Impersonate user from ASP.NET - access to network file share

From: Michelle (Michelle_at_bwalk.com)
Date: 12/08/04

• Next message: news.sbcglobal.net: "Re: NotifyIcon Doesn't Disappear When Program Closes"
• Previous message: Eric Marthinsen: "Re: Looking for free POP3 server for unit testing"
• Next in thread: Willy Denoyette [MVP]: "Re: Impersonate user from ASP.NET - access to network file share"
• Reply: Willy Denoyette [MVP]: "Re: Impersonate user from ASP.NET - access to network file share"
• Reply: Paul Clement: "Re: Impersonate user from ASP.NET - access to network file share"
• Messages sorted by: [ date ] [ thread ]

Date: 8 Dec 2004 11:31:21 -0800

Hello!

I have an ASP.NET application (1.1 framework) that needs to be able to
read/write files on a network share. The access to this file share
will be fairly restricted, so I need to impersonate a specific user
account on our domain in order to gain access. The impersonation is
only needed for the sections that reads/writes files. I have tried
using the code from http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158#4
and many other similar sources with no success. I do not get any
errors, but I am not logged in using the username and passoword I
provide so I cannot access the network (it remains the anonymous
user). I have tried putting the impersonation code into a Class
Library and calling that from the web application with the same
results.

I must be doing something wrong. Any help would be appreciated.
(see code snippets below - irrelevant code has been removed)

Thank you,
Michelle

** CLASS LIBRARY **
****************************

Imports System.IO
Imports System.String
Imports System.Security.Principal
Imports System.Security

Public Class PerformanceReviewAttachment

   Private Shared LOGON32_LOGON_INTERACTIVE As Integer = 2
   Private Shared LOGON32_PROVIDER_DEFAULT As Integer = 0
   Private Shared impersonationContext As WindowsImpersonationContext

   Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername
As String, _
                            ByVal lpszDomain As String, _
                            ByVal lpszPassword As String, _
                            ByVal dwLogonType As Integer, _
                            ByVal dwLogonProvider As Integer, _
                            ByRef phToken As IntPtr) As Integer

    Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
                            ByVal ExistingTokenHandle As IntPtr, _
                            ByVal ImpersonationLevel As Integer, _
                            ByRef DuplicateTokenHandle As IntPtr) As
Integer

    Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
    Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle
As IntPtr) As Long

    Shared Function impersonateValidUser(ByVal userName As String,
ByVal domain As String, ByVal password As String) As Boolean
        Dim tempWindowsIdentity As WindowsIdentity
        Dim token As IntPtr = IntPtr.Zero
        Dim tokenDuplicate As IntPtr = IntPtr.Zero
        impersonateValidUser = False

        If RevertToSelf() <> 0 Then
            If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
                If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
                    tempWindowsIdentity = New
WindowsIdentity(tokenDuplicate)
                    impersonationContext =
tempWindowsIdentity.Impersonate()
                    If Not impersonationContext Is Nothing Then
                        impersonateValidUser = True
                    End If
                End If
            End If
        End If
        If Not tokenDuplicate.Equals(IntPtr.Zero) Then
            CloseHandle(tokenDuplicate)
        End If
        If Not token.Equals(IntPtr.Zero) Then
            CloseHandle(token)
        End If
    End Function

    Shared Sub undoImpersonation()
        impersonationContext.Undo()
    End Sub
End Class

** WEB FORM **
****************************

    Private Sub Submit1_ServerClick(ByVal sender As System.Object,
ByVal e As System.EventArgs) Handles Submit1.ServerClick
                Try

                        If classLibrary.impersonateValidUser("user",
"domain", "pwd") Then
                            File1.PostedFile.SaveAs(strFileName)
                            classLibrary.undoImpersonation()
                        Else
                            Throw New ApplicationException("Failed")
                        End If
                Catch Ex As Exception
                        lblErrorMessage.Text = ex.Message
                End Try
    End Sub

• Next message: news.sbcglobal.net: "Re: NotifyIcon Doesn't Disappear When Program Closes"
• Previous message: Eric Marthinsen: "Re: Looking for free POP3 server for unit testing"
• Next in thread: Willy Denoyette [MVP]: "Re: Impersonate user from ASP.NET - access to network file share"
• Reply: Willy Denoyette [MVP]: "Re: Impersonate user from ASP.NET - access to network file share"
• Reply: Paul Clement: "Re: Impersonate user from ASP.NET - access to network file share"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint