Re: Impersonation and accessing Windows file share
- From: Julie <hermie@xxxxxxxxxxxxx>
- Date: Fri, 31 Mar 2006 08:02:02 -0800
I can see on the Event log on my web server that the service account is
logging in successfully.
However, on the file server, the event log shows that the user is connecting
to the file server as NT AUTHORITY\ANONYMOUS LOGON. Interesting.
My Logon code looks like this:
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _
ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Boolean
Private Function Logon() As WindowsIdentity
Dim handle As IntPtr = New IntPtr(0)
handle = IntPtr.Zero
Const LOGON32_LOGON_NETWORK As Integer = 3
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim logonSucceeded As Boolean = LogonUser(Me.sUsername, Me.sDomain,
Me.sPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, handle)
If Not logonSucceeded Then
Dim errorCode As Integer = Marshal.GetLastWin32Error
Throw New Exception("User logon failed. Error number: " &
errorCode)
Exit Function
End If
Dim winIdentity As WindowsIdentity = New WindowsIdentity(handle)
CloseHandle(handle)
Return winIdentity
End Function
"Joe Kaplan (MVP - ADSI)" wrote:
If you enable logon event auditing on the file server, what does the logon.
failure say on that end? That may give you some clues.
Also, when you called LogonUser, what type of logon did you do? You need to
make sure you use one that gives you network credentials.
Joe K.
"Julie" <hermie@xxxxxxxxxxxxx> wrote in message
news:674C986D-5107-420D-A65C-3FC8B440766B@xxxxxxxxxxxxxxxx
I use that code and I can confirm that impersonation is impersonating the
correct user. And yes, I can access the file share as the system
account -
thanks for checking. :-)
"Luke Zhang [MSFT]" wrote:
Hello,
First, you can use the following code to determine what user the thread
is
executing as:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
Also, you if logon as the System account on the server, can you access
the
Windows file share like "\\Myserver\Myshare"?
Regards,
Luke Zhang
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
- Follow-Ups:
- Re: Impersonation and accessing Windows file share
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Impersonation and accessing Windows file share
- References:
- RE: Impersonation and accessing Windows file share
- From: Luke Zhang [MSFT]
- Re: Impersonation and accessing Windows file share
- From: Joe Kaplan \(MVP - ADSI\)
- RE: Impersonation and accessing Windows file share
- Prev by Date: Re: Invoke(SetPassword) in Active Directory, Works, Then Access is
- Next by Date: Re: Impersonation and accessing Windows file share
- Previous by thread: Re: Impersonation and accessing Windows file share
- Next by thread: Re: Impersonation and accessing Windows file share
- Index(es):
Relevant Pages
|
