Re: Impersonation and switching back to ASPNET user priviledges

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I think I found my answer.
Calling WinAPI.RevertToSelf() after finishing all operations that
required impersonation seems to work.



nano2k a scris:
Hi

In my webservice, for certain requests, I need to start another
process on the server side.
To start My process, I need to have administrative rights, so i'm
using the impersonation mechanism using a predefined fixed user
account on server machine.
All works fine, no problem, but after the process starts, I need to
"revert" to ASPNET or NETWORK SERVICES user account priviledges. This
part is what I'm missing.

To impersonate, i'm using this code:

public static bool impersonateValidUser(String userName, String
domain, String password) {
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;

if(WinAPI.RevertToSelf()) {
if(WinAPI.LogonUserA(userName, domain, password,
WinAPI.LOGON32_LOGON_INTERACTIVE,
WinAPI.LOGON32_PROVIDER_DEFAULT, ref token) != 0) {
if(WinAPI.DuplicateToken(token, 2, ref tokenDuplicate) != 0) {
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null) {
WinAPI.CloseHandle(token);
WinAPI.CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
WinAPI.CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
WinAPI.CloseHandle(tokenDuplicate);
return false;
}

I tried using the above method like this:

//save current user account:
string name = Environment.UserName;
string domain = Environment.UserDomainName;

bool b = impersonateValidUser("admin_user", "domain", "pass");
//b gets the value of true, so impersonation succeeded
//now, start the process
....
//succeeded
//trying to revert to previous user account (ASPNET or NETWORK
SERVICES for server systems):
b = impersonateValidUser(name, domain, string.Empty);
//b is false - it seems that the ASPNET has a default password (?)

Any ideas? Thanks.

.

Relevant Pages

  • Issue With Programmatically Impersonating a User in a Web-Part
    ... correct name BEFORE impersonation, AFTER impersonation, and then AFTER ... private string currentUser; ... private void Page_Load ...
    (microsoft.public.sharepoint.portalserver.development)
  • Impersonation and switching back to ASPNET user priviledges
    ... process on the server side. ... using the impersonation mechanism using a predefined fixed user ... "revert" to ASPNET or NETWORK SERVICES user account priviledges. ... public static bool impersonateValidUser(String userName, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Prompting for user id/password when using Integrated Security
    ... ' Description: Encapsulates Win32 impersonation API ... (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal ... Private Sub Class_Initialize ... Dim nSuccess As Long ...
    (microsoft.public.data.ado)
  • Re: Impersonation (pour Michel)
    ... > tried to implement impersonation code in my web part over and over ... > protected static WindowsIdentity CreateIdentity(string User, ... > //The WindowsIdentity class makes a new copy of the token. ... > output.Write(GetSiteHTML(oMasterWeb, userName, "")); ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Vista - Starting a Service
    ... ByVal lpszDomain As String, _ ... Public Event eSpecificUserImpersonation(ByVal Success As Boolean) ... Public Sub New(ByVal UserName As String, ByVal Password As String, ByVal ... 'Your impersonation failed. ...
    (microsoft.public.dotnet.general)