Re: Using LogonUser API in ASP.net with an account other than ASPNet account

From: David Yee via DotNetMonster.com (forum_at_DotNetMonster.com)
Date: 02/28/05 

Date: Mon, 28 Feb 2005 08:50:02 GMT

Hi Sriram,

I am David and would like to know more on the logonuser API that you are
using. Hope you could help me. Currently we are in a project to retrieve
OLAP database metadata for display in a web application.

Following are the settings of our environment:

1. IIS Directory Security with "Unanonymous Access" unchecked.
2. Machine.config (Process Model with username="machine")
3. Web.config (impersonate="true" userName="" password="")
4. aspCompat = "true"
5. The IIS is running in Windows XP and accessing Windows 2003 Server OLAP
Database.

Description of Test:
Test 1: Impersonate but without connection to OLAP Server.
Test 2: Impersonate and with connection to OLAP Server.
Test 3: I have another application with impersonation set manually at
web.config file without any programming impersonation as this one with a
connection to OLAP Server. It works. I can read the metadata.

Output is as after the vb coding down below.

This is the vb coding:
###############################
Imports System
Imports System.Web
Imports System.Web.Security
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions
Imports Microsoft.VisualBasic
<Assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum,
UnmanagedCode:=True), _
 Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum,
Name:="FullTrust")>

Public Class Login
    Inherits System.Web.UI.Page

    Private dsoServer As New DSO.Server
    Private impersonateUser As WindowsImpersonationContext
    'Impersonation Constants
    Const LOGON32_PROVIDER_DEFAULT As Integer = 0
    Const LOGON32_LOGON_INTERACTIVE As Integer = 2

    'Impersonation
    '#############
    Private Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long

    'Impersonation
    '#############
    Private Declare Auto Function ImpersonateLoggedOnUser Lib
"advapi32.dll" (ByVal hToken As IntPtr) As Long

    'Impersonation
    '#############
    Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _
        ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
        ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
        ByRef phToken As IntPtr) As Boolean

    'Impersonation
    '#############
    Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal
handle As IntPtr) As Boolean

    'Impersonation
    '#############
    Public Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal
ExistingTokenHandle As IntPtr, _
            ByVal SECURITY_IMPERSONATION_LEVEL As Integer, _
            ByRef DuplicateTokenHandle As IntPtr) As Boolean

    'Impersonation
    '#############
    <DllImport("kernel32.dll")> _
    Public Shared Function FormatMessage(ByVal dwFlags As Integer, ByRef
lpSource As IntPtr, _
        ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer, ByRef
lpBuffer As [String], _
        ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer
    End Function

    'Impersonation
    '#############
    Public Shared Function GetErrorMessage(ByVal errorCode As Integer) As
String
        Dim FORMAT_MESSAGE_ALLOCATE_BUFFER As Integer = &H100
        Dim FORMAT_MESSAGE_IGNORE_INSERTS As Integer = &H200
        Dim FORMAT_MESSAGE_FROM_SYSTEM As Integer = &H1000

        Dim messageSize As Integer = 255
        Dim lpMsgBuf As String
        Dim dwFlags As Integer = FORMAT_MESSAGE_ALLOCATE_BUFFER Or
FORMAT_MESSAGE_FROM_SYSTEM Or FORMAT_MESSAGE_IGNORE_INSERTS

        Dim ptrlpSource As IntPtr = IntPtr.Zero
        Dim prtArguments As IntPtr = IntPtr.Zero

        Dim retVal As Integer = FormatMessage(dwFlags, ptrlpSource,
errorCode, 0, lpMsgBuf, _
            messageSize, prtArguments)
        If 0 = retVal Then
            Throw New Exception("Failed to format message for error code "
+ errorCode.ToString() + ". ")
        End If

        Return lpMsgBuf
    End Function

    Private Function impersonateValidUser(ByVal userName As String, ByVal
domain As String, ByVal password As String) As Boolean
        Dim tempWindowsIdentity As WindowsIdentity
        Dim token As IntPtr = IntPtr.Zero
        Dim tokenDuplicate As IntPtr = IntPtr.Zero
        impersonateValidUser = False

        If RevertToSelf() Then
            If LogonUser(userName, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
                If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                    tempWindowsIdentity = New WindowsIdentity
(tokenDuplicate)
                    impersonateUser = tempWindowsIdentity.Impersonate()

                    If Not impersonateUser Is Nothing Then
                        impersonateValidUser = True
                    End If
                End If
            End If
        End If

        If Not tokenDuplicate.Equals(IntPtr.Zero) Then
            CloseHandle(tokenDuplicate)
        End If

        If Not token.Equals(IntPtr.Zero) Then
            CloseHandle(token)
        End If
    End Function

    Private Sub undoImpersonation()
        'RevertToSelf()
        impersonateUser.Undo()
    End Sub

#Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

    End Sub
    Protected WithEvents txbDomain As System.Web.UI.WebControls.TextBox
    Protected WithEvents txbUserName As System.Web.UI.WebControls.TextBox
    Protected WithEvents txbPassword As System.Web.UI.WebControls.TextBox
    Protected WithEvents lblDomain As System.Web.UI.WebControls.Label
    Protected WithEvents lblUserName As System.Web.UI.WebControls.Label
    Protected WithEvents lblPassword As System.Web.UI.WebControls.Label
    Protected WithEvents btnLogin As System.Web.UI.WebControls.Button
    Protected WithEvents entries As
System.Web.UI.HtmlControls.HtmlGenericControl

    'NOTE: The following placeholder declaration is required by the Web
Form Designer.
    'Do not delete or move it.
    Private designerPlaceholderDeclaration As System.Object

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
        'CODEGEN: This method call is required by the Web Form Designer
        'Do not modify it using the code editor.
        InitializeComponent()
    End Sub

#End Region

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here

    End Sub

    Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click
        entries.InnerHtml = entries.InnerHtml & "<p>" & "Before : " &
WindowsIdentity.GetCurrent().Name

        If impersonateValidUser(txbUserName.Text, txbDomain.Text,
txbPassword.Text) Then
            entries.InnerHtml = entries.InnerHtml & "<p>" & "After : " &
WindowsIdentity.GetCurrent().Name

            'dsoServer.Connect("sj-isbidw01d")

            undoImpersonation()

            entries.InnerHtml = entries.InnerHtml & "<p>" & "Undo : " &
WindowsIdentity.GetCurrent().Name
        Else
            entries.InnerHtml = entries.InnerHtml & "<p>Impersonation Fails"
        End If

        'Response.Redirect("http://pg-cpyee/WindowsAuth/Main.aspx")
    End Sub
End Class
###############################

Output 1:

Before : ALTERA\CPYEE
After : altera\cpyee-sa
Undo : PG-CPYEE\ASPNET

Output 2:

Cannot open connection to Analysis server 'sj-isbidw01d'. Error in data
[Possible data corruption] '' 

-- 
Message posted via http://www.dotnetmonster.com