Impersonation

Ripa Horatiu

Does anyone knows how can I impersonate to another user (basically Administrator) for a piece of my code? I've tried the samples provided by MS but they didn't worked.

--
Horatiu Ripa

Nov 15 '05 #1

Subscribe Post Reply

9974

Ripa Horatiu

???????????????????????????

I'm doing the impersonation because I don't have rights enough to perform
some tasks. The impersonation is the ability to run threads/processes in a
different security context than the main one. Meaning switching to another
identity (account) for a while with higher (and even if it doesn't have any
sense, lower) privileges.
I'm using XML services and I need to promote to "Administrator" the security
context that a piece of code runs into, to be able to access resources not
accessible with ASPNET account. The sample that microsoft has on its page
does not work, it always throws an error (ret!=0), here's the code:

using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;

[assembly:SecurityPermissionAttribute(SecurityActio n.RequestMinimum,
UnmanagedCode=true)]
public class Class1
{
[DllImport("C:\\WINNT\\System32\\advapi32.dll")]
public static extern bool LogonUser(String lpszUsername, String
lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out int phToken);

[DllImport("C:\\WINNT\\System32\\Kernel32.dll")]
public static extern int GetLastError();

public static void Main(string[] args)
{
// The Windows NT user token.
int token1;

// Get the user token for the specified user, machine, and password
using the unmanaged LogonUser method.

bool loggedOn = LogonUser(
// User name.
"bob",

// Computer name.
"AARDVARK",

// Password.
"coffee",

// Logon type = LOGON32_LOGON_NETWORK_CLEARTEXT.
3,

// Logon provider = LOGON32_PROVIDER_DEFAULT.
0,

// The user token for the specified user is returned here.
out token1);

Console.WriteLine("LogonUser called");

// Call GetLastError to try to determine why logon failed if it did
not succeed.
int ret = GetLastError();

Console.WriteLine("LogonUser Success? " + loggedOn);
Console.WriteLine("NT Token Value: " + token1);
if (ret != 0) Console.WriteLine("Error code (126 == \"Specified module
could not be found\"): " + ret);

//Starting impersonation here:
Console.WriteLine("\n\nBefore impersonation:\n");
WindowsIdentity mWI1 = WindowsIdentity.GetCurrent();
Console.WriteLine(mWI1.Name);
Console.WriteLine(mWI1.Token);

IntPtr token2 = new IntPtr(token1);

Console.WriteLine("\n\nNew identity created:\n");
WindowsIdentity mWI2 = new WindowsIdentity(token2);
Console.WriteLine(mWI2.Name);
Console.WriteLine(mWI2.Token);

// Impersonate the user.
WindowsImpersonationContext mWIC = mWI2.Impersonate();

Console.WriteLine("\n\nAfter impersonation:\n");
WindowsIdentity mWI3 = WindowsIdentity.GetCurrent();
Console.WriteLine(mWI3.Name);
Console.WriteLine(mWI3.Token);

// Revert to previous identity.
mWIC.Undo();

Console.WriteLine("\n\nAfter impersonation is reverted:\n");
WindowsIdentity mWI4 = WindowsIdentity.GetCurrent();
Console.WriteLine(mWI4.Name);
Console.WriteLine(mWI4.Token);
}
}

--
Horatiu Ripa
Software Development Manager
Business Logic Systems LTD
6-8 Motilor str., 6th floor, 3400 Cluj-Napoca, Romania
Phone: +40 64 438144 Fax: +40 64 438144
Web: www.businesslogic.co.uk

This email (email message and any attachments) is strictly confidential,
possibly privileged and is intended solely for the person or organization to
whom it is addressed. If you are not the intended recipient, you must not
copy, distribute or take any action in reliance on it. If you have received
this email in error, please inform the sender immediately before deleting
it. Business Logic Systems Ltd accepts no responsibility for any advice,
opinion, conclusion or other information contained in this email or arising
from its disclosure.
"Nicholas Paldino [.NET/C# MVP]" <ni**************@exisconsulting.com> wrote
in message news:OA**************@TK2MSFTNGP09.phx.gbl...

Horatiu,

Can you show the code? Also, are you using ASP.NET? The account that
is doing the impersonation has to have the correct permissions in order to
impersonate another user and the ASPNET account does not have them (I think) by default.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- ni**************@exisconsulting.com
"Ripa Horatiu" <ho**********@blabla.ro> wrote in message
news:ON**************@TK2MSFTNGP10.phx.gbl...
Does anyone knows how can I impersonate to another user (basically
Administrator) for a piece of my code? I've tried the samples provided by MS but they didn't worked.

--
Horatiu Ripa

Nov 15 '05 #2

by: Chris | last post by:

Hello all, Here is my problem. I have a windows service (C#) that is supposed to move files from/to the local drive to/from a UNC share (\\domainserver\share). The service is running on a Win3k...

.NET Framework

Issue with ASP.NET client, COM Interop, and Identity impersonation

by: Anil Krishnamurthy | last post by:

We have an ASP.NET application that uses COM objects through Interop. The web application requires access to network and database resources and hence, needs to impersonate a domain account. The...

.NET Framework

Impersonation failure with Index Server and Forms Authentication with Active Directory

by: techfuzz | last post by:

I'm posting my problem experience and solution I found here for other ASP.NET developers. I have a web application that uses Forms Authentication with Active Directory to control access. In...

ASP.NET

Machine.Config -- ProcessModel vs Identity Impersonation

by: Wm. Scott Miller | last post by:

What is the difference between using a username and password in the processmodel section vs using one in impersonation in the machine.config file? What are the advantages of each and what are the...

ASP.NET

Impersonation causes a server error

by: Phil | last post by:

Hi, I've currently setup a local user as described in: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnne...

C# / C Sharp

Threading & Impersonation

by: Patrick | last post by:

I have an ASP.NET web service whose Web.Config is set to use impersonation <authentication mode="Windows" /> <identity impersonate="true" /> Within a Web Method, I want to use...

ASP.NET

Impersonation Problem

by: velvet.graham | last post by:

I'm having a difficult time with impersonation. I've created an impersonation class. Here is the code below: ******Impersonation Class Code********* Imports System Imports System.Web.Security...

ASP.NET

interesting! cystal report dll and asp.net impersonation

by: zhuang | last post by:

Dear all, I found a very interesting thing about viewing crystal report (located on network drive) with asp.net application. To do the impersonation, modify web.config does not work, you have...

ASP.NET

Impersonation and Performance

by: =?Utf-8?B?S2l0dHlIYXdr?= | last post by:

I am in the process of migrating an II6 environment from a single server to a network load balanced system. Thus, I am using a virtual directory on a UNC share to house the dynamic data that the...

ASP.NET

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Similar topics