Re: Impersonate ARRRRRRRRRRRRRRRRRRGG!

From: Ciaran (ciaran_at_theodonnells.plus.com)
Date: 12/18/04

  • Next message: Jim: "C# Large Font Small Font Bug???? Fix???" 
    Date: Sat, 18 Dec 2004 00:59:52 -0000

    One this i see wrong is LogonUser returns an int.
    Second, the token you get back cant be used for impersonation and needs to
    be converted to a primary token.
    I have some code around here somewhere and will post it when I find it.
    Probably monday

    Ciaran

    "Ian Frawley" <chocks@away.com> wrote in message
    news:hO3nd.3$AM.340@news-1.opaltelecom.net...
    > Anyone used the WindowsIdentity class with success? I find if I try to
    > change the current identity to one that exists on another machine and then
    > try to perform and action on that machine i.e. restart a service or list
    > the
    > available processes I keep getting access denied exceptions. Here is an
    > example of my code:
    >
    > [DllImport("advapi32.dll", SetLastError=true)]
    > public extern static bool LogonUser(String lpszUsername, String
    > lpszDomain,
    > String lpszPassword, int dwLogonType,
    > int dwLogonProvider, ref IntPtr phToken);
    >
    > [STAThread]
    > static void Main(string[] args)
    > {
    > IntPtr UserToken = new IntPtr(0);
    >
    > //int UserToken;
    > bool loggedOn;
    >
    > try
    > {
    > loggedOn = LogonUser(
    > "Administrator",
    > Dns.GetHostName(),
    > "",3,0, ref UserToken);
    > }
    > catch(Exception ex)
    > {
    > throw ex;
    > }
    >
    > if(loggedOn)
    > {
    > WindowsIdentity SystemMonitorUser = new WindowsIdentity(UserToken);
    > WindowsImpersonationContext ImpersonatedUser =
    > SystemMonitorUser.Impersonate();
    > Console.WriteLine(SystemMonitorUser.Name);
    >
    > try
    > {
    > Process[] _process;
    >
    > _process = Process.GetProcesses("192.168.6.236");
    >
    > foreach (Process p in _process)
    > {
    > Console.WriteLine(p.ProcessName.ToString());
    > }
    > }
    > catch (Exception ex)
    > {
    > Console.WriteLine(ex.Message);
    > throw ex;
    > }
    >
    > ImpersonatedUser.Undo();
    > }
    >
    > }
    >
    > Ian
    >
    >
    > --
    > "Life should NOT be a journey to the grave
    > with the intention of arriving safely in an
    > attractive and well preserved body,
    > but rather to skid in sideways,
    > chocolate in one hand, beer in the other,
    > body thoroughly used up,
    > totally worn out and screaming
    > WOO HOO what a ride!"
    >
    >

  • Next message: Jim: "C# Large Font Small Font Bug???? Fix???"

    Relevant Pages

    • Re: impersonation problem - any good resources ?
      ... "The LogonUser function attempts to log a user on to the local computer. ... > allow ' proper execution presents a security risk. ... > Imports System.Runtime.InteropServices ... It seems to me that it means that if the impersonation took, ...
      (microsoft.public.dotnet.security)
    • Re: NT based roles using forms authentication
      ... Windows manage the authentication and impersonation with a web.config ... This will avoid you having to use LogonUser in your code. ... >Sharat Koya ...
      (microsoft.public.dotnet.framework.aspnet)
    • Impersonate
      ... public extern static bool LogonUser(String lpszUsername, String lpszDomain, ... loggedOn = LogonUser( ... -- "Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, beer in the other, body thoroughly used up, totally worn out and screaming ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Impersonation through HttpModule
      ... > Is there another way to make impersonation instead using LogonUser? ... >> have a process account for each app as there is only one process. ... >> use programmatic impersonation (or explicit impersonation of a specific ...
      (microsoft.public.dotnet.security)