473,322 Members | 1,405 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Impersonate - Urgent

Hi

When Button_Click is called with a hardcoded value in uername,domain and
password its working fine. But the Impersonation has not taken place when
those parameters are passed through either session or variable

Refer: http://support.microsoft.com/default...n-us;q306158#4

Public Sub Button_Click(ByVal s As Object, ByVal e As EventArgs)
If impersonateValidUser("username", "domain", "password") Then
'Insert your code that runs under the security context of a specific
user here.
undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism
here.
End If
End Sub

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False

If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function

Thanks in Advance
Waran
Nov 19 '05 #1
3 1157
This may be an obvious question, but when you tried this while using
Session or other types of variables, did you examine those values
specifically, either by breaking on that line of code or logging the
values to a text file or something? It seems that the values you are
assuming are getting used are not the ones that are actually getting
used.

----

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Log userName
Log domain
Log password

If RevertToSelf() Then
If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE,

----

Mike

Nov 19 '05 #2
Mike,
I have checked the values when i am passing through session variable. Those
values are corrct. And if I pass the same values as a hard-coded. its working
perfect.

Thanks
Kumar

"xhead" wrote:
This may be an obvious question, but when you tried this while using
Session or other types of variables, did you examine those values
specifically, either by breaking on that line of code or logging the
values to a text file or something? It seems that the values you are
assuming are getting used are not the ones that are actually getting
used.

----

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Log userName
Log domain
Log password

If RevertToSelf() Then
If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE,

----

Mike

Nov 19 '05 #3
Mike,

Thanks a lot, the password differs from the database and the one we are
passing.

Thanks
Kumar

"Waran" wrote:
Mike,
I have checked the values when i am passing through session variable. Those
values are corrct. And if I pass the same values as a hard-coded. its working
perfect.

Thanks
Kumar

"xhead" wrote:
This may be an obvious question, but when you tried this while using
Session or other types of variables, did you examine those values
specifically, either by breaking on that line of code or logging the
values to a text file or something? It seems that the values you are
assuming are getting used are not the ones that are actually getting
used.

----

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Log userName
Log domain
Log password

If RevertToSelf() Then
If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE,

----

Mike

Nov 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Yoshitha | last post by:
Hi I've to access registry and also get cpu id from the web application. First i wrote code to get cpuid from web application then i got cpu id. Next i wrote code to set value into a registry and...
0
by: Yoshitha | last post by:
Hi I've to access registry and also get cpu id from the web application. First i wrote code to get cpuid from web application then i got cpu id. Next i wrote code to set value into a registry and...
3
by: Yoshitha | last post by:
Hi I've to access registry and also get cpu id from the web application. First i wrote code to get cpuid from web application then i got cpu id. Next i wrote code to set value into a registry and...
5
by: WT | last post by:
Hello, IIS6 on W2K3, .net 3.5, Sql 2005. All sp applied. My site is using windows authentication only and the web application connects to sql server residing on another server in the same...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.