Re: Re: Impersonating from a non admin user account
- From: Gautam Raj Kollabathula <k.gautamraj@xxxxxxxxx>
- Date: Thu, 13 Jan 2011 18:53:43 GMT
can anyone send me the code to impersonate an non-admin.
i used the code
public class Utility
{
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
static WindowsImpersonationContext impersonationContext;//impersonation starts here
public static bool impersonateValidUser(String username, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(username, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
public static void undoImpersonation()
{
impersonationContext.Undo();
} //impersonation ends here.
}
But this can only be used for the user with the admin rights in the domain. Well is there any way i can actually do it for non-admins....
On Tuesday, July 31, 2007 8:34 AM pradee wrote:
I am trying to impersonate another user from a non admin account, but my code
fails at 'LoadUserProfile' giving error 1314 : ERROR_PRIVILEGE_NOT_HELD
How do I elevate the privilege of process so that it performs the
Impersonation?
Code:
if(!LogonUser(ui.userName,
pDomain,
ui.userPassword,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&tmpToken))
{
return FALSE;
}
memset (&pInfo, 0, sizeof (pInfo));
pInfo.dwSize = sizeof (pInfo);
pInfo.dwFlags = PI_NOUI;
_tcscpy (tmpBuf, (LPCTSTR)ui.userName);
pInfo.lpUserName = tmpBuf;
****This is where it fails,//same code works for admin account
if(!LoadUserProfile (tmpToken, &pInfo))
AfxMessageBox(_T("LoadUserProfile failed"));
if(!ImpersonateLoggedOnUser(tmpToken))
AfxMessageBox(_T("ImpersonateLoggedOnUser failed"));
I also tried using API's:
OpenProcessToken
LookupPrivilegeValue
AdjustTokenPrivileges (I there any API to add a privilege)
But I think this is to adjust already existing privileges.
Basically how do i Impersonate another user from a non-admin account?
Thankyou
On Tuesday, July 31, 2007 10:31 AM Kellie Fitton wrote:
On Jul 31, 5:34 am, pradeep <prad...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
You can use the following APIs to impersonate another user:
LogonUserEx()
ImpersonateLoggedOnUser()
GetUserProfileDirectory()
LoadUserProfile()
................................................................
UnloadUserProfile()
http://msdn2.microsoft.com/En-US/library/aa378189.aspx
http://msdn2.microsoft.com/en-US/library/aa378612.aspx
http://msdn2.microsoft.com/en-us/library/aa373772.aspx
http://msdn2.microsoft.com/En-US/library/aa374341.aspx
http://msdn2.microsoft.com/en-US/library/aa375098.aspx
Kellie.
On Tuesday, July 31, 2007 11:38 AM Stefan Kuhr wrote:
Hello Pradeep,
pradeep wrote:
Have you tried reverting the order of your LoadUserProfile and
ImpsersonateLoggedOnUser calls?
--
Stefan
On Tuesday, July 31, 2007 2:14 PM Johannes Passing wrote:
MSDN says 'The calling process must have the SE_RESTORE_NAME and
SE_BACKUP_NAME privileges'. Have you made sure the impersonated user
actually holds these two privileges and that they are enabled?
--Johannes
pradeep wrote:
--
Johannes Passing - http://int3.de/
On Sunday, August 05, 2007 4:52 PM Jos Scherders wrote:
Hi,
I asked a similar question a while ago and the responds I got was that you
really need to be an Administrator. So I don't think you will be able to get
this to work. Btw. I also tried everything I could think off to make this
work and I was unsuccessfull (In fact, even inpersonating
a Admin account doesn't work.)
I you do find a solution I would be veru interested in hearing how you got
it working. :)
Jos.
"pradeep" <pradeep@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:734A6AEE-B14C-49C7-BA7C-6E4AA4A136D3@xxxxxxxxxxxxxxxx
.Submitted via EggHeadCafe
SharePoint Status Bar Access Via Client Side API
http://www.eggheadcafe.com/tutorials/aspnet/4bc37d0d-4e04-4202-9828-c6b717744989/sharepoint-status-bar-access-via-client-side-api.aspx
- Next by Date: How to check if particular user is domain Admin?
- Next by thread: How to check if particular user is domain Admin?
- Index(es):
Relevant Pages
|
