Hi Dan,
I am sorry that I ahve made a mistake about the LogonUser.
Based on my test, we can use the LogonUser and WindowsIdentity to
impersonate the current thread running at another high rights account .e.g
the administrator.
<PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _
Private Sub Impersonate()
Dim tokenHandle As New IntPtr(0)
Dim dupeTokenHandle As New IntPtr(0)
Try
Dim userName, domainName As String
domainName = Environment.MachineName
userName = "Test"
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
Const SecurityImpersonation As Integer = 2
tokenHandle = IntPtr.Zero
dupeTokenHandle = IntPtr.Zero
Dim returnValue As Boolean = LogonUser(userName, domainName,
"Password01!", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
tokenHandle)
Console.WriteLine("LogonUser called.")
If False = returnValue Then
Dim ret As Integer = Marshal.GetLastWin32Error()
Console.WriteLine("LogonUser failed with error code : {0}",
ret)
Console.WriteLine(ControlChars.Cr + "Error: [{0}] {1}" +
ControlChars.Cr, ret, GetErrorMessage(ret))
Return
End If
Dim success As String
If returnValue Then success = "Yes" Else success = "No"
Console.WriteLine(("Did LogonUser succeed? " + success))
Console.WriteLine(("Value of Windows NT token: " +
tokenHandle.ToString()))
' Check the identity.
Console.WriteLine(("Before impersonation: " +
WindowsIdentity.GetCurrent().Name))
Dim retVal As Boolean = DuplicateToken(tokenHandle,
SecurityImpersonation, dupeTokenHandle)
If False = retVal Then
CloseHandle(tokenHandle)
Console.WriteLine("Exception thrown in trying to duplicate
token.")
Return
End If
' TThe token that is passed to the following constructor must
' be a primary token in order to use it for impersonation.
Dim newId As New WindowsIdentity(dupeTokenHandle)
Dim impersonatedUser As WindowsImpersonationContext =
newId.Impersonate()
' Check the identity.
System.Diagnostics.Debug.WriteLine(("After impersonation: " +
WindowsIdentity.GetCurrent().Name))
Test()
' Stop impersonating the user.
impersonatedUser.Undo()
' Check the identity.
System.Diagnostics.Debug.WriteLine(("After Undo: " +
WindowsIdentity.GetCurrent().Name))
' Free the tokens.
If Not System.IntPtr.op_Equality(tokenHandle, IntPtr.Zero) Then
CloseHandle(tokenHandle)
End If
If Not System.IntPtr.op_Equality(dupeTokenHandle, IntPtr.Zero)
Then
CloseHandle(dupeTokenHandle)
End If
Catch ex As Exception
Console.WriteLine(("Exception occurred. " + ex.Message))
End Try
End Sub
Private Sub Test()
Dim subkey As RegistryKey =
Registry.CurrentUser.OpenSubKey("Software\Microsof t\Windows\CurrentVersion\P
olicies\Explorer\Test", True)
subkey.SetValue("Hello", 1)
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
Try
Test() 'The line will fail, because the current user account
has not permission.
Catch ex As Exception
MsgBox(ex.ToString())
End Try
Impersonate() 'Impersonate to another user to do the registry key
write..
End Sub
Also here is a detailed link about the issue, you may take at look.
How to impersonate a user in .NET (VB.NET, C#)
http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemSecurityPrincipalWindowsIdentityClassIm personateTopic2.asp
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.