Re: Impersonation and accessing Windows file share
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 31 Mar 2006 10:13:47 -0600
I think I see your problem. You are using LOGON32_LOGON_NETWORK, but if you
read the docs for LogonUser in MSDN carefully, you'll see that this type of
logon doesn't have network credentials. You probably should switch to
LOGON32_LOGON_NETWORK_CLEARTEXT.
Joe K.
"Julie" <hermie@xxxxxxxxxxxxx> wrote in message
news:CA883E64-1822-48B7-9B7D-3D6859FEC262@xxxxxxxxxxxxxxxx
I can see on the Event log on my web server that the service account is
logging in successfully.
However, on the file server, the event log shows that the user is
connecting
to the file server as NT AUTHORITY\ANONYMOUS LOGON. Interesting.
My Logon code looks like this:
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal
lpszUsername As [String], _
ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer,
_
ByRef phToken As IntPtr) As Boolean
Private Function Logon() As WindowsIdentity
Dim handle As IntPtr = New IntPtr(0)
handle = IntPtr.Zero
Const LOGON32_LOGON_NETWORK As Integer = 3
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim logonSucceeded As Boolean = LogonUser(Me.sUsername, Me.sDomain,
Me.sPassword, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, handle)
If Not logonSucceeded Then
Dim errorCode As Integer = Marshal.GetLastWin32Error
Throw New Exception("User logon failed. Error number: " &
errorCode)
Exit Function
End If
Dim winIdentity As WindowsIdentity = New WindowsIdentity(handle)
CloseHandle(handle)
Return winIdentity
End Function
"Joe Kaplan (MVP - ADSI)" wrote:
If you enable logon event auditing on the file server, what does the
logon
failure say on that end? That may give you some clues.
Also, when you called LogonUser, what type of logon did you do? You need
to
make sure you use one that gives you network credentials.
Joe K.
"Julie" <hermie@xxxxxxxxxxxxx> wrote in message
news:674C986D-5107-420D-A65C-3FC8B440766B@xxxxxxxxxxxxxxxx
I use that code and I can confirm that impersonation is impersonating
the
correct user. And yes, I can access the file share as the system
account -
thanks for checking. :-)
"Luke Zhang [MSFT]" wrote:
Hello,
First, you can use the following code to determine what user the
thread
is
executing as:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
Also, you if logon as the System account on the server, can you access
the
Windows file share like "\\Myserver\Myshare"?
Regards,
Luke Zhang
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
.
- Follow-Ups:
- Re: Impersonation and accessing Windows file share
- From: Julie
- Re: Impersonation and accessing Windows file share
- From: Dominick Baier [DevelopMentor]
- Re: Impersonation and accessing Windows file share
- References:
- RE: Impersonation and accessing Windows file share
- From: Luke Zhang [MSFT]
- Re: Impersonation and accessing Windows file share
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Impersonation and accessing Windows file share
- From: Julie
- RE: Impersonation and accessing Windows file share
- Prev by Date: Re: Impersonation and accessing Windows file share
- Next by Date: Re: 401 Unauthorized on HttpWebRequest with DefaultCredentials (2003)
- Previous by thread: Re: Impersonation and accessing Windows file share
- Next by thread: Re: Impersonation and accessing Windows file share
- Index(es):
Relevant Pages
|
