identity" and log activity to that user on this screen
to the Database. If I used impersonation in web config file, then I really
loose the true user's identify and can not really log there usage into the
system because the "generic" id is substituted.

I have been reading that I can use Impersonation via code for a portion of
the page. This looks like a solution to my problem but I seem to be limited
to the account that is actually using the application. Is there a way for me
to create a WindowsIdentity object with my generic account? Do you have an
example?

Nov 19 '05 #3
I've run it on Windows 2000 and Windows 2003 and both worked for me ...

"Jim Heavey" wrote:
Did I not read that this will only work on Windows XP and will not work on
Windows 2000?....
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassIm personateTopic.htm

"Kevin Schlegelmilch" wrote:
Here's what you need:

using System;
using System.Security.Principal;
using System.Security.Permissions;
using System.Runtime.InteropServices;
using System.Threading;

namespace Impersonate
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

// constants used by LogonUser() method
private const int LOGON32_LOGON_NETWORK = 3;
private const int LOGON32_PROVIDER_DEFAULT = 0;

private WindowsImpersonationContext wic = null;
private WindowsIdentity currentIdentity = null;

public ImpersonateUser(string login, string password, string domain)
{
// Get current Identity
currentIdentity = WindowsIdentity.GetCurrent();
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
}

public void Undo()
{
// Impersonate back to original identity
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
}

}

}
"Jim Heavey" wrote:
My goal is to upload/download files to a shared folder. I have been granted
a "generic" account to be used for this purpose. I have designed a page
which will do this download. My quandry is when the user access the page, I
retrieve their "User.Identity" and log activity to that user on this screen
to the Database. If I used impersonation in web config file, then I really
loose the true user's identify and can not really log there usage into the
system because the "generic" id is substituted.

I have been reading that I can use Impersonation via code for a portion of
the page. This looks like a solution to my problem but I seem to be limited
to the account that is actually using the application. Is there a way for me
to create a WindowsIdentity object with my generic account? Do you have an
example?

Nov 19 '05 #4
On Thu, 22 Sep 2005 08:06:04 -0700, "Jim Heavey" <Ji*******@discussions.microsoft.com> wrote:

¤ My goal is to upload/download files to a shared folder. I have been granted
¤ a "generic" account to be used for this purpose. I have designed a page
¤ which will do this download. My quandry is when the user access the page, I
¤ retrieve their "User.Identity" and log activity to that user on this screen
¤ to the Database. If I used impersonation in web config file, then I really
¤ loose the true user's identify and can not really log there usage into the
¤ system because the "generic" id is substituted.
¤

Actually, it's just the opposite. If you implement impersonation the thread operates under the
credentials of the authenticated user (via NTLM), not ASPNET (or NetworkService).
Paul
~~~~
Microsoft MVP (Visual Basic)
Nov 19 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Ripa Horatiu | last post by:
Does anyone knows how can I impersonate to another user (basically Administrator) for a piece of my code? I've tried the samples provided by MS but they didn't worked. -- Horatiu Ripa
12
by: Anil Krishnamurthy | last post by:
We have an ASP.NET application that uses COM objects through Interop. The web application requires access to network and database resources and hence, needs to impersonate a domain account. The...
1
by: techfuzz | last post by:
I'm posting my problem experience and solution I found here for other ASP.NET developers. I have a web application that uses Forms Authentication with Active Directory to control access. In...
12
by: Anil Krishnamurthy | last post by:
We have an ASP.NET application that uses COM objects through Interop. The web application requires access to network and database resources and hence, needs to impersonate a domain account. The...
5
by: =?Utf-8?B?S2l0dHlIYXdr?= | last post by:
I am in the process of migrating an II6 environment from a single server to a network load balanced system. Thus, I am using a virtual directory on a UNC share to house the dynamic data that the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.