Re: Impersonate via a remote workgroup

From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 5 Jul 2006 18:13:46 +0000 (UTC)

try to use the NEW_CREDENTIAL logon type.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

i am trying to impersanate a remote user on a workgroup(NOT Domain)
account. This does not seem to work. Only works for domain or local
user. Anyone have any ideas.

Thanks

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New
WindowsIdentity(tokenDuplicate)
impersonationContext =
tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If

Prev by Date: Re: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level
Next by Date: Re: Impersonate via a remote workgroup
Previous by thread: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level
Next by thread: Re: Impersonate via a remote workgroup
Index(es):
- Date
- Thread

Relevant Pages

Impersonation half way working
... Dim LOGON32_LOGON_INTERACTIVE As Integer = 2 ... ByVal lpszDomain As String, _ ... ExistingTokenHandle As IntPtr, ByVal ImpersonationLevel As Integer, ByRef ... impersonateValidUser = False ...
(microsoft.public.dotnet.languages.vb)
Re: Impersonation half way working
... > Dim impersonationContext As WindowsImpersonationContext ... > ByVal lpszDomain As String, ... > ExistingTokenHandle As IntPtr, ByVal ImpersonationLevel As Integer, ByRef ... > impersonateValidUser = False ...
(microsoft.public.dotnet.languages.vb)
Re: Impersonate via a remote workgroup
... this only works if you are trying to access remote resources that "know" the account you are impersonating. ... Dim tempWindowsIdentity As WindowsIdentity ... Dim tokenDuplicate As IntPtr = IntPtr.Zero ... impersonateValidUser = False ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Impersonate via a remote workgroup
... ImpersonateLoggedOnUser it doesn't seem to impersonate at all. ... Dim tempWindowsIdentity As WindowsIdentity ... Dim tokenDuplicate As IntPtr = IntPtr.Zero ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Impersonate via a remote workgroup
... ImpersonateLoggedOnUser it doesn't seem to impersonate at all. ... Dim tempWindowsIdentity As WindowsIdentity ... Dim tokenDuplicate As IntPtr = IntPtr.Zero ...
(microsoft.public.dotnet.framework.aspnet.security)