473,326 Members | 2,090 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Impersonate

Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);

[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);

//int UserToken;
bool loggedOn;

try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");

foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}

ImpersonatedUser.Undo();
}

}

Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Nov 16 '05 #1
14 3410
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and then
try to perform and action on that machine i.e. restart a service or list the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Nov 16 '05 #2
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on the other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and then
try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"

Nov 16 '05 #3
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on

the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and
then
try to perform and action on that machine i.e. restart a service or list

the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"


Nov 16 '05 #4
Hi

I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user
on the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and
then
try to perform and action on that machine i.e. restart a service or
list the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"



Nov 16 '05 #5
Where does the impersonate user right live?

Ian
"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net...
Hi

I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
> Ian,
>
> This might be a foolish question, but does the user account on the> machine you are running the code on have rights to impersonate a user on the
> other machine? My guess is that it doesn't.
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mv*@spam.guard.caspershouse.com
>
> "Ian Frawley" <ch****@away.com> wrote in message
> news:QK************@news-1.opaltelecom.net...
> Anyone used the WindowsIdentity class with success? I find if I try to> change the current identity to one that exists on another machine and
> then
> try to perform and action on that machine i.e. restart a service or list the
> available processes I keep getting access denied exceptions. Here is an> example of my code:
>
> [DllImport("advapi32.dll", SetLastError=true)]
> public extern static bool LogonUser(String lpszUsername, String
> lpszDomain,
> String lpszPassword, int dwLogonType,
> int dwLogonProvider, ref IntPtr phToken);
> [STAThread]
> static void Main(string[] args)
> {
> IntPtr UserToken = new IntPtr(0);
> //int UserToken;
> bool loggedOn;
> try
> {
> loggedOn = LogonUser(
> "Administrator",
> Dns.GetHostName(),
> "",3,0, ref UserToken);
> }
> catch(Exception ex)
> {
> throw ex;
> }
>
> if(loggedOn)
> {
> WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);> WindowsImpersonationContext ImpersonatedUser =
> SystemMonitorUser.Impersonate();
> Console.WriteLine(SystemMonitorUser.Name);
>
> try
> {
> Process[] _process;
>
> _process = Process.GetProcesses("192.168.6.236");
> foreach (Process p in _process)
> {
> Console.WriteLine(p.ProcessName.ToString());
> }
> }
> catch (Exception ex)
> {
> Console.WriteLine(ex.Message);
> throw ex;
> }
> ImpersonatedUser.Undo();
> }
> }
> Ian
>
> --
> "Life should NOT be a journey to the grave
> with the intention of arriving safely in an
> attractive and well preserved body,
> but rather to skid in sideways,
> chocolate in one hand, beer in the other,
> body thoroughly used up,
> totally worn out and screaming
> WOO HOO what a ride!"
>
>



Nov 16 '05 #6
Where does the impersonate user right live?

Ian

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:%2****************@TK2MSFTNGP09.phx.gbl...
Ian,

This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user
on the
other machine? My guess is that it doesn't.

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and
then
try to perform and action on that machine i.e. restart a service or
list the
available processes I keep getting access denied exceptions. Here is an
example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian

--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"



Nov 16 '05 #7
Ian,

If you are running code on one machine, you aren't creating the
impersonation on the other machine. You are creating an impersonation on
the local machine. If you are in a workgroup, then you aren't going to be
able to impersonate that user on the other machine (I believe) because the
users are actually different.

Rather, you have to impersonate a user on the local machine, and then
try to perform an operation on the other machine (in workgroup mode, the way
it works is that you have to have two accounts with the same login name and
password which match).
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net...
Hi

I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
> Does the WindowsIdentity class require the current user to have these
> rights?
>
>
> "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com>
> wrote
> in
> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Ian,
>>
>> This might be a foolish question, but does the user account on the
>> machine you are running the code on have rights to impersonate a user on > the
>> other machine? My guess is that it doesn't.
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Ian Frawley" <ch****@away.com> wrote in message
>> news:QK************@news-1.opaltelecom.net...
>> Anyone used the WindowsIdentity class with success? I find if I try to
>> change the current identity to one that exists on another machine and
>> then
>> try to perform and action on that machine i.e. restart a service or list > the
>> available processes I keep getting access denied exceptions. Here is
>> an
>> example of my code:
>>
>> [DllImport("advapi32.dll", SetLastError=true)]
>> public extern static bool LogonUser(String lpszUsername, String
>> lpszDomain,
>> String lpszPassword, int dwLogonType,
>> int dwLogonProvider, ref IntPtr phToken);
>> [STAThread]
>> static void Main(string[] args)
>> {
>> IntPtr UserToken = new IntPtr(0);
>> //int UserToken;
>> bool loggedOn;
>> try
>> {
>> loggedOn = LogonUser(
>> "Administrator",
>> Dns.GetHostName(),
>> "",3,0, ref UserToken);
>> }
>> catch(Exception ex)
>> {
>> throw ex;
>> }
>>
>> if(loggedOn)
>> {
>> WindowsIdentity SystemMonitorUser = new
>> WindowsIdentity(UserToken);
>> WindowsImpersonationContext ImpersonatedUser =
>> SystemMonitorUser.Impersonate();
>> Console.WriteLine(SystemMonitorUser.Name);
>>
>> try
>> {
>> Process[] _process;
>>
>> _process = Process.GetProcesses("192.168.6.236");
>> foreach (Process p in _process)
>> {
>> Console.WriteLine(p.ProcessName.ToString());
>> }
>> }
>> catch (Exception ex)
>> {
>> Console.WriteLine(ex.Message);
>> throw ex;
>> }
>> ImpersonatedUser.Undo();
>> }
>> }
>> Ian
>>
>> --
>> "Life should NOT be a journey to the grave
>> with the intention of arriving safely in an
>> attractive and well preserved body,
>> but rather to skid in sideways,
>> chocolate in one hand, beer in the other,
>> body thoroughly used up,
>> totally worn out and screaming
>> WOO HOO what a ride!"
>>
>>
>
>



Nov 16 '05 #8
Nicholas,

That is infact what I have been doing but I have also been changing the
domain name in the call
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr
phToken);

and I have even tried imbedding it twice i.e. impersonating a high priv user
locally and then trying to impersonate that user onto the remote box, which
is where the account is also set up but this has been to no avail.

Think I will try some more tomorrow as I have now finished for the day.

Ian

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:uo*************@TK2MSFTNGP14.phx.gbl...
Ian,

If you are running code on one machine, you aren't creating the
impersonation on the other machine. You are creating an impersonation on
the local machine. If you are in a workgroup, then you aren't going to be
able to impersonate that user on the other machine (I believe) because the
users are actually different.

Rather, you have to impersonate a user on the local machine, and then
try to perform an operation on the other machine (in workgroup mode, the way it works is that you have to have two accounts with the same login name and password which match).
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net...
Hi

I might be sounding a bit thick but if the user creating the impersonation on the remote machine had the rights to do this then why would it need to impersonate at all? Or is the impersonate user rights actually lower that say restarting a windows service?

Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in
message news:eK**************@TK2MSFTNGP10.phx.gbl...
Ian,

Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)

--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net...
> Does the WindowsIdentity class require the current user to have these
> rights?
>
>
> "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com>
> wrote
> in
> message news:%2****************@TK2MSFTNGP09.phx.gbl...
>> Ian,
>>
>> This might be a foolish question, but does the user account on the >> machine you are running the code on have rights to impersonate a user
on
> the
>> other machine? My guess is that it doesn't.
>>
>> --
>> - Nicholas Paldino [.NET/C# MVP]
>> - mv*@spam.guard.caspershouse.com
>>
>> "Ian Frawley" <ch****@away.com> wrote in message
>> news:QK************@news-1.opaltelecom.net...
>> Anyone used the WindowsIdentity class with success? I find if I try

to >> change the current identity to one that exists on another machine and >> then
>> try to perform and action on that machine i.e. restart a service or

list
> the
>> available processes I keep getting access denied exceptions. Here is
>> an
>> example of my code:
>>
>> [DllImport("advapi32.dll", SetLastError=true)]
>> public extern static bool LogonUser(String lpszUsername, String
>> lpszDomain,
>> String lpszPassword, int dwLogonType,
>> int dwLogonProvider, ref IntPtr phToken);
>> [STAThread]
>> static void Main(string[] args)
>> {
>> IntPtr UserToken = new IntPtr(0);
>> //int UserToken;
>> bool loggedOn;
>> try
>> {
>> loggedOn = LogonUser(
>> "Administrator",
>> Dns.GetHostName(),
>> "",3,0, ref UserToken);
>> }
>> catch(Exception ex)
>> {
>> throw ex;
>> }
>>
>> if(loggedOn)
>> {
>> WindowsIdentity SystemMonitorUser = new
>> WindowsIdentity(UserToken);
>> WindowsImpersonationContext ImpersonatedUser =
>> SystemMonitorUser.Impersonate();
>> Console.WriteLine(SystemMonitorUser.Name);
>>
>> try
>> {
>> Process[] _process;
>>
>> _process = Process.GetProcesses("192.168.6.236");
>> foreach (Process p in _process)
>> {
>> Console.WriteLine(p.ProcessName.ToString());
>> }
>> }
>> catch (Exception ex)
>> {
>> Console.WriteLine(ex.Message);
>> throw ex;
>> }
>> ImpersonatedUser.Undo();
>> }
>> }
>> Ian
>>
>> --
>> "Life should NOT be a journey to the grave
>> with the intention of arriving safely in an
>> attractive and well preserved body,
>> but rather to skid in sideways,
>> chocolate in one hand, beer in the other,
>> body thoroughly used up,
>> totally worn out and screaming
>> WOO HOO what a ride!"
>>
>>
>
>



Nov 16 '05 #9
Not sure what you want to achieve here, you are impersonating a "local" administrator account using a NETWORK logontype(LOGON32_LOGON_NETWORK = 3) to access remote resources, this will never work please consult the platform sdk docs for details on LogonUser.
Here's how you should proceed:
1. Call LogonUser specifying LOGON32_LOGON_NETWORK_CLEARTEXT (8) or LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype AND the impersonating account's credentials need to match the remote account, or
2. (better)Impersonate a remote account using LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype.

Remarks: 1.not sure this works with an empty password, which is a BAD idea anyway for an administrator account.
2. Calling LogonUser is in general a bad thing to do, you better use System.Management classes and WMI to access remote servers process info and performance counters.

Willy.

"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:

[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);

[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);

//int UserToken;
bool loggedOn;

try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}

if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);

try
{
Process[] _process;

_process = Process.GetProcesses("192.168.6.236");

foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}

ImpersonatedUser.Undo();
}

}

Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Nov 16 '05 #10
The identity on the other machine may not have sufficient permissions.
Have you checked out on the permissions of the other computer's
identity?

with regards,
J.V.Ravichandran
- http://www.geocities.com/
jvravichandran
- http://www.411asp.net/func/search?
qry=Ravichandran+J.V.&cob=aspnetpro
- http://www.southasianoutlook.com
- http://www.MSDNAA.Net
- http://www.csharphelp.com
- http://www.poetry.com/Publications/
display.asp?ID=P3966388&BN=999&PN=2
- Or, just search on "J.V.Ravichandran"
at http://www.Google.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 16 '05 #11
Hi yes the identity on the remote machine has administrator privilages.
Its confusing me as if I run the code on the local machine it starts and
stops the service but when I stick it on another box it starts having this
problem.

Ian

"Ravichandran J.V." <jv************@yahoo.com> wrote in message
news:uH**************@TK2MSFTNGP15.phx.gbl...
The identity on the other machine may not have sufficient permissions.
Have you checked out on the permissions of the other computer's
identity?

with regards,
J.V.Ravichandran
- http://www.geocities.com/
jvravichandran
- http://www.411asp.net/func/search?
qry=Ravichandran+J.V.&cob=aspnetpro
- http://www.southasianoutlook.com
- http://www.MSDNAA.Net
- http://www.csharphelp.com
- http://www.poetry.com/Publications/
display.asp?ID=P3966388&BN=999&PN=2
- Or, just search on "J.V.Ravichandran"
at http://www.Google.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 16 '05 #12
No, that's not the reason. When using LOGON32_LOGON_NETWORK (value 3) as
LogonType, the token returned by LogonUser is an "impersonation token", such
a token CANNOT be used in WindowsIdentity.Impersonate() in order to access
network resources. The impersonated user has no network access, so the
"Access is denied" exception really should have a
"System.InvalidOperationException: Couldn't connect to remote machine "
inner exception.

You can convert an "impersonation token" to a "direct token" by calling
Win32 DuplicateToken, but it's much easier to call LogonUser with
LOGON32_LOGON_NETWORK_CLEARTEXT or LOGON32_LOGON_NEW_CREDENTIALS as
Logontype.

Willy.

"Ravichandran J.V." <jv************@yahoo.com> wrote in message
news:uH**************@TK2MSFTNGP15.phx.gbl...
The identity on the other machine may not have sufficient permissions.
Have you checked out on the permissions of the other computer's
identity?

with regards,
J.V.Ravichandran
- http://www.geocities.com/
jvravichandran
- http://www.411asp.net/func/search?
qry=Ravichandran+J.V.&cob=aspnetpro
- http://www.southasianoutlook.com
- http://www.MSDNAA.Net
- http://www.csharphelp.com
- http://www.poetry.com/Publications/
display.asp?ID=P3966388&BN=999&PN=2
- Or, just search on "J.V.Ravichandran"
at http://www.Google.com

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 16 '05 #13

"Ian Frawley" <ch****@away.com> wrote in message
news:73*************@news-1.opaltelecom.net...
Hi yes the identity on the remote machine has administrator privilages.
Its confusing me as if I run the code on the local machine it starts and
stops the service but when I stick it on another box it starts having this
problem.


Did you read my other replies? and did you get the remote process
enumeration finally working ?
Could you post your code that tries to stop a remote service?

Willy.


Nov 16 '05 #14
Finally sussed it, sorry didn't see your mails but this enumerates the
processes on a remote machine:
(Provided the local user exists on the remote machine)

[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,

int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
static void Main(string[] args)
{

IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);

try
{
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
const int SecurityImpersonation = 2;

tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;

bool LoggedOn = LogonUser("User", Dns.GetHostName(), "Password",
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);

if(LoggedOn)
{
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation,
ref dupeTokenHandle);

if(retVal)
{
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser =
newId.Impersonate();

Process[] _process;
_process = Process.GetProcesses("192.168.6.236");

foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}

impersonatedUser.Undo();
}
}

if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);

if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
}
catch(Exception ex)
{
Console.WriteLine("Exception occurred. " + ex.Message);
}
}
Nov 16 '05 #15

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: moemeelaung | last post by:
Hi ASP/Windows experts out there I really need help with this Impersonate function. I have machine A and B. A hosts my ASP page which is to create a user account on the machine B. The...
1
by: Angelo Castigliola III | last post by:
I am trying to write to the registry of a remote computer that is not on a domain from a computer that is on a domain. I am trying to impersonate an administrator account that is on this remote...
8
by: BLiTZWiNG | last post by:
After playing with the code shown and utilising Willy Denyottes' help, I have come to the conclusion that there is some form of difference between the managed WindowsIdentity.Impersonate() over the...
2
by: Divya | last post by:
Hello, I am developing a simple move file utility to move files from one domain to another in the same internal network. My program runs fine when it reads the parameters (user, domain, password...
6
by: Erez Shor | last post by:
Hi, I need to build and asp page which access a remote windows server's registry and create a registry key. In order for the ASP page to be able to access the registry on the remote server I need...
1
by: Svein Terje Gaup | last post by:
I have a website running on Windows 2000 Server, that should be able to retrieve data from a datawarehouse on another machine running Windows 2000 Server, SQL Server 2000 and SQL Server 2000...
1
by: Sorin Sandu | last post by:
How can I override Identity Impersonate setting from machine.config on a site on the same server ? I am using impersonate on most web sites but on one I need to use Windows Identity.
2
by: rockdale | last post by:
Hi, all: My asp.net application calles MS speech 5.1 and generate a wav file on server's path. Everything runs perfectly on my development machine. But when I move the appl to production server,...
4
by: =?Utf-8?B?QXZhRGV2?= | last post by:
ASP.Net 2. We are migrating to Windows 2008 64 bit Server with IIS 7 from Windows 2003 32 Bit with IIS 6. A few library classes we wrote uses impersonation in code like explained in this...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.