Impersonation and switching back to ASPNET user priviledges

From: nano2k <adrian.rotaru@xxxxxxxxxxx>
Date: Wed, 27 Jun 2007 01:06:10 -0700

Hi

In my webservice, for certain requests, I need to start another
process on the server side.
To start My process, I need to have administrative rights, so i'm
using the impersonation mechanism using a predefined fixed user
account on server machine.
All works fine, no problem, but after the process starts, I need to
"revert" to ASPNET or NETWORK SERVICES user account priviledges. This
part is what I'm missing.

To impersonate, i'm using this code:

public static bool impersonateValidUser(String userName, String
domain, String password) {
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;

if(WinAPI.RevertToSelf()) {
if(WinAPI.LogonUserA(userName, domain, password,
WinAPI.LOGON32_LOGON_INTERACTIVE,
WinAPI.LOGON32_PROVIDER_DEFAULT, ref token) != 0) {
if(WinAPI.DuplicateToken(token, 2, ref tokenDuplicate) != 0) {
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null) {
WinAPI.CloseHandle(token);
WinAPI.CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
WinAPI.CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
WinAPI.CloseHandle(tokenDuplicate);
return false;
}

I tried using the above method like this:

//save current user account:
string name = Environment.UserName;
string domain = Environment.UserDomainName;

bool b = impersonateValidUser("admin_user", "domain", "pass");
//b gets the value of true, so impersonation succeeded
//now, start the process
.....
//succeeded
//trying to revert to previous user account (ASPNET or NETWORK
SERVICES for server systems):
b = impersonateValidUser(name, domain, string.Empty);
//b is false - it seems that the ASPNET has a default password (?)

Any ideas? Thanks.

.

Follow-Ups:
- Re: Impersonation and switching back to ASPNET user priviledges
  - From: nano2k

Prev by Date: Re: Client Certificates: The request failed with HTTP status 403: Forbidden.
Next by Date: Re: Impersonation and switching back to ASPNET user priviledges
Previous by thread: Client Certificates: The request failed with HTTP status 403: Forbidden.
Next by thread: Re: Impersonation and switching back to ASPNET user priviledges
Index(es):
- Date
- Thread

Relevant Pages

Re: ReportViewer Control Permission
... tried both a domain user account and a local user account (on the report ... ServerA: installed SQL Server 2005 with Reporting Service; ... public MyCredentials(string user, string pwd, string domain) ... Repeat step 4) but with a domain user account. ...
(microsoft.public.dotnet.framework.aspnet)
Re: ReportViewer Control Permission
... I set up a similar arrangement here on a Windows 2003 Server and it also ... tried both a domain user account and a local user account (on the report ... public MyCredentials(string user, string pwd, string domain) ... Repeat step 4) but with a domain user account. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Impersonation and switching back to ASPNET user priviledges
... using the impersonation mechanism using a predefined fixed user ... "revert" to ASPNET or NETWORK SERVICES user account priviledges. ... public static bool impersonateValidUser(String userName, ...
(microsoft.public.dotnet.framework.aspnet.webservices)
SQL Connection Problem
... An error has occurred while establishing a connection to the server. ... database location within the applications App_Data directory. ... Boolean& failoverDemandDone, String host, String failoverPartner, String ... user, String password, Boolean trusted, String connectionString) +68 ...
(microsoft.public.dotnet.framework.aspnet)
Re: Login Failures
... What is the user account "msmith"? ... please check the SBS Server and the client computer from ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)