Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:
[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}
if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);
try
{
Process[] _process;
_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!" 14 3410
Ian,
This might be a foolish question, but does the user account on the
machine you are running the code on have rights to impersonate a user on the
other machine? My guess is that it doesn't.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message
news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to
change the current identity to one that exists on another machine and then
try to perform and action on that machine i.e. restart a service or list the
available processes I keep getting access denied exceptions. Here is an
example of my code:
[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String
lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}
if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser =
SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);
try
{
Process[] _process;
_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
Does the WindowsIdentity class require the current user to have these
rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:%2****************@TK2MSFTNGP09.phx.gbl... Ian,
This might be a foolish question, but does the user account on the machine you are running the code on have rights to impersonate a user on
the other machine? My guess is that it doesn't.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net... Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list
the available processes I keep getting access denied exceptions. Here is an example of my code:
[DllImport("advapi32.dll", SetLastError=true)] public extern static bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [STAThread] static void Main(string[] args) { IntPtr UserToken = new IntPtr(0); //int UserToken; bool loggedOn; try { loggedOn = LogonUser( "Administrator", Dns.GetHostName(), "",3,0, ref UserToken); } catch(Exception ex) { throw ex; }
if(loggedOn) { WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken); WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate(); Console.WriteLine(SystemMonitorUser.Name);
try { Process[] _process;
_process = Process.GetProcesses("192.168.6.236"); foreach (Process p in _process) { Console.WriteLine(p.ProcessName.ToString()); } } catch (Exception ex) { Console.WriteLine(ex.Message); throw ex; } ImpersonatedUser.Undo(); } } Ian
-- "Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, beer in the other, body thoroughly used up, totally worn out and screaming WOO HOO what a ride!"
Ian,
Absolutely. How secure would an OS be if anyone could impersonate
anyone else? =)
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message
news:92************@news-1.opaltelecom.net... Does the WindowsIdentity class require the current user to have these rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... Ian,
This might be a foolish question, but does the user account on the machine you are running the code on have rights to impersonate a user on the other machine? My guess is that it doesn't.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net... Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:
[DllImport("advapi32.dll", SetLastError=true)] public extern static bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [STAThread] static void Main(string[] args) { IntPtr UserToken = new IntPtr(0); //int UserToken; bool loggedOn; try { loggedOn = LogonUser( "Administrator", Dns.GetHostName(), "",3,0, ref UserToken); } catch(Exception ex) { throw ex; }
if(loggedOn) { WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken); WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate(); Console.WriteLine(SystemMonitorUser.Name);
try { Process[] _process;
_process = Process.GetProcesses("192.168.6.236"); foreach (Process p in _process) { Console.WriteLine(p.ProcessName.ToString()); } } catch (Exception ex) { Console.WriteLine(ex.Message); throw ex; } ImpersonatedUser.Undo(); } } Ian
-- "Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, beer in the other, body thoroughly used up, totally worn out and screaming WOO HOO what a ride!"
Hi
I might be sounding a bit thick but if the user creating the impersonation
on the remote machine had the rights to do this then why would it need to
impersonate at all? Or is the impersonate user rights actually lower that
say restarting a windows service?
Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:eK**************@TK2MSFTNGP10.phx.gbl... Ian,
Absolutely. How secure would an OS be if anyone could impersonate anyone else? =)
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:92************@news-1.opaltelecom.net... Does the WindowsIdentity class require the current user to have these rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... Ian,
This might be a foolish question, but does the user account on the machine you are running the code on have rights to impersonate a user
on the other machine? My guess is that it doesn't.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net... Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or
list the available processes I keep getting access denied exceptions. Here is an example of my code:
[DllImport("advapi32.dll", SetLastError=true)] public extern static bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [STAThread] static void Main(string[] args) { IntPtr UserToken = new IntPtr(0); //int UserToken; bool loggedOn; try { loggedOn = LogonUser( "Administrator", Dns.GetHostName(), "",3,0, ref UserToken); } catch(Exception ex) { throw ex; }
if(loggedOn) { WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken); WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate(); Console.WriteLine(SystemMonitorUser.Name);
try { Process[] _process;
_process = Process.GetProcesses("192.168.6.236"); foreach (Process p in _process) { Console.WriteLine(p.ProcessName.ToString()); } } catch (Exception ex) { Console.WriteLine(ex.Message); throw ex; } ImpersonatedUser.Undo(); } } Ian
-- "Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, beer in the other, body thoroughly used up, totally worn out and screaming WOO HOO what a ride!"
Where does the impersonate user right live?
Ian
"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net... Hi
I might be sounding a bit thick but if the user creating the impersonation on the remote machine had the rights to do this then why would it need to impersonate at all? Or is the impersonate user rights actually lower that say restarting a windows service?
Ian "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote
in message news:eK**************@TK2MSFTNGP10.phx.gbl... Ian,
Absolutely. How secure would an OS be if anyone could impersonate anyone else? =)
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:92************@news-1.opaltelecom.net... Does the WindowsIdentity class require the current user to have these rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com>
wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... > Ian, > > This might be a foolish question, but does the user account on
the> machine you are running the code on have rights to impersonate a user on the > other machine? My guess is that it doesn't. > > -- > - Nicholas Paldino [.NET/C# MVP] > - mv*@spam.guard.caspershouse.com > > "Ian Frawley" <ch****@away.com> wrote in message > news:QK************@news-1.opaltelecom.net... > Anyone used the WindowsIdentity class with success? I find if I try
to> change the current identity to one that exists on another machine and > then > try to perform and action on that machine i.e. restart a service or list the > available processes I keep getting access denied exceptions. Here is
an> example of my code: > > [DllImport("advapi32.dll", SetLastError=true)] > public extern static bool LogonUser(String lpszUsername, String > lpszDomain, > String lpszPassword, int dwLogonType, > int dwLogonProvider, ref IntPtr phToken); > [STAThread] > static void Main(string[] args) > { > IntPtr UserToken = new IntPtr(0); > //int UserToken; > bool loggedOn; > try > { > loggedOn = LogonUser( > "Administrator", > Dns.GetHostName(), > "",3,0, ref UserToken); > } > catch(Exception ex) > { > throw ex; > } > > if(loggedOn) > { > WindowsIdentity SystemMonitorUser = new
WindowsIdentity(UserToken);> WindowsImpersonationContext ImpersonatedUser = > SystemMonitorUser.Impersonate(); > Console.WriteLine(SystemMonitorUser.Name); > > try > { > Process[] _process; > > _process = Process.GetProcesses("192.168.6.236"); > foreach (Process p in _process) > { > Console.WriteLine(p.ProcessName.ToString()); > } > } > catch (Exception ex) > { > Console.WriteLine(ex.Message); > throw ex; > } > ImpersonatedUser.Undo(); > } > } > Ian > > -- > "Life should NOT be a journey to the grave > with the intention of arriving safely in an > attractive and well preserved body, > but rather to skid in sideways, > chocolate in one hand, beer in the other, > body thoroughly used up, > totally worn out and screaming > WOO HOO what a ride!" > >
Where does the impersonate user right live?
Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:eK**************@TK2MSFTNGP10.phx.gbl... Ian,
Absolutely. How secure would an OS be if anyone could impersonate anyone else? =)
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:92************@news-1.opaltelecom.net... Does the WindowsIdentity class require the current user to have these rights?
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... Ian,
This might be a foolish question, but does the user account on the machine you are running the code on have rights to impersonate a user
on the other machine? My guess is that it doesn't.
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net... Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or
list the available processes I keep getting access denied exceptions. Here is an example of my code:
[DllImport("advapi32.dll", SetLastError=true)] public extern static bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [STAThread] static void Main(string[] args) { IntPtr UserToken = new IntPtr(0); //int UserToken; bool loggedOn; try { loggedOn = LogonUser( "Administrator", Dns.GetHostName(), "",3,0, ref UserToken); } catch(Exception ex) { throw ex; }
if(loggedOn) { WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken); WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate(); Console.WriteLine(SystemMonitorUser.Name);
try { Process[] _process;
_process = Process.GetProcesses("192.168.6.236"); foreach (Process p in _process) { Console.WriteLine(p.ProcessName.ToString()); } } catch (Exception ex) { Console.WriteLine(ex.Message); throw ex; } ImpersonatedUser.Undo(); } } Ian
-- "Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, beer in the other, body thoroughly used up, totally worn out and screaming WOO HOO what a ride!"
Ian,
If you are running code on one machine, you aren't creating the
impersonation on the other machine. You are creating an impersonation on
the local machine. If you are in a workgroup, then you aren't going to be
able to impersonate that user on the other machine (I believe) because the
users are actually different.
Rather, you have to impersonate a user on the local machine, and then
try to perform an operation on the other machine (in workgroup mode, the way
it works is that you have to have two accounts with the same login name and
password which match).
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message
news:Tv************@news-1.opaltelecom.net... Hi
I might be sounding a bit thick but if the user creating the impersonation on the remote machine had the rights to do this then why would it need to impersonate at all? Or is the impersonate user rights actually lower that say restarting a windows service?
Ian "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:eK**************@TK2MSFTNGP10.phx.gbl... Ian,
Absolutely. How secure would an OS be if anyone could impersonate anyone else? =)
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:92************@news-1.opaltelecom.net... > Does the WindowsIdentity class require the current user to have these > rights? > > > "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> > wrote > in > message news:%2****************@TK2MSFTNGP09.phx.gbl... >> Ian, >> >> This might be a foolish question, but does the user account on the >> machine you are running the code on have rights to impersonate a user on > the >> other machine? My guess is that it doesn't. >> >> -- >> - Nicholas Paldino [.NET/C# MVP] >> - mv*@spam.guard.caspershouse.com >> >> "Ian Frawley" <ch****@away.com> wrote in message >> news:QK************@news-1.opaltelecom.net... >> Anyone used the WindowsIdentity class with success? I find if I try to >> change the current identity to one that exists on another machine and >> then >> try to perform and action on that machine i.e. restart a service or list > the >> available processes I keep getting access denied exceptions. Here is >> an >> example of my code: >> >> [DllImport("advapi32.dll", SetLastError=true)] >> public extern static bool LogonUser(String lpszUsername, String >> lpszDomain, >> String lpszPassword, int dwLogonType, >> int dwLogonProvider, ref IntPtr phToken); >> [STAThread] >> static void Main(string[] args) >> { >> IntPtr UserToken = new IntPtr(0); >> //int UserToken; >> bool loggedOn; >> try >> { >> loggedOn = LogonUser( >> "Administrator", >> Dns.GetHostName(), >> "",3,0, ref UserToken); >> } >> catch(Exception ex) >> { >> throw ex; >> } >> >> if(loggedOn) >> { >> WindowsIdentity SystemMonitorUser = new >> WindowsIdentity(UserToken); >> WindowsImpersonationContext ImpersonatedUser = >> SystemMonitorUser.Impersonate(); >> Console.WriteLine(SystemMonitorUser.Name); >> >> try >> { >> Process[] _process; >> >> _process = Process.GetProcesses("192.168.6.236"); >> foreach (Process p in _process) >> { >> Console.WriteLine(p.ProcessName.ToString()); >> } >> } >> catch (Exception ex) >> { >> Console.WriteLine(ex.Message); >> throw ex; >> } >> ImpersonatedUser.Undo(); >> } >> } >> Ian >> >> -- >> "Life should NOT be a journey to the grave >> with the intention of arriving safely in an >> attractive and well preserved body, >> but rather to skid in sideways, >> chocolate in one hand, beer in the other, >> body thoroughly used up, >> totally worn out and screaming >> WOO HOO what a ride!" >> >> > >
Nicholas,
That is infact what I have been doing but I have also been changing the
domain name in the call
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr
phToken);
and I have even tried imbedding it twice i.e. impersonating a high priv user
locally and then trying to impersonate that user onto the remote box, which
is where the account is also set up but this has been to no avail.
Think I will try some more tomorrow as I have now finished for the day.
Ian
"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in
message news:uo*************@TK2MSFTNGP14.phx.gbl... Ian,
If you are running code on one machine, you aren't creating the impersonation on the other machine. You are creating an impersonation on the local machine. If you are in a workgroup, then you aren't going to be able to impersonate that user on the other machine (I believe) because the users are actually different.
Rather, you have to impersonate a user on the local machine, and then try to perform an operation on the other machine (in workgroup mode, the
way it works is that you have to have two accounts with the same login name
and password which match).
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com "Ian Frawley" <ch****@away.com> wrote in message news:Tv************@news-1.opaltelecom.net... Hi
I might be sounding a bit thick but if the user creating the
impersonation on the remote machine had the rights to do this then why would it need
to impersonate at all? Or is the impersonate user rights actually lower
that say restarting a windows service?
Ian "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> wrote in message news:eK**************@TK2MSFTNGP10.phx.gbl... Ian,
Absolutely. How secure would an OS be if anyone could impersonate anyone else? =)
-- - Nicholas Paldino [.NET/C# MVP] - mv*@spam.guard.caspershouse.com
"Ian Frawley" <ch****@away.com> wrote in message news:92************@news-1.opaltelecom.net... > Does the WindowsIdentity class require the current user to have these > rights? > > > "Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard.caspershouse.com> > wrote > in > message news:%2****************@TK2MSFTNGP09.phx.gbl... >> Ian, >> >> This might be a foolish question, but does the user account on
the >> machine you are running the code on have rights to impersonate a
user on > the >> other machine? My guess is that it doesn't. >> >> -- >> - Nicholas Paldino [.NET/C# MVP] >> - mv*@spam.guard.caspershouse.com >> >> "Ian Frawley" <ch****@away.com> wrote in message >> news:QK************@news-1.opaltelecom.net... >> Anyone used the WindowsIdentity class with success? I find if I try
to >> change the current identity to one that exists on another machine
and >> then >> try to perform and action on that machine i.e. restart a service or list > the >> available processes I keep getting access denied exceptions. Here is >> an >> example of my code: >> >> [DllImport("advapi32.dll", SetLastError=true)] >> public extern static bool LogonUser(String lpszUsername, String >> lpszDomain, >> String lpszPassword, int dwLogonType, >> int dwLogonProvider, ref IntPtr phToken); >> [STAThread] >> static void Main(string[] args) >> { >> IntPtr UserToken = new IntPtr(0); >> //int UserToken; >> bool loggedOn; >> try >> { >> loggedOn = LogonUser( >> "Administrator", >> Dns.GetHostName(), >> "",3,0, ref UserToken); >> } >> catch(Exception ex) >> { >> throw ex; >> } >> >> if(loggedOn) >> { >> WindowsIdentity SystemMonitorUser = new >> WindowsIdentity(UserToken); >> WindowsImpersonationContext ImpersonatedUser = >> SystemMonitorUser.Impersonate(); >> Console.WriteLine(SystemMonitorUser.Name); >> >> try >> { >> Process[] _process; >> >> _process = Process.GetProcesses("192.168.6.236"); >> foreach (Process p in _process) >> { >> Console.WriteLine(p.ProcessName.ToString()); >> } >> } >> catch (Exception ex) >> { >> Console.WriteLine(ex.Message); >> throw ex; >> } >> ImpersonatedUser.Undo(); >> } >> } >> Ian >> >> -- >> "Life should NOT be a journey to the grave >> with the intention of arriving safely in an >> attractive and well preserved body, >> but rather to skid in sideways, >> chocolate in one hand, beer in the other, >> body thoroughly used up, >> totally worn out and screaming >> WOO HOO what a ride!" >> >> > >
Not sure what you want to achieve here, you are impersonating a "local" administrator account using a NETWORK logontype(LOGON32_LOGON_NETWORK = 3) to access remote resources, this will never work please consult the platform sdk docs for details on LogonUser.
Here's how you should proceed:
1. Call LogonUser specifying LOGON32_LOGON_NETWORK_CLEARTEXT (8) or LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype AND the impersonating account's credentials need to match the remote account, or
2. (better)Impersonate a remote account using LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype.
Remarks: 1.not sure this works with an empty password, which is a BAD idea anyway for an administrator account.
2. Calling LogonUser is in general a bad thing to do, you better use System.Management classes and WMI to access remote servers process info and performance counters.
Willy.
"Ian Frawley" <ch****@away.com> wrote in message news:QK************@news-1.opaltelecom.net...
Anyone used the WindowsIdentity class with success? I find if I try to change the current identity to one that exists on another machine and then try to perform and action on that machine i.e. restart a service or list the available processes I keep getting access denied exceptions. Here is an example of my code:
[DllImport("advapi32.dll", SetLastError=true)]
public extern static bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword, int dwLogonType,
int dwLogonProvider, ref IntPtr phToken);
[STAThread]
static void Main(string[] args)
{
IntPtr UserToken = new IntPtr(0);
//int UserToken;
bool loggedOn;
try
{
loggedOn = LogonUser(
"Administrator",
Dns.GetHostName(),
"",3,0, ref UserToken);
}
catch(Exception ex)
{
throw ex;
}
if(loggedOn)
{
WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
WindowsImpersonationContext ImpersonatedUser = SystemMonitorUser.Impersonate();
Console.WriteLine(SystemMonitorUser.Name);
try
{
Process[] _process;
_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
throw ex;
}
ImpersonatedUser.Undo();
}
}
Ian
--
"Life should NOT be a journey to the grave
with the intention of arriving safely in an
attractive and well preserved body,
but rather to skid in sideways,
chocolate in one hand, beer in the other,
body thoroughly used up,
totally worn out and screaming
WOO HOO what a ride!"
No, that's not the reason. When using LOGON32_LOGON_NETWORK (value 3) as
LogonType, the token returned by LogonUser is an "impersonation token", such
a token CANNOT be used in WindowsIdentity.Impersonate() in order to access
network resources. The impersonated user has no network access, so the
"Access is denied" exception really should have a
"System.InvalidOperationException: Couldn't connect to remote machine "
inner exception.
You can convert an "impersonation token" to a "direct token" by calling
Win32 DuplicateToken, but it's much easier to call LogonUser with
LOGON32_LOGON_NETWORK_CLEARTEXT or LOGON32_LOGON_NEW_CREDENTIALS as
Logontype.
Willy.
"Ravichandran J.V." <jv************@yahoo.com> wrote in message
news:uH**************@TK2MSFTNGP15.phx.gbl... The identity on the other machine may not have sufficient permissions. Have you checked out on the permissions of the other computer's identity?
with regards,
J.V.Ravichandran - http://www.geocities.com/ jvravichandran - http://www.411asp.net/func/search? qry=Ravichandran+J.V.&cob=aspnetpro - http://www.southasianoutlook.com - http://www.MSDNAA.Net - http://www.csharphelp.com - http://www.poetry.com/Publications/ display.asp?ID=P3966388&BN=999&PN=2 - Or, just search on "J.V.Ravichandran" at http://www.Google.com
*** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it!
"Ian Frawley" <ch****@away.com> wrote in message
news:73*************@news-1.opaltelecom.net... Hi yes the identity on the remote machine has administrator privilages. Its confusing me as if I run the code on the local machine it starts and stops the service but when I stick it on another box it starts having this problem.
Did you read my other replies? and did you get the remote process
enumeration finally working ?
Could you post your code that tries to stop a remote service?
Willy.
Finally sussed it, sorry didn't see your mails but this enumerates the
processes on a remote machine:
(Provided the local user exists on the remote machine)
[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
static void Main(string[] args)
{
IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);
try
{
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
const int SecurityImpersonation = 2;
tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;
bool LoggedOn = LogonUser("User", Dns.GetHostName(), "Password",
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);
if(LoggedOn)
{
bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation,
ref dupeTokenHandle);
if(retVal)
{
WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser =
newId.Impersonate();
Process[] _process;
_process = Process.GetProcesses("192.168.6.236");
foreach (Process p in _process)
{
Console.WriteLine(p.ProcessName.ToString());
}
impersonatedUser.Undo();
}
}
if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);
if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
}
catch(Exception ex)
{
Console.WriteLine("Exception occurred. " + ex.Message);
}
} This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: moemeelaung |
last post by:
Hi ASP/Windows experts out there
I really need help with this Impersonate function.
I have machine A and B. A hosts my ASP page which is to create a user
account on the machine B. The...
|
by: Angelo Castigliola III |
last post by:
I am trying to write to the registry of a remote computer that is not on a
domain from a computer that is on a domain. I am trying to impersonate an
administrator account that is on this remote...
|
by: BLiTZWiNG |
last post by:
After playing with the code shown and utilising Willy Denyottes' help, I have
come to the conclusion that there is some form of difference between the
managed WindowsIdentity.Impersonate() over the...
|
by: Divya |
last post by:
Hello,
I am developing a simple move file utility to move files from one domain to
another in the same internal network. My program runs fine when it reads the
parameters (user, domain, password...
|
by: Erez Shor |
last post by:
Hi,
I need to build and asp page which access a remote windows server's
registry and create a registry key.
In order for the ASP page to be able to access the registry on the
remote server I need...
|
by: Svein Terje Gaup |
last post by:
I have a website running on Windows 2000 Server, that should be able to
retrieve data from a datawarehouse on another machine running Windows 2000
Server, SQL Server 2000 and SQL Server 2000...
|
by: Sorin Sandu |
last post by:
How can I override Identity Impersonate setting from machine.config on a
site on the same server ?
I am using impersonate on most web sites but on one I need to use Windows
Identity.
|
by: rockdale |
last post by:
Hi, all:
My asp.net application calles MS speech 5.1 and generate a wav file on
server's path. Everything runs perfectly on my development machine. But
when I move the appl to production server,...
|
by: =?Utf-8?B?QXZhRGV2?= |
last post by:
ASP.Net 2.
We are migrating to Windows 2008 64 bit Server with IIS 7 from Windows 2003
32 Bit with IIS 6. A few library classes we wrote uses impersonation in code
like explained in this...
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
| |