Re: Impersonate user from ASP.NET - access to network file share

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Willy Denoyette [MVP] (willy.denoyette_at_pandora.be)
Date: 12/08/04 

Date: Wed, 8 Dec 2004 21:38:57 +0100

1.You should not use LOGON32_LOGON_INTERACTIVE, instead you should Call
LogonUser specifying LOGON32_LOGON_NETWORK_CLEARTEXT (8) or
LOGON32_LOGON_NEW_CREDENTIALS (9) as logontype.
2. You should not call DuplicateToken, instead you should use the token
obtained from LogonUser to create the temp WindowsIdentity.

Willy.

PS. LOGON32_LOGON_NEW_CREDENTIALS can only be used by Domain credentials on
a W2K AD domain.

"Michelle" <Michelle@bwalk.com> wrote in message
news:92c953bf.0412081131.5886cccf@posting.google.com...
> Hello!
>
> I have an ASP.NET application (1.1 framework) that needs to be able to
> read/write files on a network share. The access to this file share
> will be fairly restricted, so I need to impersonate a specific user
> account on our domain in order to gain access. The impersonation is
> only needed for the sections that reads/writes files. I have tried
> using the code from
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158#4
> and many other similar sources with no success. I do not get any
> errors, but I am not logged in using the username and passoword I
> provide so I cannot access the network (it remains the anonymous
> user). I have tried putting the impersonation code into a Class
> Library and calling that from the web application with the same
> results.
>
> I must be doing something wrong. Any help would be appreciated.
> (see code snippets below - irrelevant code has been removed)
>
> Thank you,
> Michelle
>
>
> ** CLASS LIBRARY **
> ****************************
>
> Imports System.IO
> Imports System.String
> Imports System.Security.Principal
> Imports System.Security
>
>
>
> Public Class PerformanceReviewAttachment
>
>
> Private Shared LOGON32_LOGON_INTERACTIVE As Integer = 2
> Private Shared LOGON32_PROVIDER_DEFAULT As Integer = 0
> Private Shared impersonationContext As WindowsImpersonationContext
>
> Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername
> As String, _
> ByVal lpszDomain As String, _
> ByVal lpszPassword As String, _
> ByVal dwLogonType As Integer, _
> ByVal dwLogonProvider As Integer, _
> ByRef phToken As IntPtr) As Integer
>
> Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
> ByVal ExistingTokenHandle As IntPtr, _
> ByVal ImpersonationLevel As Integer, _
> ByRef DuplicateTokenHandle As IntPtr) As
> Integer
>
> Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
> Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle
> As IntPtr) As Long
>
>
>
>
> Shared Function impersonateValidUser(ByVal userName As String,
> ByVal domain As String, ByVal password As String) As Boolean
> Dim tempWindowsIdentity As WindowsIdentity
> Dim token As IntPtr = IntPtr.Zero
> Dim tokenDuplicate As IntPtr = IntPtr.Zero
> impersonateValidUser = False
>
> If RevertToSelf() <> 0 Then
> If LogonUserA(userName, domain, password,
> LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> tempWindowsIdentity = New
> WindowsIdentity(tokenDuplicate)
> impersonationContext =
> tempWindowsIdentity.Impersonate()
> If Not impersonationContext Is Nothing Then
> impersonateValidUser = True
> End If
> End If
> End If
> End If
> If Not tokenDuplicate.Equals(IntPtr.Zero) Then
> CloseHandle(tokenDuplicate)
> End If
> If Not token.Equals(IntPtr.Zero) Then
> CloseHandle(token)
> End If
> End Function
>
> Shared Sub undoImpersonation()
> impersonationContext.Undo()
> End Sub
> End Class
>
>
>
>
> ** WEB FORM **
> ****************************
>
> Private Sub Submit1_ServerClick(ByVal sender As System.Object,
> ByVal e As System.EventArgs) Handles Submit1.ServerClick
> Try
>
> If classLibrary.impersonateValidUser("user",
> "domain", "pwd") Then
> File1.PostedFile.SaveAs(strFileName)
> classLibrary.undoImpersonation()
> Else
> Throw New ApplicationException("Failed")
> End If
> Catch Ex As Exception
> lblErrorMessage.Text = ex.Message
> End Try
> End Sub

Relevant Pages

  • Re: problem with IListSource does not contain data source!!
    ... Imports System.Web.UI ... Private strSQLserver As String = "" ... Protected WithEvents grdNames As DataGrid ... Protected Overrides Sub CreateChildControls() ...
    (microsoft.public.sharepoint.portalserver.development)
  • Impersonation Problem
    ... I'm having a difficult time with impersonation. ... Imports System.Runtime.InteropServices ... lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword ... Dim tokenHandle As IntPtr = New IntPtr ...
    (microsoft.public.dotnet.framework.aspnet)
  • vb.net error while registering evevents
    ... Evidence assemblySecurity, String[] args) ... Imports System.Runtime.Remoting.Channels.Http ... Public Class Client ... Public Sub New ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Prompting for user id/password when using Integrated Security
    ... ' Description: Encapsulates Win32 impersonation API ... (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal ... Private Sub Class_Initialize ... Dim nSuccess As Long ...
    (microsoft.public.data.ado)
  • Re: Vista - Starting a Service
    ... ByVal lpszDomain As String, _ ... Public Event eSpecificUserImpersonation(ByVal Success As Boolean) ... Public Sub New(ByVal UserName As String, ByVal Password As String, ByVal ... 'Your impersonation failed. ...
    (microsoft.public.dotnet.general)