Solved

Access a server file using impersonation

Posted on 2006-06-19
13
495 Views
Last Modified: 2008-08-26
I have to access an internal file from a web application and need to use impersonation to get access to the server.

I have not been sucessful so far, and the "help" files for .NET are somewhat lacking...

it's an asp.Net application with C# code behind.

Thank you,

Michelle
0
Comment
Question by:mnp13
  • 6
  • 3
13 Comments
 
LVL 12

Expert Comment

by:sumix
ID: 16940049
0
 

Author Comment

by:mnp13
ID: 17099544
please leave it active, I am still working on the project. thank you.
0
 

Author Comment

by:mnp13
ID: 17156530
It's not working and not giving me an error message or any indication of why...

it throws me to the "catch" at this line: impersonationContext =
                              ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 96

Expert Comment

by:Bob Learned
ID: 17159369
Can you show me how you are using this code?

Bob
0
 

Author Comment

by:mnp13
ID: 17160832
I'll post the section of code I"m useing on Monday, as it is on my work computer. Thanks!
0
 

Author Comment

by:mnp13
ID: 17167690
using System.Security.Principal;

...code...


                        System.Security.Principal.WindowsImpersonationContext impersonationContext;
                        impersonationContext =
                              ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate();
                  if (servPath.Equals("Null"))
                  {
                        this.hypServPDF.Enabled = false;
                        this.hypServPDF.Text = "not available";
                  }
                  else
                  {


                        this.hypServPDF.Enabled = true;
                        this.hypServPDF.Text = "Download";
                        this.hypServPDF.NavigateUrl = servPath.ToString();
                        this.hypServPDF.Target = "bill";



                  }
                        impersonationContext.Undo();
                  
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17189742
Here is a class converted from VB.NET (untested):

using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;

public class WindowsImpersonator
{

  [DllImport("advapi32.dll", CharSet=CharSet.Auto)]
  private static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

  [DllImport("kernel32.dll")]
  private static extern int FormatMessage(int dwFlags, ref IntPtr lpSource, int dwMessageId, int dwLanguageId, ref string lpBuffer, int nSize, ref IntPtr Arguments);

  [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
  private static extern bool CloseHandle(IntPtr handle);

  [DllImport("advapi32.dll", CharSet=CharSet.Auto)]
  private static extern bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

  private WindowsImpersonationContext m_impersonatedUser;

  private static string GetErrorMessage(int errorCode)
  {
    int FORMAT_MESSAGE_ALLOCATE_BUFFER = 256;
    int FORMAT_MESSAGE_IGNORE_INSERTS = 512;
    int FORMAT_MESSAGE_FROM_SYSTEM = 4096;

    int messageSize = 255;
    string lpMsgBuf = "";
    int dwFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS;

    IntPtr ptrlpSource = IntPtr.Zero;
    IntPtr prtArguments = IntPtr.Zero;

    int retVal = FormatMessage(dwFlags, ref ptrlpSource, errorCode, 0, ref lpMsgBuf, messageSize, ref prtArguments);
    if (0 == retVal)
    {
      throw new Exception("Failed to format message for error code " + errorCode.ToString() + ". ");
    }
    return lpMsgBuf;
  }

  public void Impersonate(string domainName, string userName, string password)
  {
    const int LOGON32_PROVIDER_DEFAULT = 0;
    const int LOGON32_LOGON_INTERACTIVE = 2;
    const int SecurityImpersonation = 2;
    IntPtr tokenHandle = IntPtr.Zero;
    IntPtr dupeTokenHandle = IntPtr.Zero;
    try
    {
      bool returnValue = LogonUser(userName, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle);
      if (!returnValue)
      {
        int ret = Marshal.GetLastWin32Error();
        throw new Exception(string.Format("Error: [{0}] {1}", ret, GetErrorMessage(ret)));
      }
      bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);
      if (!retVal)
      {
        CloseHandle(tokenHandle);
        throw new Exception("Exception thrown in trying to duplicate token.");
      }
      WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
      m_impersonatedUser = newId.Impersonate();
      if (tokenHandle != IntPtr.Zero)
      {
        CloseHandle(tokenHandle);
      }
      if (dupeTokenHandle != IntPtr.Zero)
      {
        CloseHandle(dupeTokenHandle);
      }
    }
    catch (Exception ex)
    {
      Console.WriteLine(("Exception occurred. " + ex.Message));
    }
  }

  public void Undo()
  {
    m_impersonatedUser.Undo();
  }

  public string CurrentName
  {
    get { return WindowsIdentity.GetCurrent().Name; }
  }

}

Bob
0
 

Author Comment

by:mnp13
ID: 17189883
That is about 10 miles over my head. where do I put that, and where do I put the file path it is suppoed to be accessing?
0
 
LVL 96

Accepted Solution

by:
Bob Learned earned 500 total points
ID: 17191139
Sorry for the great distance.

Here are the steps:

1) Copy/paste that code into a class module

2) Create an instance of the class:

   WindowsImpersonator alias = new WindowsImpersonator();

3) Impersonate someone:

    alias.Impersonate("domain", "user", "password");

4) When your done Undo:

    alias.Undo();

5) The current name is here:

    string currentName = alias.CurrentName;

Bob
0
 

Author Comment

by:mnp13
ID: 17192855
ok, I'll give it a go...

I'm off of work until Monday, but I will try it and repond then.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article series is supposed to shed some light on the use of IDisposable and objects that inherit from it. In essence, a more apt title for this article would be: using (IDisposable) {}. I’m just not sure how many people would ge…
This article introduced a TextBox that supports transparent background.   Introduction TextBox is the most widely used control component in GUI design. Most GUI controls do not support transparent background and more or less do not have the…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question