Re: Change impersonation on the fly

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 04/20/05

Next message: Seb: "File Write Access Denied with ASP .NET on Domain Controler"

Previous message: Brock Allen: "Re: Worker Process Account for ASP.NET"
Maybe in reply to: Brock Allen: "Re: Change impersonation on the fly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 20 Apr 2005 02:17:29 -0700

Yeah, sorry, typo in my code sample. It should be something like this:

WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);

// do your AD stuff now as the identity of the process (not the user)

ctx.Undo(); // go back to being the user

-Brock
DevelopMentor
http://staff.develop.com/ballen

> Brock,
>
> I don't quiet follow. Am a passing the current identity into the
> WindowsImpersonationContext? This is what I have?
>
> ' Check the identity.
> Response.Write(("Before impersonation: " +
> WindowsIdentity.GetCurrent().Name) + "<br>")
> Dim newID As New
> WindowsIdentity(WindowsIdentity.GetCurrent().Token)
> Dim impersonatedUser As WindowsImpersonationContext =
> newID.Impersonate()
> ' Check the identity.
> Response.Write(("After impersonation: " +
> WindowsIdentity.GetCurrent().Name) + "<br>")
> ' Stop impersonating the user.
> impersonatedUser.Undo()
> ' Check the identity.
> Response.Write(("After Undo: " +
> WindowsIdentity.GetCurrent().Name)
> + "<br>")
> "Brock Allen" <ballen@NOSPAMdevelop.com> wrote in message
> news:499359632495026833585520@msnews.microsoft.com...
> Yep. It's not doc'd (unless you count Dominick Baier as documentation)
> but
> you can call:
> WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence
> call RevertToSelf and then call WindowsImpersonationContext.Undo() to
> go back to your previous identity. WindowsImpersonationContext is the
> return from Impersonate.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>> Normally impersonation is set to true. Due to an intermittent
>> Kerberos issue I'd like to set impersonate='False' on a per session
>> or per error basis. In other works I would like to handle the error
>> by turning impersonation off.
>>
>> This would allow the user experience to continue while I trouble
>> shoot Active Directory.
>>
>> Is this possible?
>>
>> Colin.
>>

Next message: Seb: "File Write Access Denied with ASP .NET on Domain Controler"

Previous message: Brock Allen: "Re: Worker Process Account for ASP.NET"
Maybe in reply to: Brock Allen: "Re: Change impersonation on the fly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Need help with Impersonation!!
... predefined custom webparts. ... To get around this problem, I tried to use impersonation, but it's ... WindowsImpersonationContext wic = ... Domain, string Password) ...
(microsoft.public.sharepoint.portalserver.development)
Re: Thread identity
... both approaches using impersonation will get you in trouble - ... when an attacker can take over the application - he is admin ... > The WindowsImpersonationContext starts and stops impersonation. ... > only other thing is getting the logon token for the administrator to ...
(microsoft.public.dotnet.framework.aspnet.security)
Impersonation
... without a response Regarding Impersonation ... I have tried to use WindowsImpersonationContext and the ... add method of the credentialscache and have not been able ...
(microsoft.public.sharepoint.portalserver.development)