Re: Change impersonation on the fly

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 04/20/05

  • Next message: Seb: "File Write Access Denied with ASP .NET on Domain Controler"
    Date: Wed, 20 Apr 2005 02:17:29 -0700
    
    

    Yeah, sorry, typo in my code sample. It should be something like this:

    WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);

    // do your AD stuff now as the identity of the process (not the user)

    ctx.Undo(); // go back to being the user

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > Brock,
    >
    > I don't quiet follow. Am a passing the current identity into the
    > WindowsImpersonationContext? This is what I have?
    >
    > ' Check the identity.
    > Response.Write(("Before impersonation: " +
    > WindowsIdentity.GetCurrent().Name) + "<br>")
    > Dim newID As New
    > WindowsIdentity(WindowsIdentity.GetCurrent().Token)
    > Dim impersonatedUser As WindowsImpersonationContext =
    > newID.Impersonate()
    > ' Check the identity.
    > Response.Write(("After impersonation: " +
    > WindowsIdentity.GetCurrent().Name) + "<br>")
    > ' Stop impersonating the user.
    > impersonatedUser.Undo()
    > ' Check the identity.
    > Response.Write(("After Undo: " +
    > WindowsIdentity.GetCurrent().Name)
    > + "<br>")
    > "Brock Allen" <ballen@NOSPAMdevelop.com> wrote in message
    > news:499359632495026833585520@msnews.microsoft.com...
    > Yep. It's not doc'd (unless you count Dominick Baier as documentation)
    > but
    > you can call:
    > WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence
    > call RevertToSelf and then call WindowsImpersonationContext.Undo() to
    > go back to your previous identity. WindowsImpersonationContext is the
    > return from Impersonate.
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >> Normally impersonation is set to true. Due to an intermittent
    >> Kerberos issue I'd like to set impersonate='False' on a per session
    >> or per error basis. In other works I would like to handle the error
    >> by turning impersonation off.
    >>
    >> This would allow the user experience to continue while I trouble
    >> shoot Active Directory.
    >>
    >> Is this possible?
    >>
    >> Colin.
    >>


  • Next message: Seb: "File Write Access Denied with ASP .NET on Domain Controler"

    Relevant Pages

    • Need help with Impersonation!!
      ... predefined custom webparts. ... To get around this problem, I tried to use impersonation, but it's ... WindowsImpersonationContext wic = ... Domain, string Password) ...
      (microsoft.public.sharepoint.portalserver.development)
    • Re: Thread identity
      ... both approaches using impersonation will get you in trouble - ... when an attacker can take over the application - he is admin ... > The WindowsImpersonationContext starts and stops impersonation. ... > only other thing is getting the logon token for the administrator to ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Impersonation
      ... without a response Regarding Impersonation ... I have tried to use WindowsImpersonationContext and the ... add method of the credentialscache and have not been able ...
      (microsoft.public.sharepoint.portalserver.development)