Network Impersonation Question
From: Derek Hamilton (derek@capweb.com)
Date: 07/25/02
- Next message: Mike Moore: "RE: .pdf security using ASP.NET security..."
- Previous message: Laurent Allardin: "impact of mapping .??? to ASP.NET ISAPI???"
- Next in thread: Patrick C. Cole: "RE: Network Impersonation Question"
- Reply: Patrick C. Cole: "RE: Network Impersonation Question"
- Reply: Willy Denoyette [MVP]: "Re: Network Impersonation Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Derek Hamilton" <derek@capweb.com> Date: Wed, 24 Jul 2002 20:23:17 -0700
I am attempting to impersonate a user and then perform active directory
updates/searches with that identity. I am not having a problem
impersonating the user until I try to do a network action. The below is the
code I'm testing with (sorry about the formatting):
-----Code Block-----
[assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum,
UnmanagedCode=true)]
namespace ImpersonateTest
{
class Class1
{
[DllImport("advapi32.dll")]
public static extern int LogonUser(String lpszUsername, String lpszDomain,
String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("advapi32.dll",
CharSet=System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)]
public extern static int DuplicateToken(IntPtr hToken, int
impersonationLevel, ref IntPtr hNewToken);
[STAThread]
static void Main(string[] args)
{
Class1 c = new Class1();
if(c.ValidateUser("user", "domain", "password"))
{
Console.WriteLine("Impersonating User");
Console.WriteLine("Connecting to Directory");
DirectoryEntry objRoot = new DirectoryEntry("LDAP://DC=domain,DC=com");
foreach (DirectoryEntry de in objRoot.Children)
{
Console.WriteLine(de.Path);
foreach (DirectoryEntry de2 in de.Children)
{
Console.WriteLine("" + de2.Path);
}
}
c.impersonationContext.Undo();
}
else
Console.WriteLine("Impersonation failed");
Console.Read();
}
public bool ValidateUser(string userName, string domain, string password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUser(userName, domain, password, 3, 0, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
return true;
else
return false;
}
else
return false;
}
else
return false;
}
WindowsImpersonationContext impersonationContext;
}
}
-----End Block----
I found the ValidateUser code in a knowledge base article (sorry, didn't
keep the link) and noticed the DuplicateToken call. The hardcoded value 3
is a value that should set the Security Impersonation level to work on
network resources also.
I'm wondering if any other type of delegation has to happen to access the
network as the correct user?
BTW, I don't get any error messages, the application just ends.
TIA,
Derek Hamilton
- Next message: Mike Moore: "RE: .pdf security using ASP.NET security..."
- Previous message: Laurent Allardin: "impact of mapping .??? to ASP.NET ISAPI???"
- Next in thread: Patrick C. Cole: "RE: Network Impersonation Question"
- Reply: Patrick C. Cole: "RE: Network Impersonation Question"
- Reply: Willy Denoyette [MVP]: "Re: Network Impersonation Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
