Re: How can I impersonate a user in code?

From: "Friso Wiskerke" <friso@xxxxxxxxxxxxx>
Date: Thu, 16 Feb 2006 11:09:45 +0100

Joe,

this is the example I tried to use in the web application but failed with a
NotSupported exception when calling the newId.Impersonate method. There's no
problem executing the code in a windows application though.

I think the best way for me at the moment is to use the web.config and
specifically specify the page(s) that the impersonation applies to as stated
in MikeS reply.

Thanx non the less...

Cheers,
Friso Wiskerke

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:ukylI8kMGHA.2604@xxxxxxxxxxxxxxxxxxxxxxx

You can also use the LogonUser API to do this. That's the typical way.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemSecurityPrincipalWindowsImpersonationContextClassTopic.asp?frame=true

Note that if you were trying to use the WindowsIdentity constructor that
takes a UPN, there are bunch of restrictions on how it can be used. That
is the "protocol transition" constructor. PT only works if your AD forest
is 2003 native mode and the client OS is 2003 or higher. Also, you can
only use the returned WindowsIdentity for impersonation to access local
resources if the calling account has "act as part of the operating system"
privilege. Only SYSTEM has this by default.

HTH,

Joe K.

"MikeS" <michael.spencer@xxxxxxxxx> wrote in message
news:1140009603.544490.327090@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

You might use a location tag to specify that only the page you post to
impersonates.

<location path="upload.aspx">
<system.web>
<identity impersonate="true" userName="UID"
password="PWD"></identity>
</system.web>
</location>

Follow-Ups:
- Re: How can I impersonate a user in code?
  - From: Joe Kaplan \(MVP - ADSI\)

References:
- How can I impersonate a user in code?
  - From: Friso Wiskerke
- Re: How can I impersonate a user in code?
  - From: MikeS
- Re: How can I impersonate a user in code?
  - From: Joe Kaplan \(MVP - ADSI\)

Prev by Date: process StandardOutput Security Inquiry
Next by Date: Re: How can I impersonate a user in code?
Previous by thread: Re: How can I impersonate a user in code?
Next by thread: Re: How can I impersonate a user in code?
Index(es):
- Date
- Thread

Relevant Pages

Re: How can I impersonate a user in code?
... In the call to the LogonUser API function I used values which are stored in ... specifically specify the pagethat the impersonation applies to as ... you can only use the returned WindowsIdentity for impersonation to ... operating system" privilege. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Problem with Protocol Transition
... then the token is impersonation level. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services ... I'm just setting httpcontext.current.user to be a new WindowsIdentity ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Problem with Protocol Transition
... I set up a domain account called DPool and gave it act as part of the ... then the token is impersonation level. ... Joe Kaplan-MS MVP Directory Services Programming ... I'm just setting httpcontext.current.user to be a new WindowsIdentity ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Hybrid sql server and asp.net windows authentication
... With Windows authentication, impersonation will just make whoever ... changing the process account is done by changing the ... To impersonate any WindowsIdentity, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Using windows auth and alternate credentials for sql server
... > The WindowsIdentity class is useful to represent a user. ... Get the security token of specific user with LogonUser API via PInvoke ... Undo the Impersonation ...
(microsoft.public.dotnet.framework.windowsforms)