Impersonation and UNC shares in a windows service
From: Chris (anonymous_at_discussions.microsoft.com)
Date: 09/30/04
- Previous message: Nicole Calinoiu: "Re: Escape html tags and other dangerous input"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Sep 2004 08:58:26 -0700
Hello all,
Here is my problem. I have a windows service (C#) that is
supposed to move files from/to the local drive to/from a
UNC share (\\domainserver\share). The service is running on
a Win3k server not connected to a domain, as a local user.
The service impersonates a local user (on domainserver)
that has full permissions to that share. Any File.Move,
File.Copy operations are successfull. Any
Directory.GetFiles fail with "Logon failure: unknown user
name or bad password", stack trace is Exception stack
trace: at System.IO.__Error.WinIOError(Int32 errorCode,
String str) at
System.IO.Directory.InternalGetFileDirectoryNames(String
fullPath, String userPath, Boolean file) at
System.IO.Directory.InternalGetFiles(String path, String
userPath, String searchPattern) at
System.IO.Directory.GetFiles(String path, String
searchPattern). The call succeeds if I run the service
under a local account with the same user name/pwd or if the
server is connected to the domain and the service runs as
any domain account.
The impersonation code is similar with the samples from
MSDN (sorry about the formatting):
public static void ImpersonateUser(string domainName,
string userName, string password)
{
IntPtr tokenHandle = new IntPtr(0);
IntPtr dupeTokenHandle = new IntPtr(0);
try
{
// Get the user token for the specified user, domain,
and password using the
// unmanaged LogonUser method.
const int SecurityImpersonation = 2;
tokenHandle = IntPtr.Zero;
dupeTokenHandle = IntPtr.Zero;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(userName, domainName,
password,
(int)LogonType.LOGON32_LOGON_NEW_CREDENTIALS, (int)
LogonProvider.LOGON32_PROVIDER_DEFAULT, ref tokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(ret,
GetErrorMessage(ret));
}
//Duplicate the token
bool retVal = DuplicateToken(tokenHandle,
SecurityImpersonation, ref dupeTokenHandle);
if (false == retVal)
{
CloseHandle(tokenHandle);
throw new ApplicationException("Exception thrown in
trying to duplicate token.");
}
// The token that is passed to the following
constructor must
// be a primary token in order to use it for impersonation.
WindowsIdentity newId = new
WindowsIdentity(dupeTokenHandle);
WindowsImpersonationContext impersonatedUser =
newId.Impersonate();
try
{
do stuff;
}
catch {}
// Stop impersonating the user.
impersonatedUser.Undo();
// Free the tokens.
if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);
if (dupeTokenHandle != IntPtr.Zero)
CloseHandle(dupeTokenHandle);
}
catch(Exception ex)
{
throw ex;
}
}
}
Thanks a lot for any help or ideas,
Chris
- Previous message: Nicole Calinoiu: "Re: Escape html tags and other dangerous input"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
