473,385 Members | 2,005 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Anonymous access + Windows Authentication

Hello,

I have a web app that uploads files to a file server (different box than the
web server). The application uses NT integrated authentication, but no users
should have permissions to the file server.

How can I use a fixed domain account to upload the files to the file server
while still preserving the users' Windows integrated authentication on the
web server?

Thank you,

Eric

Nov 19 '05 #1
11 1803
Eric wrote:
Hello,

I have a web app that uploads files to a file server (different box
than the web server). The application uses NT integrated
authentication, but no users should have permissions to the file
server.

How can I use a fixed domain account to upload the files to the file
server while still preserving the users' Windows integrated
authentication on the web server?


Use P/Invoke and code-level impersonation. Search the KB for "asp.net
impersonation".

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003


Nov 19 '05 #2
Here's how impersonate the webapp user

try
{
// Get current Identity
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
// Output Current Principal
output.Write("--- CurrentPrincipal ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Try impersonating the App Pool user
RevertToSelf();
// The next 3 steps are the important steps
WindowsIdentity wi = WindowsIdentity.GetCurrent();
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
WindowsImpersonationContext wic = wi.Impersonate();
// Output WindowsIdentity
output.Write("--- RevertToSelf() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Impersonate back to original identity
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
// Output WindowsIdentity
output.Write("--- Impersonate() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
}
catch (Exception ex)
{
// display diagnostic error information if exception occurs
output.Write("<div>");
output.Write("<b>Exception Type</b>: " + ex.GetType().ToString() + "<br>");
output.Write("<b>Exception Message</b>: " + ex.Message + "<br>" );
output.Write("<b>Stack Trace</b>:<br>" + ex.StackTrace.Replace("\n", "<br>"));
output.Write("</div>");
}

You can also use the LogonUser()

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);
/// <summary>
/// This will impersonate a user using the LogonUser() and return a handle
/// to the WindowsImpersonationContext
/// </summary>
/// <param name="login"></param>
/// <param name="password"></param>
/// <param name="domain"></param>
public WindowsImpersonationContext ImpersonateUser(string login, string
password, string domain)
{
// constants used by LogonUser() method
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_PROVIDER_DEFAULT = 0;
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
WindowsImpersonationContext wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
// return the WindowsImpersonationContext
return wic;
}
/// <summary>
/// Render this Web Part to the output parameter specified.
/// </summary>
/// <param name="output"> The HTML writer to write out to </param>
protected override void RenderWebPart(HtmlTextWriter output)
{
// start of try block
try
{
// Get current Identity
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
// Output Current Principal
output.Write("--- CurrentPrincipal ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Impersonate a user
WindowsImpersonationContext wic
= ImpersonateUser("username", "password", "domain");
// Output WindowsIdentity
output.Write("--- ImpersonateUser() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Undo the impersonation and set the CurrentPrincipal back
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
// Impersonate back to original identity
currentIdentity.Impersonate();
output.Write("--- Impersonate() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
}
catch (Exception ex)
{
// display diagnostic error information if exception occurs
output.Write("<div>");
output.Write("<b>Exception Type</b>: " + ex.GetType().ToString() + "<br>");
output.Write("<b>Exception Message</b>: " + ex.Message + "<br>" );
output.Write("<b>Stack Trace</b>:<br>" + ex.StackTrace.Replace("\n", "<br>"));
output.Write("</div>");
}
}

"Eric" wrote:
Hello,

I have a web app that uploads files to a file server (different box than the
web server). The application uses NT integrated authentication, but no users
should have permissions to the file server.

How can I use a fixed domain account to upload the files to the file server
while still preserving the users' Windows integrated authentication on the
web server?

Thank you,

Eric

Nov 19 '05 #3
Thank you for the reply, Kevin. LogonUser looks like what I'm looking for
(supplying my own username/password for the impersonation), but do you know
of a managed equivalent?

Thanks,

Eric
"Kevin Schlegelmilch" wrote:
Here's how impersonate the webapp user

try
{
// Get current Identity
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
// Output Current Principal
output.Write("--- CurrentPrincipal ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Try impersonating the App Pool user
RevertToSelf();
// The next 3 steps are the important steps
WindowsIdentity wi = WindowsIdentity.GetCurrent();
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
WindowsImpersonationContext wic = wi.Impersonate();
// Output WindowsIdentity
output.Write("--- RevertToSelf() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Impersonate back to original identity
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
// Output WindowsIdentity
output.Write("--- Impersonate() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
}
catch (Exception ex)
{
// display diagnostic error information if exception occurs
output.Write("<div>");
output.Write("<b>Exception Type</b>: " + ex.GetType().ToString() + "<br>");
output.Write("<b>Exception Message</b>: " + ex.Message + "<br>" );
output.Write("<b>Stack Trace</b>:<br>" + ex.StackTrace.Replace("\n", "<br>"));
output.Write("</div>");
}

You can also use the LogonUser()

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);
/// <summary>
/// This will impersonate a user using the LogonUser() and return a handle
/// to the WindowsImpersonationContext
/// </summary>
/// <param name="login"></param>
/// <param name="password"></param>
/// <param name="domain"></param>
public WindowsImpersonationContext ImpersonateUser(string login, string
password, string domain)
{
// constants used by LogonUser() method
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_PROVIDER_DEFAULT = 0;
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
WindowsImpersonationContext wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
// return the WindowsImpersonationContext
return wic;
}
/// <summary>
/// Render this Web Part to the output parameter specified.
/// </summary>
/// <param name="output"> The HTML writer to write out to </param>
protected override void RenderWebPart(HtmlTextWriter output)
{
// start of try block
try
{
// Get current Identity
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
// Output Current Principal
output.Write("--- CurrentPrincipal ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Impersonate a user
WindowsImpersonationContext wic
= ImpersonateUser("username", "password", "domain");
// Output WindowsIdentity
output.Write("--- ImpersonateUser() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Undo the impersonation and set the CurrentPrincipal back
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
// Impersonate back to original identity
currentIdentity.Impersonate();
output.Write("--- Impersonate() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
}
catch (Exception ex)
{
// display diagnostic error information if exception occurs
output.Write("<div>");
output.Write("<b>Exception Type</b>: " + ex.GetType().ToString() + "<br>");
output.Write("<b>Exception Message</b>: " + ex.Message + "<br>" );
output.Write("<b>Stack Trace</b>:<br>" + ex.StackTrace.Replace("\n", "<br>"));
output.Write("</div>");
}
}

"Eric" wrote:
Hello,

I have a web app that uploads files to a file server (different box than the
web server). The application uses NT integrated authentication, but no users
should have permissions to the file server.

How can I use a fixed domain account to upload the files to the file server
while still preserving the users' Windows integrated authentication on the
web server?

Thank you,

Eric

Nov 19 '05 #4
Eric,

Sorry ... not sure what you mean... I just tried this and it worked fine for
me:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

using System.Xml;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Threading;
using System.Security.Permissions;

namespace ScreenScrape
{

/// <summary>
/// Summary description for WebForm1.
/// </summary>
public class WebForm1 : System.Web.UI.Page
{

protected System.Web.UI.WebControls.Literal myPage;

private void Page_Load(object sender, System.EventArgs e)
{
RenderHtml(Response);
}

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

/// <summary>
/// This will impersonate a user using the LogonUser() and return a handle
/// to the WindowsImpersonationContext
/// </summary>
/// <param name="login"></param>
/// <param name="password"></param>
/// <param name="domain"></param>
public WindowsImpersonationContext ImpersonateUser(string login, string
password, string domain)
{
// constants used by LogonUser() method
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_PROVIDER_DEFAULT = 0;
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
WindowsImpersonationContext wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
// return the WindowsImpersonationContext
return wic;
}
/// <summary>
/// Render this Web Part to the output parameter specified.
/// </summary>
/// <param name="output"> The HTML writer to write out to </param>
public void RenderHtml(HttpResponse output)
{
// start of try block
try
{
// Get current Identity
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
// Output Current Principal
output.Write("--- CurrentPrincipal ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Impersonate a user
WindowsImpersonationContext wic
= ImpersonateUser("username", "password", "domain");
// Output WindowsIdentity
output.Write("--- ImpersonateUser() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
// Undo the impersonation and set the CurrentPrincipal back
wic.Undo();
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
// Impersonate back to original identity
currentIdentity.Impersonate();
output.Write("--- Impersonate() ---<br>");
output.Write("WindowsIdentity.GetCurrent().Name: "
+ WindowsIdentity.GetCurrent().Name + "<br>");
output.Write("Thread.CurrentPrincipal.Identity.Nam e : "
+ Thread.CurrentPrincipal.Identity.Name + "<br>");
}
catch (Exception ex)
{
// display diagnostic error information if exception occurs
output.Write("<div>");
output.Write("<b>Exception Type</b>: " + ex.GetType().ToString() +
"<br>");
output.Write("<b>Exception Message</b>: " + ex.Message + "<br>" );
output.Write("<b>Stack Trace</b>:<br>" + ex.StackTrace.Replace("\n",
"<br>"));
output.Write("</div>");
}
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion

}

}

Nov 19 '05 #5
Eric wrote:
Thank you for the reply, Kevin. LogonUser looks like what I'm
looking for (supplying my own username/password for the
impersonation), but do you know of a managed equivalent?


A managed equivalent is just going to call LogonUser just like you are. If
you really need a managed equivalent, build a managed wrapper class around
the LogonUser API and you'll have one. ;)

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003


Nov 19 '05 #6
Ah hah...point taken, Jim. Thank you both for your responses. You've helped
greatly! I tested the code, and it works perfectly for what I need.

Take care,

Eric
"JIMCO Software" wrote:
Eric wrote:
Thank you for the reply, Kevin. LogonUser looks like what I'm
looking for (supplying my own username/password for the
impersonation), but do you know of a managed equivalent?


A managed equivalent is just going to call LogonUser just like you are. If
you really need a managed equivalent, build a managed wrapper class around
the LogonUser API and you'll have one. ;)

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003


Nov 19 '05 #7
Eric wrote:
Ah hah...point taken, Jim. Thank you both for your responses.
You've helped greatly! I tested the code, and it works perfectly for
what I need.


I meant that to be funny, not as a sarcastic remark. :)

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003


Nov 19 '05 #8
> I meant that to be funny, not as a sarcastic remark. :)

No worries, that's exactly how I took it.

Eric
"JIMCO Software" wrote:
Eric wrote:
Ah hah...point taken, Jim. Thank you both for your responses.
You've helped greatly! I tested the code, and it works perfectly for
what I need.


I meant that to be funny, not as a sarcastic remark. :)

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003


Nov 19 '05 #9
Yeah, it was just some code I put into a Page for a paper I wrote on
SharePoint Services WebPart development describing what you would need to
impersonate another domain user ... never wrote a wrapper class around it,
which is easily done by just moving it into a class with 2 methods.
Basically just need an Impersonate() method and an Undo() method.

"JIMCO Software" wrote:
Eric wrote:
Thank you for the reply, Kevin. LogonUser looks like what I'm
looking for (supplying my own username/password for the
impersonation), but do you know of a managed equivalent?


A managed equivalent is just going to call LogonUser just like you are. If
you really need a managed equivalent, build a managed wrapper class around
the LogonUser API and you'll have one. ;)

--
Jim Cheshire
JIMCO Software
http://www.jimcosoftware.com

FrontPage add-ins for FrontPage 2000 - 2003


Nov 19 '05 #10
Is this what you need?

using System;
using System.Security.Principal;
using System.Security.Permissions;
using System.Runtime.InteropServices;
using System.Threading;

namespace Impersonate
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

private WindowsImpersonationContext wic = null;
private WindowsIdentity currentIdentity = null;

public ImpersonateUser()
{
// Get current Identity
currentIdentity = WindowsIdentity.GetCurrent();
}

/// <summary>
/// This will impersonate a user using the LogonUser() and return a handle
/// to the WindowsImpersonationContext
/// </summary>
/// <param name="login"></param>
/// <param name="password"></param>
/// <param name="domain"></param>
public WindowsImpersonationContext Impersonate(string login, string
password, string domain)
{
// constants used by LogonUser() method
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_PROVIDER_DEFAULT = 0;
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
// return the WindowsImpersonationContext
return wic;
}

public void Undo()
{
// Impersonate back to original identity
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
}

}

}

Nov 19 '05 #11
Yes, that does it. Thank you again, Kevin.

Eric
"Kevin Schlegelmilch" wrote:
Is this what you need?

using System;
using System.Security.Principal;
using System.Security.Permissions;
using System.Runtime.InteropServices;
using System.Threading;

namespace Impersonate
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{

[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(string lpszUsername,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

private WindowsImpersonationContext wic = null;
private WindowsIdentity currentIdentity = null;

public ImpersonateUser()
{
// Get current Identity
currentIdentity = WindowsIdentity.GetCurrent();
}

/// <summary>
/// This will impersonate a user using the LogonUser() and return a handle
/// to the WindowsImpersonationContext
/// </summary>
/// <param name="login"></param>
/// <param name="password"></param>
/// <param name="domain"></param>
public WindowsImpersonationContext Impersonate(string login, string
password, string domain)
{
// constants used by LogonUser() method
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_PROVIDER_DEFAULT = 0;
// handle returned from the LogonUser() method
IntPtr handle = new IntPtr(0);
handle = IntPtr.Zero;
// try to login to the domain
bool logonUser = LogonUser(login, domain, password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, ref handle);
// login unsuccessful
if(!logonUser)
{
// get the error
int lastWin32Error = Marshal.GetLastWin32Error();
throw new Exception("ImpersonateUser failed<br>Win32Error: " +
lastWin32Error);
}
// create a new WindowsIdentity, set the CurrentPrincipal and Impersonate
the user
WindowsIdentity wi
= new WindowsIdentity(handle, "NTLM", WindowsAccountType.Normal, true);
Thread.CurrentPrincipal = new WindowsPrincipal(wi);
wic = wi.Impersonate();
// close the handle
CloseHandle(handle);
// return the WindowsImpersonationContext
return wic;
}

public void Undo()
{
// Impersonate back to original identity
Thread.CurrentPrincipal = new WindowsPrincipal(currentIdentity);
currentIdentity.Impersonate();
}

}

}

Nov 19 '05 #12

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Gerry | last post by:
I have a developer here with a website running with only "Windows Integrated Authentication" set on a Windows 2000 member server that uses GetObject to get a user's group membership in the domain....
3
by: Glen Scott | last post by:
Hi, I'm writing an ASP app that administers an ISA server remotely. The fact that it's an ISA server isn't my problem I believe. My question? What is the security difference between disabling...
3
by: Mike Hutton | last post by:
Hi, I have tried to keep things simple. Not simple enough, obviously. I have a set of intranet ASP.NET pages which access a SQL back-end through the normal SQLConnection stuff. I want to use...
2
by: Kevin Hoskins | last post by:
Is there anyway to force authentication of the Anonymous user? Here is the situation: I have an ASP.NET page which calls an assembly which requires a certain level of permissions. The page is...
2
by: pv | last post by:
Hi everyone, I need help with following scenario, please: Users are accessing same web server from intranet (users previously authenticated in Active Dir) and from extranet (common public...
10
by: et | last post by:
I have an asp.net program that uses a connection string, using integrated security to connect to a sql database. It runs fine on one server, but the other server gives me the error that "Login...
5
by: jhcorey | last post by:
We're using a third-party treeview and found that the functionality we need works only when we set the web site security to allow Anonymous Access. We also need the user's network id, which we...
0
by: furiousmojo | last post by:
Okay, so I thought this would be easy, but it's not turning out that way. Let's see how good you guys are! :-) I have a windows authentication-based Intranet application. An excerpt from the...
2
by: Sorcerdon | last post by:
Hello experts, Im looking for a true expert to solve this. I have a web application which displays a simple select from a table. I have set impersination to true in the web config I have...
2
by: Adnan Al-Ghourabi | last post by:
Hi, We have an application running on IIS 6.0, on a windows 2003 box. The back-end database, a SQL Server 2000, runs on anohter server, windows 2000. We have enabled integrated authentication,...
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.