By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,238 Members | 1,787 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,238 IT Pros & Developers. It's quick & easy.

Impersonate

P: n/a
Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);

[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);

//int UserToken;
bool loggedOn;

try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");

foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}

ImpersonatedUser.Undo();
}

}

Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Nov 16 '05 #1
Share this Question
Share on Google+
14 Replies


P: n/a
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and then
try to perform and action on that machine i.e. restart a service or list the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Nov 16 '05 #2

P: n/a
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on the other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and then
try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"

Nov 16 '05 #3

P: n/a
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on

the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and
then
try to perform and action on that machine i.e. restart a service or list

the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"


Nov 16 '05 #4

P: n/a
Hi

I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user
on the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and
then
try to perform and action on that machine i.e. restart a service or
list the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"



Nov 16 '05 #5

P: n/a
Where does the impersonate user right live?

Ian
"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net...
Hi

I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
> Ian,
>
> This might be a foolish question, but does the user account on the> machine you are running the code on have rights to impersonate a user on the
> other machine? My guess is that it doesn't.
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mv*@spam.guard.caspershouse.com
>
> "Ian Frawley" <ch****@away.com> wrote in message
> news:QK************@news-1.opaltelecom.net...
> Anyone used the WindowsIdentity class with success? I find if I try to> change the current identity to one that exists on another machine and
> then
> try to perform and action on that machine i.e. restart a service or list the
> available processes I keep getting access denied exceptions. Here is an> example of my code:
>
> [DllImport("advapi32.dll", SetLastError=true)]
> public extern static bool LogonUser(String lpszUsername, String
> lpszDomain,
> String lpszPassword, int dwLogonType,
> int dwLogonProvider, ref IntPtr phToken);
> [STAThread]
> static void Main(string[] args)
> {
> IntPtr UserToken = new IntPtr(0);
> //int UserToken;
> bool loggedOn;
> try
> {
> loggedOn = LogonUser(
> "Administrator",
> Dns.GetHostName(),
> "",3,0, ref UserToken);
> }
> catch(Exception ex)
> {
> throw ex;
> }
>
> if(loggedOn)
> {
> WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);> WindowsImpersonationContext ImpersonatedUser =
> SystemMonitorUser.Impersonate();
> Console.WriteLine(SystemMonitorUser.Name);
>
> try
> {
> Process[] _process;
>
> _process = Process.GetProcesses("192.168.6.236");
> foreach (Process p in _process)
> {
> Console.WriteLine(p.ProcessName.ToString());
> }
> }
> catch (Exception ex)
> {
> Console.WriteLine(ex.Message);
> throw ex;
> }
> ImpersonatedUser.Undo();
> }
> }
> Ian
>
> --
> "Life should NOT be a journey to the grave
> with the intention of arriving safely in an
> attractive and well preserved body,
> but rather to skid in sideways,
> chocolate in one hand, beer in the other,
> body thoroughly used up,
> totally worn out and screaming
> WOO HOO what a ride!"
>
>



Nov 16 '05 #6

P: n/a
Where does the impersonate user right live?

Ian

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user
on the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and
then
try to perform and action on that machine i.e. restart a service or
list the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"



Nov 16 '05 #7

P: n/a
Ian,

If you are running code on one machine, you aren't creating the
impersonation on the other machine. You are creating an impersonation on
the local machine. If you are in a workgroup, then you aren't going to be
able to impersonate that user on the other machine (I believe) because the
users are actually different.

Rather, you have to impersonate a user on the local machine, and then
try to perform an operation on the other machine (in workgroup mode, the way
it works is that you have to have two accounts with the same login name and
password which match).
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net...
Hi

I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
> Does the WindowsIdentity class require the current user to have these
> rights?
>
>
> "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com>
> wrote
> in
> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Ian,
>>
>> This might be a foolish question, but does the user account on the
>> machine you are running the code on have rights to impersonate a user on > the
>> other machine? My guess is that it doesn't.
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Ian Frawley" <ch****@away.com> wrote in message
>> news:QK************@news-1.opaltelecom.net...
>> Anyone used the WindowsIdentity class with success? I find if I try to
>> change the current identity to one that exists on another machine and
>> then
>> try to perform and action on that machine i.e. restart a service or list > the
>> available processes I keep getting access denied exceptions. Here is
>> an
>> example of my code:
>>
>> [DllImport("advapi32.dll", SetLastError=true)]
>> public extern static bool LogonUser(String lpszUsername, String
>> lpszDomain,
>> String lpszPassword, int dwLogonType,
>> int dwLogonProvider, ref IntPtr phToken);
>> [STAThread]
>> static void Main(string[] args)
>> {
>> IntPtr UserToken = new IntPtr(0);
>> //int UserToken;
>> bool loggedOn;
>> try
>> {
>> loggedOn = LogonUser(
>> "Administrator",
>> Dns.GetHostName(),
>> "",3,0, ref UserToken);
>> }
>> catch(Exception ex)
>> {
>> throw ex;
>> }
>>
>> if(loggedOn)
>> {
>> WindowsIdentity SystemMonitorUser = new
>> WindowsIdentity(UserToken);
>> WindowsImpersonationContext ImpersonatedUser =
>> SystemMonitorUser.Impersonate();
>> Console.WriteLine(SystemMonitorUser.Name);
>>
>> try
>> {
>> Process[] _process;
>>
>> _process = Process.GetProcesses("192.168.6.236");
>> foreach (Process p in _process)
>> {
>> Console.WriteLine(p.ProcessName.ToString());
>> }
>> }
>> catch (Exception ex)
>> {
>> Console.WriteLine(ex.Message);
>> throw ex;
>> }
>> ImpersonatedUser.Undo();
>> }
>> }
>> Ian
>>
>> --
>> "Life should NOT be a journey to the grave
>> with the intention of arriving safely in an
>> attractive and well preserved body,
>> but rather to skid in sideways,
>> chocolate in one hand, beer in the other,
>> body thoroughly used up,
>> totally worn out and screaming
>> WOO HOO what a ride!"
>>
>>
>
>



Nov 16 '05 #8

P: n/a
Nicholas,

That is infact what I have been doing but I have also been changing the
domain name in the call
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr
phToken);

and I have even tried imbedding it twice i.e. impersonating a high priv user
locally and then trying to impersonate that user onto the remote box, which
is where the account is also set up but this has been to no avail.

Think I will try some more tomorrow as I have now finished for the day.

Ian

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:uo*************@TK2MSFTNGP14.phx.gbl...
Ian,

If you are running code on one machine, you aren't creating the
impersonation on the other machine. You are creating an impersonation on
the local machine. If you are in a workgroup, then you aren't going to be
able to impersonate that user on the other machine (I believe) because the
users are actually different.

Rather, you have to impersonate a user on the local machine, and then
try to perform an operation on the other machine (in workgroup mode, the way it works is that you have to have two accounts with the same login name and password which match).
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net...
Hi

I might be sounding a bit thick but if the user creating the impersonation on the remote machine had the rights to do this then why would it need to impersonate at all? Or is the impersonate user rights actually lower that say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
> Does the WindowsIdentity class require the current user to have these
> rights?
>
>
> "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com>
> wrote
> in
> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Ian,
>>
>> This might be a foolish question, but does the user account on the >> machine you are running the code on have rights to impersonate a user
on
> the
>> other machine? My guess is that it doesn't.
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Ian Frawley" <ch****@away.com> wrote in message
>> news:QK************@news-1.opaltelecom.net...
>> Anyone used the WindowsIdentity class with success? I find if I try

to >> change the current identity to one that exists on another machine and >> then
>> try to perform and action on that machine i.e. restart a service or

list
> the
>> available processes I keep getting access denied exceptions. Here is
>> an
>> example of my code:
>>
>> [DllImport("advapi32.dll", SetLastError=true)]
>> public extern static bool LogonUser(String lpszUsername, String
>> lpszDomain,
>> String lpszPassword, int dwLogonType,
>> int dwLogonProvider, ref IntPtr phToken);
>> [STAThread]
>> static void Main(string[] args)
>> {
>> IntPtr UserToken = new IntPtr(0);
>> //int UserToken;
>> bool loggedOn;
>> try
>> {
>> loggedOn = LogonUser(
>> "Administrator",
>> Dns.GetHostName(),
>> "",3,0, ref UserToken);
>> }
>> catch(Exception ex)
>> {
>> throw ex;
>> }
>>
>> if(loggedOn)
>> {
>> WindowsIdentity SystemMonitorUser = new
>> WindowsIdentity(UserToken);
>> WindowsImpersonationContext ImpersonatedUser =
>> SystemMonitorUser.Impersonate();
>> Console.WriteLine(SystemMonitorUser.Name);
>>
>> try
>> {
>> Process[] _process;
>>
>> _process = Process.GetProcesses("192.168.6.236");
>> foreach (Process p in _process)
>> {
>> Console.WriteLine(p.ProcessName.ToString());
>> }
>> }
>> catch (Exception ex)
>> {
>> Console.WriteLine(ex.Message);
>> throw ex;
>> }
>> ImpersonatedUser.Undo();
>> }
>> }
>> Ian
>>
>> --
>> "Life should NOT be a journey to the grave
>> with the intention of arriving safely in an
>> attractive and well preserved body,
>> but rather to skid in sideways,
>> chocolate in one hand, beer in the other,
>> body thoroughly used up,
>> totally worn out and screaming
>> WOO HOO what a ride!"
>>
>>
>
>



Nov 16 '05 #9

P: n/a
Not sure what you want to achieve here, you are impersonating a "local" administrator account using a NETWORK logontype(LOGON32_LOGON_NETWORK = 3) to access remote resources, this will never work please consult the platform sdk docs for details on LogonUser.
Here's how you should proceed:
1. Call LogonUser specifying LOGON32_LOGON_NETWORK_CLEARTEXT (8) or LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype AND the impersonating account's credentials need to match the remote account, or
2. (better)Impersonate a remote account using LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype.

Remarks: 1.not sure this works with an empty password, which is a BAD idea anyway for an administrator account.
2. Calling LogonUser is in general a bad thing to do, you better use System.Management classes and WMI to access remote servers process info and performance counters.

Willy.

"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);

[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);

//int UserToken;
bool loggedOn;

try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");

foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}

ImpersonatedUser.Undo();
}

}

Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Nov 16 '05 #10

P: n/a
The identity on the other machine may not have sufficient permissions.
Have you checked out on the permissions of the other computer's
identity?

with regards,
J.V.Ravichandran
- http://www.geocities.com/
jvravichandran
- http://www.411asp.net/func/search?
qry=Ravichandran+J.V.&cob=aspnetpro
- http://www.southasianoutlook.com
- http://www.MSDNAA.Net
- http://www.csharphelp.com
- http://www.poetry.com/Publications/
display.asp?ID=P3966388&BN=999&PN=2
- Or, just search on "J.V.Ravichandran"
at http://www.Google.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 16 '05 #11

P: n/a
Hi yes the identity on the remote machine has administrator privilages.
Its confusing me as if I run the code on the local machine it starts and
stops the service but when I stick it on another box it starts having this
problem.

Ian

"Ravichandran J.V." <jv************@yahoo.com> wrote in message
news:uH**************@TK2MSFTNGP15.phx.gbl...
The identity on the other machine may not have sufficient permissions.
Have you checked out on the permissions of the other computer's
identity?

with regards,
J.V.Ravichandran
- http://www.geocities.com/
jvravichandran
- http://www.411asp.net/func/search?
qry=Ravichandran+J.V.&cob=aspnetpro
- http://www.southasianoutlook.com
- http://www.MSDNAA.Net
- http://www.csharphelp.com
- http://www.poetry.com/Publications/
display.asp?ID=P3966388&BN=999&PN=2
- Or, just search on "J.V.Ravichandran"
at http://www.Google.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 16 '05 #12

P: n/a
No, that's not the reason. When using LOGON32_LOGON_NETWORK (value 3) as
LogonType, the token returned by LogonUser is an "impersonation token", such
a token CANNOT be used in WindowsIdentity.Impersonate() in order to access
network resources. The impersonated user has no network access, so the
"Access is denied" exception really should have a
"System.InvalidOperationException: Couldn't connect to remote machine "
inner exception.

You can convert an "impersonation token" to a "direct token" by calling
Win32 DuplicateToken, but it's much easier to call LogonUser with
LOGON32_LOGON_NETWORK_CLEARTEXT or LOGON32_LOGON_NEW_CREDENTIALS as
Logontype.

Willy.

"Ravichandran J.V." <jv************@yahoo.com> wrote in message
news:uH**************@TK2MSFTNGP15.phx.gbl...
The identity on the other machine may not have sufficient permissions.
Have you checked out on the permissions of the other computer's
identity?

with regards,
J.V.Ravichandran
- http://www.geocities.com/
jvravichandran
- http://www.411asp.net/func/search?
qry=Ravichandran+J.V.&cob=aspnetpro
- http://www.southasianoutlook.com
- http://www.MSDNAA.Net
- http://www.csharphelp.com
- http://www.poetry.com/Publications/
display.asp?ID=P3966388&BN=999&PN=2
- Or, just search on "J.V.Ravichandran"
at http://www.Google.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 16 '05 #13

P: n/a

"Ian Frawley" <ch****@away.com> wrote in message
news:73*************@news-1.opaltelecom.net...
Hi yes the identity on the remote machine has administrator privilages.
Its confusing me as if I run the code on the local machine it starts and
stops the service but when I stick it on another box it starts having this
problem.


Did you read my other replies? and did you get the remote process
enumeration finally working ?
Could you post your code that tries to stop a remote service?

Willy.


Nov 16 '05 #14

P: n/a
Finally sussed it, sorry didn't see your mails but this enumerates the
processes on a remote machine:
(Provided the local user exists on the remote machine)

[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,

int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
static void Main(string[] args)
{

IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);

try
{
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
const int SecurityImpersonation = 2;

tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;

bool LoggedOn = LogonUser("User", Dns.GetHostName(), "Password",
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);

if(LoggedOn)
{
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation,
ref dupeTokenHandle);

if(retVal)
{
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser =
newId.Impersonate();

Process[] _process;
_process = Process.GetProcesses("192.168.6.236");

foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}

impersonatedUser.Undo();
}
}

if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);

if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
}
catch(Exception ex)
{
Console.WriteLine("Exception occurred. " + ex.Message);
}
}
Nov 16 '05 #15

This discussion thread is closed

Replies have been disabled for this discussion.