Re: ImpersonateLoggedOnUser with SSPI

From: Lionel Gomes (lionelgomes_at_hotmail.com)
Date: 12/15/03 

Date: Mon, 15 Dec 2003 10:31:18 +0100

Dave,
    I'm trying to connect from Excel to a MS Analysis Services server with a
local remote user (not know on client computer). As MS AS uses Windows
Integrated Security I would like to open a trusted connection to this server
with the credentials of the remote user.

At first, I used Createprocesswithlogonw with the LOGON_NETCREDENTIALS_ONLY
options to start Excel and that worked fine for the connection to the
server, but then the current logged on user lost its rights on other
servers from this Excel process (shares, network printer, ...).

So what I'm looking for is a way to imporsonate Excel.exe with a remote
local user when accessing a specific server.

Any Idea?
Thanks,
Lionel

"Dave Christiansen [MS]" <davidchr@online.microsoft.com> wrote in message
news:%2302IxiPwDHA.2304@TK2MSFTNGP12.phx.gbl...
> When you call ImpersonateSecurityContext, the calling thread will
> impersonate the identity of the caller. Your process as a whole will keep
> its original identity, however.
>
> Note that some other operations may not assume the new identity, because
> they may use the process token rather than the thread token. What are you
> trying to do?
>
> --
> Dave Christiansen, Windows Core Security Testing
> This message is provided "AS IS" with no warranties, and confers no
rights.
> This message originates in the State of Washington (USA), where
unsolicited
> commercial email is legally actionable (see
> http://www.wa.gov/ago/junkemail).
> Harvesting of this address for purposes of bulk email (including "spam")
is
> prohibited unless by my expressed prior request. I retaliate viciously
> against spammers and spam sites.
>
>
>
> "Lionel Gomes" <lionelgomes@hotmail.com> wrote in message
> news:uplWZOPwDHA.2520@TK2MSFTNGP10.phx.gbl...
> > Hi,
> >
> > I'm trying to impersonate a process by using SSPI in order to access
a
> > remote app with a remote user identity.
> > I could authenticate the user by using :
> >
> > AcquireCredentialsHandle
> > InitializeSecurityContext
> > AcceptSecurityContext
> >
> > Then I try to ImpersonateSecurityContext, OpenProcessToken and
> > ImpersonateLoggedOnUser but it seems that my process is still running as
> the
> > current logged on user.
> >
> > Any ideas or code sample would be greatly appreciated,
> > Thanks
> >
> >
>
>

Relevant Pages

  • Re: Difficulty logging on to server
    ... runs on a server, and this is why the machine was built. ... started coming in with remote desktop that the strange behavior ... You could also watch the memory usage and thread count while the ... Starts when a remote user logs on and stops when they log off. ...
    (microsoft.public.windows.server.sbs)
  • Re: Difficulty logging on to server
    ... I understand that even if I uninstall Outlook, ... tested good solution for an SBS setup that takes also care of the ... runs on a server, and this is why the machine was built. ... Starts when a remote user logs on and stops when they log off. ...
    (microsoft.public.windows.server.sbs)
  • Re: ImpersonateLoggedOnUser with SSPI
    ... You're running Excel on MachineX as UserX ... The Analysis Server is running on MachineY ... Dave Christiansen, Windows Core Security Testing ... > local remote user. ...
    (microsoft.public.platformsdk.security)
  • Re: Request.ServerVariables("LOGON_USER")
    ... If the remote user does not authenticate to IIS, it is not possible for the ... server to figure out the remote user's logon name. ...
    (microsoft.public.inetserver.iis)