Re: Impersonation using Microsoft Visual C# .NET and Windows 2000

• Previous message: Svein Terje Gaup: "Re: Disallowing concurrent login using the same user account"
• Maybe in reply to: wiwi: "Impersonation using Microsoft Visual C# .NET and Windows 2000"
• Next in thread: richlm: "Re: Impersonation using Microsoft Visual C# .NET and Windows 2000"
• Reply: richlm: "Re: Impersonation using Microsoft Visual C# .NET and Windows 2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: microsoft.public.dotnet.security
Date: Wed, 15 Sep 2004 14:55:52 -0700

Why didn't you simply use "WindowsIdentity.Impersonate()" ??

 ---
 Dominick Baier - DevelopMentor
 http://www.leastprivilege.com

   nntp://news.microsoft.com/microsoft.public.dotnet.security/>

 "richlm" <rich_lm@h0tmai1.com> wrote in message news:<#B0m9FmlEHA.2504@TK2MSFTNGP14.phx.gbl>...
> There were a couple of posts in this newsgroup with a .NET code sample for
> SSPI.
> try:
> http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.dotnet.security&lang=en&cr=US
> then search for "SSPI". The last thread (How does LogonUser API work ...)
> includes a code sample.
 
 
 With this posting, I was able to make an impersonation with Visual
 Basic / C#. I had to adapt the code from the posting because it shows
 a validation of user data. First, I changed the module to a class.
 Then, I added the code which is responsible for impersonation to the
 class. And I moved the code from the "FreeResourcesAndExit:" Label in
 method SSPValidateUser to the destructur. The full code in given after
 the lines with the asterisks.
 
 
 *********************************************
 
 'Reference: http://groups.google.ch/groups?hl=de&lr=&ie=UTF-8&selm=59EFE674-3838-4AF0-8EA4-AB8CD20D5BBF%40microsoft.com
 
 Imports System.Runtime.InteropServices
 
 Public Class SSPIImpersonation
 
 Private Const HEAP_ZERO_MEMORY As Integer = &H8
 
 Private Const SEC_WINNT_AUTH_IDENTITY_ANSI As Integer = &H1
 
 Private Const SECBUFFER_TOKEN As Integer = &H2
 
 Private Const SECURITY_NATIVE_DREP As Integer = &H10
 
 Private Const SECPKG_CRED_INBOUND As Integer = &H1
 Private Const SECPKG_CRED_OUTBOUND As Integer = &H2
 
 Private Const SEC_I_CONTINUE_NEEDED As Integer = &H90312
 Private Const SEC_I_COMPLETE_NEEDED As Integer = &H90313
 Private Const SEC_I_COMPLETE_AND_CONTINUE As Integer = &H90314
 
 Private Const VER_PLATFORM_WIN32_NT As Integer = &H2
 
 Private intClientBuf As Integer
 Private intServerBuf As Integer
 Private asClient As AUTH_SEQ = Nothing
 Private asServer As AUTH_SEQ = Nothing
 
 Private Structure SecPkgInfo
 Dim fCapabilities As Integer
 Dim wVersion As Short
 Dim wRPCID As Short
 Dim cbMaxToken As Integer
 Dim Name As Integer
 Dim Comment As Integer
 End Structure
 
 Private Structure SecHandle
 Dim dwLower As Integer
 Dim dwUpper As Integer
 End Structure
 
 Private Structure AUTH_SEQ
 Dim fInitialized As Boolean
 Dim fHaveCredHandle As Boolean
 Dim fHaveCtxtHandle As Boolean
 Dim hcred As SecHandle
 Dim hctxt As SecHandle
 End Structure
 
 Private Structure SEC_WINNT_AUTH_IDENTITY
 Dim User As String
 Dim UserLength As Integer
 Dim Domain As String
 Dim DomainLength As Integer
 Dim Password As String
 Dim PasswordLength As Integer
 Dim Flags As Integer
 End Structure
 
 Private Structure TimeStamp
 Dim LowPart As Integer
 Dim HighPart As Integer
 End Structure
 
 Private Structure SecBuffer
 Dim cbBuffer As Integer
 Dim BufferType As Integer
 Dim pvBuffer As Integer
 End Structure
 
 Private Structure SecBufferDesc
 Dim ulVersion As Integer
 Dim cBuffers As Integer
 Dim pBuffers As Integer
 End Structure
 
 Private Declare Sub CopyMemory Lib "kernel32" Alias
 "RtlMoveMemory" (ByVal Destination As Integer, ByRef Source As
 SecBuffer, ByVal Length As Integer)
 Private Declare Sub CopyMemory Lib "kernel32" Alias
 "RtlMoveMemory" (ByRef Destination As SecBuffer, ByVal Source As
 Integer, ByVal Length As Integer)
 Private Declare Sub CopyMemory Lib "kernel32" Alias
 "RtlMoveMemory" (ByRef Destination As SecPkgInfo, ByVal Source As
 Integer, ByVal Length As Integer)
 
 Private Declare Function NT4QuerySecurityPackageInfo Lib
 "security" Alias "QuerySecurityPackageInfoA" (ByVal PackageName As
 String, ByRef pPackageInfo As Integer) As Integer
 Private Declare Function QuerySecurityPackageInfo Lib "secur32"
 Alias "QuerySecurityPackageInfoA" (ByVal PackageName As String, ByRef
 pPackageInfo As Integer) As Integer
 
 Private Declare Function NT4FreeContextBuffer Lib "security" Alias
 "FreeContextBuffer" (ByVal pvContextBuffer As Integer) As Integer
 Private Declare Function FreeContextBuffer Lib "secur32" (ByVal
 pvContextBuffer As Integer) As Integer
 
 Private Declare Function NT4InitializeSecurityContext Lib
 "security" Alias "InitializeSecurityContextA" _
 (ByRef phCredential As SecHandle, ByRef phContext As
 SecHandle, _
 ByVal pszTargetName As Integer, ByVal fContextReq As
 Integer, _
 ByVal Reserved1 As Integer, ByVal TargetDataRep As
 Integer, _
 ByRef pInput As SecBufferDesc, ByVal Reserved2 As Integer,
 _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function InitializeSecurityContext Lib "secur32" _
 Alias "InitializeSecurityContextA" _
 (ByRef phCredential As SecHandle, ByRef phContext As
 SecHandle, _
 ByVal pszTargetName As Integer, ByVal fContextReq As
 Integer, _
 ByVal Reserved1 As Integer, ByVal TargetDataRep As
 Integer, _
 ByRef pInput As SecBufferDesc, ByVal Reserved2 As Integer,
 _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function NT4InitializeSecurityContext2 Lib
 "security" Alias "InitializeSecurityContextA" _
 (ByRef phCredential As SecHandle, ByVal phContext As
 Integer, _
 ByVal pszTargetName As Integer, ByVal fContextReq As
 Integer, _
 ByVal Reserved1 As Integer, ByVal TargetDataRep As
 Integer, _
 ByVal pInput As Integer, ByVal Reserved2 As Integer, _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function InitializeSecurityContext2 Lib "secur32"
 Alias "InitializeSecurityContextA" _
 (ByRef phCredential As SecHandle, ByVal phContext As
 Integer, _
 ByVal pszTargetName As Integer, ByVal fContextReq As
 Integer, _
 ByVal Reserved1 As Integer, ByVal TargetDataRep As
 Integer, _
 ByVal pInput As Integer, ByVal Reserved2 As Integer, _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function NT4AcquireCredentialsHandle Lib
 "security" Alias "AcquireCredentialsHandleA" _
 (ByVal pszPrincipal As Integer, _
 ByVal pszPackage As String, ByVal fCredentialUse As
 Integer, _
 ByVal pvLogonId As Integer, _
 ByRef pAuthData As SEC_WINNT_AUTH_IDENTITY, _
 ByVal pGetKeyFn As Integer, ByVal pvGetKeyArgument As
 Integer, _
 ByRef phCredential As SecHandle, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function AcquireCredentialsHandle Lib "secur32"
 Alias "AcquireCredentialsHandleA" _
 (ByVal pszPrincipal As Integer, _
 ByVal pszPackage As String, ByVal fCredentialUse As
 Integer, _
 ByVal pvLogonId As Integer, _
 ByRef pAuthData As SEC_WINNT_AUTH_IDENTITY, _
 ByVal pGetKeyFn As Integer, ByVal pvGetKeyArgument As
 Integer, _
 ByRef phCredential As SecHandle, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function NT4AcquireCredentialsHandle2 Lib
 "security" Alias "AcquireCredentialsHandleA" _
 (ByVal pszPrincipal As Integer, _
 ByVal pszPackage As String, ByVal fCredentialUse As
 Integer, _
 ByVal pvLogonId As Integer, ByVal pAuthData As Integer, _
 ByVal pGetKeyFn As Integer, ByVal pvGetKeyArgument As
 Integer, _
 ByRef phCredential As SecHandle, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function AcquireCredentialsHandle2 Lib "secur32"
 Alias "AcquireCredentialsHandleA" _
 (ByVal pszPrincipal As Integer, _
 ByVal pszPackage As String, ByVal fCredentialUse As
 Integer, _
 ByVal pvLogonId As Integer, ByVal pAuthData As Integer, _
 ByVal pGetKeyFn As Integer, ByVal pvGetKeyArgument As
 Integer, _
 ByRef phCredential As SecHandle, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 
 Private Declare Function NT4AcceptSecurityContext Lib "security"
 Alias "AcceptSecurityContext" _
 (ByRef phCredential As SecHandle, _
 ByRef phContext As SecHandle, ByRef pInput As
 SecBufferDesc, _
 ByVal fContextReq As Integer, ByVal TargetDataRep As
 Integer, _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function AcceptSecurityContext Lib "secur32" _
 (ByRef phCredential As SecHandle, _
 ByRef phContext As SecHandle, ByRef pInput As
 SecBufferDesc, _
 ByVal fContextReq As Integer, ByVal TargetDataRep As
 Integer, _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 
 Private Declare Function NT4ImpersonateSecurityContext Lib
 "security" Alias "ImpersonateSecurityContext" _
 (ByRef phContext As SecHandle) As Integer
 
 Private Declare Function ImpersonateSecurityContext Lib "secur32"
 _
 (ByRef phContext As SecHandle) As Integer
 
 
 Private Declare Function NT4RevertSecurityContext Lib "security"
 Alias "RevertSecurityContext" _
 (ByRef phContext As SecHandle) As Integer
 
 Private Declare Function RevertSecurityContext Lib "secur32" _
 (ByRef phContext As SecHandle) As Integer
 
 
 Private Declare Function NT4AcceptSecurityContext2 Lib "security"
 Alias "AcceptSecurityContext" _
 (ByRef phCredential As SecHandle, _
 ByVal phContext As Integer, ByRef pInput As SecBufferDesc,
 _
 ByVal fContextReq As Integer, ByVal TargetDataRep As
 Integer, _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 Private Declare Function AcceptSecurityContext2 Lib "secur32"
 Alias "AcceptSecurityContext" _
 (ByRef phCredential As SecHandle, _
 ByVal phContext As Integer, ByRef pInput As SecBufferDesc,
 _
 ByVal fContextReq As Integer, ByVal TargetDataRep As
 Integer, _
 ByRef phNewContext As SecHandle, ByRef pOutput As
 SecBufferDesc, _
 ByRef pfContextAttr As Integer, ByRef ptsExpiry As
 TimeStamp) As Integer
 
 
 Private Declare Function NT4CompleteAuthToken Lib "security" Alias
 "CompleteAuthToken" _
 (ByRef phContext As SecHandle, _
 ByRef pToken As SecBufferDesc) As Integer
 Private Declare Function CompleteAuthToken Lib "secur32" _
 (ByRef phContext As SecHandle, _
 ByRef pToken As SecBufferDesc) As Integer
 
 Private Declare Function NT4DeleteSecurityContext Lib "security" _
 Alias "DeleteSecurityContext" (ByRef phContext As
 SecHandle) _
 As Integer
 Private Declare Function DeleteSecurityContext Lib "secur32" _
 (ByRef phContext As SecHandle) _
 As Integer
 
 Private Declare Function NT4FreeCredentialsHandle Lib "security" _
 Alias "FreeCredentialsHandle" (ByRef phContext As
 SecHandle) _
 As Integer
 Private Declare Function FreeCredentialsHandle Lib "secur32" _
 (ByRef phContext As SecHandle) _
 As Integer
 
 Private Declare Function GetProcessHeap Lib "kernel32" () As
 Integer
 
 Private Declare Function HeapAlloc Lib "kernel32" _
 (ByVal hHeap As Integer, ByVal dwFlags As Integer, _
 ByVal dwBytes As Integer) As Integer
 
 Private Declare Function HeapFree Lib "kernel32" (ByVal hHeap As
 Integer, _
 ByVal dwFlags As Integer, ByVal lpMem As Integer) As
 Integer
 
 Dim g_NT4 As Boolean
 
 
 Public Sub New(ByVal accountname As String, ByVal password As
 String, ByVal domain As String)
 
 If SSPValidateUser(accountname, domain, password) Then
 Console.Write("User Credential are valid" + vbCrLf)
 Else
 Console.Write("User Credential couldn't be validated" +
 vbCrLf)
 End If
 End Sub
 
 Public Overridable Sub Dispose()
 ' Clean up resources
 If asClient.fHaveCtxtHandle Then
 If g_NT4 Then
 NT4DeleteSecurityContext(asClient.hctxt)
 Else
 DeleteSecurityContext(asClient.hctxt)
 End If
 End If
 
 If asClient.fHaveCredHandle Then
 If g_NT4 Then
 NT4FreeCredentialsHandle(asClient.hcred)
 Else
 FreeCredentialsHandle(asClient.hcred)
 End If
 End If
 
 If asServer.fHaveCtxtHandle Then
 If g_NT4 Then
 NT4DeleteSecurityContext(asServer.hctxt)
 Else
 DeleteSecurityContext(asServer.hctxt)
 End If
 End If
 
 If asServer.fHaveCredHandle Then
 If g_NT4 Then
 NT4FreeCredentialsHandle(asServer.hcred)
 Else
 FreeCredentialsHandle(asServer.hcred)
 End If
 End If
 
 If intClientBuf <> 0 Then
 HeapFree(GetProcessHeap(), 0, intClientBuf)
 End If
 
 If intServerBuf <> 0 Then
 HeapFree(GetProcessHeap(), 0, intServerBuf)
 End If
 End Sub
 
 
 Private Function GenClientContext(ByRef AuthSeq As AUTH_SEQ, _
 ByRef AuthIdentity As SEC_WINNT_AUTH_IDENTITY, _
 ByVal pIn As Integer, ByVal cbIn As Integer, _
 ByVal pOut As Integer, ByRef cbOut As Integer, _
 ByRef fDone As Boolean) As Boolean
 
 Dim ss As Integer
 Dim tsExpiry As TimeStamp
 Dim sbdOut As SecBufferDesc
 Dim sbOut As SecBuffer
 Dim sbdIn As SecBufferDesc
 Dim sbIn As SecBuffer
 Dim fContextAttr As Integer
 
 GenClientContext = False
 
 If Not AuthSeq.fInitialized Then
 If g_NT4 Then
 ss = NT4AcquireCredentialsHandle(0&, "NTLM", _
 SECPKG_CRED_OUTBOUND, 0&, AuthIdentity, 0&,
 0&, _
 AuthSeq.hcred, tsExpiry)
 Else
 ss = AcquireCredentialsHandle(0&, "NTLM", _
 SECPKG_CRED_OUTBOUND, 0&, AuthIdentity, 0&,
 0&, _
 AuthSeq.hcred, tsExpiry)
 End If
 
 If ss < 0 Then
 Exit Function
 End If
 
 AuthSeq.fHaveCredHandle = True
 End If
 
 ' Prepare output buffer
 sbdOut.ulVersion = 0
 sbdOut.cBuffers = 1
 sbdOut.pBuffers = HeapAlloc(GetProcessHeap(),
 HEAP_ZERO_MEMORY, Marshal.SizeOf(sbOut))
 
 sbOut.cbBuffer = cbOut
 sbOut.BufferType = SECBUFFER_TOKEN
 sbOut.pvBuffer = pOut
 
 CopyMemory(sbdOut.pBuffers, sbOut, Marshal.SizeOf(sbOut))
 
 ' Prepare input buffer
 If AuthSeq.fInitialized Then
 sbdIn.ulVersion = 0
 sbdIn.cBuffers = 1
 sbdIn.pBuffers = HeapAlloc(GetProcessHeap(),
 HEAP_ZERO_MEMORY, Marshal.SizeOf(sbIn))
 
 sbIn.cbBuffer = cbIn
 sbIn.BufferType = SECBUFFER_TOKEN
 sbIn.pvBuffer = pIn
 
 CopyMemory(sbdIn.pBuffers, sbIn, Marshal.SizeOf(sbIn))
 End If
 
 If AuthSeq.fInitialized Then
 If g_NT4 Then
 ss = NT4InitializeSecurityContext(AuthSeq.hcred, _
 AuthSeq.hctxt, 0&, 0, 0, SECURITY_NATIVE_DREP,
 sbdIn, _
 0, AuthSeq.hctxt, sbdOut, fContextAttr,
 tsExpiry)
 Else
 ss = InitializeSecurityContext(AuthSeq.hcred, _
 AuthSeq.hctxt, 0&, 0, 0, SECURITY_NATIVE_DREP,
 sbdIn, _
 0, AuthSeq.hctxt, sbdOut, fContextAttr,
 tsExpiry)
 End If
 Else
 If g_NT4 Then
 ss = NT4InitializeSecurityContext2(AuthSeq.hcred, 0&,
 0&, _
 0, 0, SECURITY_NATIVE_DREP, 0&, 0,
 AuthSeq.hctxt, _
 sbdOut, fContextAttr, tsExpiry)
 Else
 ss = InitializeSecurityContext2(AuthSeq.hcred, 0&, 0&,
 _
 0, 0, SECURITY_NATIVE_DREP, 0&, 0,
 AuthSeq.hctxt, _
 sbdOut, fContextAttr, tsExpiry)
 End If
 End If
 
 If ss < 0 Then
 GoTo FreeResourcesAndExit
 End If
 
 AuthSeq.fHaveCtxtHandle = True
 
 ' If necessary, complete token
 If ss = SEC_I_COMPLETE_NEEDED Or ss =
 SEC_I_COMPLETE_AND_CONTINUE Then
 If g_NT4 Then
 ss = NT4CompleteAuthToken(AuthSeq.hctxt, sbdOut)
 Else
 ss = CompleteAuthToken(AuthSeq.hctxt, sbdOut)
 End If
 
 If ss < 0 Then
 GoTo FreeResourcesAndExit
 End If
 End If
 
 CopyMemory(sbOut, sbdOut.pBuffers, Marshal.SizeOf(sbOut))
 cbOut = sbOut.cbBuffer
 
 If Not AuthSeq.fInitialized Then
 AuthSeq.fInitialized = True
 End If
 
 fDone = Not (ss = SEC_I_CONTINUE_NEEDED Or ss =
 SEC_I_COMPLETE_AND_CONTINUE)
 
 GenClientContext = True
 
 FreeResourcesAndExit:
 
 If sbdOut.pBuffers <> 0 Then
 HeapFree(GetProcessHeap(), 0, sbdOut.pBuffers)
 End If
 
 If sbdIn.pBuffers <> 0 Then
 HeapFree(GetProcessHeap(), 0, sbdIn.pBuffers)
 End If
 End Function
 
 Private Function GenServerContext(ByRef AuthSeq As AUTH_SEQ, _
 ByVal pIn As Integer, ByVal cbIn As Integer, _
 ByVal pOut As Integer, ByRef cbOut As Integer, _
 ByRef fDone As Boolean) As Boolean
 
 Dim ss As Integer
 Dim tsExpiry As TimeStamp
 Dim sbdOut As SecBufferDesc
 Dim sbOut As SecBuffer
 Dim sbdIn As SecBufferDesc
 Dim sbIn As SecBuffer
 Dim fContextAttr As Integer
 
 GenServerContext = False
 
 If Not AuthSeq.fInitialized Then
 If g_NT4 Then
 ss = NT4AcquireCredentialsHandle2(0&, "NTLM", _
 SECPKG_CRED_INBOUND, 0&, 0&, 0&, 0&,
 AuthSeq.hcred, _
 tsExpiry)
 Else
 ss = AcquireCredentialsHandle2(0&, "NTLM", _
 SECPKG_CRED_INBOUND, 0&, 0&, 0&, 0&,
 AuthSeq.hcred, _
 tsExpiry)
 End If
 
 If ss < 0 Then
 Exit Function
 End If
 
 AuthSeq.fHaveCredHandle = True
 End If
 
 ' Prepare output buffer
 sbdOut.ulVersion = 0
 sbdOut.cBuffers = 1
 sbdOut.pBuffers = HeapAlloc(GetProcessHeap(),
 HEAP_ZERO_MEMORY, Marshal.SizeOf(sbOut))
 
 sbOut.cbBuffer = cbOut
 sbOut.BufferType = SECBUFFER_TOKEN
 sbOut.pvBuffer = pOut
 
 CopyMemory(sbdOut.pBuffers, sbOut, Marshal.SizeOf(sbOut))
 
 ' Prepare input buffer
 sbdIn.ulVersion = 0
 sbdIn.cBuffers = 1
 sbdIn.pBuffers = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
 Marshal.SizeOf(sbIn))
 
 sbIn.cbBuffer = cbIn
 sbIn.BufferType = SECBUFFER_TOKEN
 sbIn.pvBuffer = pIn
 
 CopyMemory(sbdIn.pBuffers, sbIn, Marshal.SizeOf(sbIn))
 
 If AuthSeq.fInitialized Then
 If g_NT4 Then
 ss = NT4AcceptSecurityContext(AuthSeq.hcred,
 AuthSeq.hctxt, _
 sbdIn, 0, SECURITY_NATIVE_DREP, AuthSeq.hctxt,
 sbdOut, _
 fContextAttr, tsExpiry)
 Else
 ss = AcceptSecurityContext(AuthSeq.hcred,
 AuthSeq.hctxt, _
 sbdIn, 0&, SECURITY_NATIVE_DREP,
 AuthSeq.hctxt, sbdOut, _
 fContextAttr, tsExpiry)
 End If
 Else
 If g_NT4 Then
 ss = NT4AcceptSecurityContext2(AuthSeq.hcred, 0&,
 sbdIn, 0, _
 SECURITY_NATIVE_DREP, AuthSeq.hctxt, sbdOut, _
 fContextAttr, tsExpiry)
 Else
 ss = AcceptSecurityContext2(AuthSeq.hcred, 0&, sbdIn,
 0, _
 SECURITY_NATIVE_DREP, AuthSeq.hctxt, sbdOut, _
 fContextAttr, tsExpiry)
 End If
 End If
 
 If ss < 0 Then
 GoTo FreeResourcesAndExit
 End If
 
 AuthSeq.fHaveCtxtHandle = True
 
 ' If necessary, complete token
 If ss = SEC_I_COMPLETE_NEEDED Or ss =
 SEC_I_COMPLETE_AND_CONTINUE Then
 If g_NT4 Then
 ss = NT4CompleteAuthToken(AuthSeq.hctxt, sbdOut)
 Else
 ss = CompleteAuthToken(AuthSeq.hctxt, sbdOut)
 End If
 
 If ss < 0 Then
 GoTo FreeResourcesAndExit
 End If
 End If
 
 CopyMemory(sbOut, sbdOut.pBuffers, Marshal.SizeOf(sbOut))
 cbOut = sbOut.cbBuffer
 
 If Not AuthSeq.fInitialized Then
 AuthSeq.fInitialized = True
 End If
 
 fDone = Not (ss = SEC_I_CONTINUE_NEEDED Or ss =
 SEC_I_COMPLETE_AND_CONTINUE)
 
 GenServerContext = True
 
 FreeResourcesAndExit:
 
 If sbdOut.pBuffers <> 0 Then
 HeapFree(GetProcessHeap(), 0, sbdOut.pBuffers)
 End If
 
 If sbdIn.pBuffers <> 0 Then
 HeapFree(GetProcessHeap(), 0, sbdIn.pBuffers)
 End If
 
 End Function
 
 Private Function SSPValidateUser(ByVal User As String, ByVal
 Domain As String, ByVal Password As String) As Boolean
 Dim pSPI As Integer
 Dim SPI As SecPkgInfo
 Dim cbMaxToken As Integer
 
 
 Dim ai As SEC_WINNT_AUTH_IDENTITY
 
 asClient = Nothing
 asServer = Nothing
 intClientBuf = 0
 intServerBuf = 0
 
 Dim cbIn As Integer
 Dim cbOut As Integer
 Dim fDone As Boolean
 
 SSPValidateUser = False
 
 ' Determine if system is Windows NT (version 4.0 or earlier)
 g_NT4 = (System.Environment.OSVersion.Platform =
 VER_PLATFORM_WIN32_NT And System.Environment.OSVersion.Version.Major
 <= 4)
 
 ' Get max token size
 If g_NT4 Then
 NT4QuerySecurityPackageInfo("NTLM", pSPI)
 Else
 QuerySecurityPackageInfo("NTLM", pSPI)
 End If
 
 CopyMemory(SPI, pSPI, Marshal.SizeOf(SPI))
 cbMaxToken = SPI.cbMaxToken
 
 If g_NT4 Then
 NT4FreeContextBuffer(pSPI)
 Else
 FreeContextBuffer(pSPI)
 End If
 
 ' Allocate buffers for client and server messages
 intClientBuf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
 cbMaxToken)
 If intClientBuf = 0 Then
 GoTo FreeResourcesAndExit
 End If
 
 intServerBuf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
 cbMaxToken)
 If intServerBuf = 0 Then
 GoTo FreeResourcesAndExit
 End If
 
 ' Initialize auth identity structure
 ai.Domain = Domain
 ai.DomainLength = Domain.Length
 ai.User = User
 ai.UserLength = User.Length
 ai.Password = Password
 ai.PasswordLength = Password.Length
 ai.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI
 
 ' Prepare client message (negotiate) .
 cbOut = cbMaxToken
 If Not GenClientContext(asClient, ai, 0, 0, intClientBuf,
 cbOut, fDone) Then
 GoTo FreeResourcesAndExit
 End If
 
 ' Prepare server message (challenge) .
 cbIn = cbOut
 cbOut = cbMaxToken
 If Not GenServerContext(asServer, intClientBuf, cbIn,
 intServerBuf, cbOut, fDone) Then
 GoTo FreeResourcesAndExit
 End If
 
 ' Prepare client message (authenticate) .
 cbIn = cbOut
 cbOut = cbMaxToken
 If Not GenClientContext(asClient, ai, intServerBuf, cbIn,
 intClientBuf, cbOut, fDone) Then
 GoTo FreeResourcesAndExit
 End If
 
 ' Prepare server message (authentication) .
 cbIn = cbOut
 cbOut = cbMaxToken
 If Not GenServerContext(asServer, intClientBuf, cbIn,
 intServerBuf, cbOut, fDone) Then
 GoTo FreeResourcesAndExit
 End If
 
 SSPValidateUser = True
 
 FreeResourcesAndExit:
 'Code moved to destructor
 End Function
 
 ' Impersonates the actual user by the user
 ' given in the constuctor. Use the function RevertUser
 ' to log off the impersonated user and use the actual user again.
 ' Returns SEC_E_OK, if no error occured, SEC_E_INVALID_HANDLE, if
 ' no impersonation could take place.
 Function ImpersonateUser() As Integer
 Dim ss As Integer
 
 If g_NT4 Then
 ss = NT4ImpersonateSecurityContext(asServer.hctxt)
 Else
 ss = ImpersonateSecurityContext(asServer.hctxt)
 End If
 
 ImpersonateUser = ss
 End Function
 
 ' Logs off the impersonated user and uses the actual user again.
 ' Use the function ImpersonateUser for impersonating.
 ' Returns SEC_E_OK, if no error occured, SEC_E_INVALID_HANDLE, if
 ' no revertion could take place.
 Public Function RevertUser() As Integer
 Dim ss As Integer
 
 If g_NT4 Then
 ss = NT4RevertSecurityContext(asServer.hctxt)
 Else
 ss = RevertSecurityContext(asServer.hctxt)
 End If
 
 RevertUser = ss
 End Function
 
 End Class
 
 [microsoft.public.dotnet.security]

• Previous message: Svein Terje Gaup: "Re: Disallowing concurrent login using the same user account"
• Maybe in reply to: wiwi: "Impersonation using Microsoft Visual C# .NET and Windows 2000"
• Next in thread: richlm: "Re: Impersonation using Microsoft Visual C# .NET and Windows 2000"
• Reply: richlm: "Re: Impersonation using Microsoft Visual C# .NET and Windows 2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]