Re: Remote call to COM impersonating another user

---

• From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
• Date: Mon, 7 Jan 2008 18:23:17 +0100

---

"JCav" <jcavanaugh@xxxxxxxxxxxx> wrote in message news:47824941$0$8795$4c368faf@xxxxxxxxxxxxxxxxx

It's set up for remote calls - I am able to make these calls remotely using JIntegra. I guess what I need is to duplicate what JIntegra does. I get authentication errors which leads me to believe that I need the mechanism that sets up the call with credentials - in this case userID, password.

The client needs to set the security context for the DCOM call at the very beginning of the start of the process (before creating the first (D)COM instance).
This can be done by calling "CoInitializeSecurity" using PInvoke, when calling CoInitializeSecurity you'll have to set "DynamicCloaking" and the "Impersonate" level for proxies in order to be able to impersonate the "caller" at the server.
Note that the client needs to impersonate "the" windows client before calling into the DCOM server, this again requires you to use PInvoke to call "LogonUser" followed by an WindowsIdentity.Impersonate call using the token obtained from LogonUser.

Herewith the CoInitializeSecurity PInvoke stuff to get you started.


public enum RpcAuthnLevel
{
Default = 0,
None,
Connect,
Call,
Pkt,
PktIntegrity,
PktPrivacy
}

public enum RpcImpLevel
{
Default = 0,
Anonymous,
Identify,
Impersonate,
Delegate
}


public enum EoAuthnCap
{
None = 0x00,
MutualAuth = 0x01,
StaticCloaking = 0x20,
DynamicCloaking = 0x40,
AnyAuthority = 0x80,
MakeFullSIC = 0x100,
Default = 0x800,
SecureRefs = 0x02,
AccessControl = 0x04,
AppID = 0x08,
Dynamic = 0x10,
RequireFullSIC = 0x200,
AutoImpersonate = 0x400,
NoCustomMarshal = 0x2000,
DisableAAA = 0x1000
}

[DllImport("Ole32.dll",
ExactSpelling = true,
EntryPoint = "CoInitializeSecurity",
CallingConvention = CallingConvention.StdCall,
SetLastError = false,
PreserveSig = false)]

private static extern void CoInitializeSecurity(
IntPtr pVoid,
int cAuthSvc,
IntPtr asAuthSvc,
IntPtr pReserved1,
uint dwAuthnLevel,
uint dwImpLevel,
IntPtr pAuthList,
uint dwCapabilities,
IntPtr pReserved3);

// Usage
....
// Initialize COM security for the process specifying impersonate for the outgoing calls
CoInitializeSecurity(IntPtr.Zero,
-1,
IntPtr.Zero,
IntPtr.Zero,
(uint)RpcAuthnLevel.Connect,
(uint)RpcImpLevel.Impersonate,
IntPtr.Zero,
(uint)EoAuthnCap.DynamicCloaking,
IntPtr.Zero);
...
// Impersonate a windows client (LogonUser & Impersonate) and call the server here.
// Create/Create remote instance ...


Willy.

.

---

• Follow-Ups:
  • Re: Remote call to COM impersonating another user
    • From: JCav

• References:
  • Remote call to COM impersonating another user
    • From: JCav
  • Re: Remote call to COM impersonating another user
    • From: Nicholas Paldino [.NET/C# MVP]
  • Re: Remote call to COM impersonating another user
    • From: JCav

• Prev by Date: Re: Can't figure out this issue with Generics
• Next by Date: Re: Why an @ in file path?
• Previous by thread: Re: Remote call to COM impersonating another user
• Next by thread: Re: Remote call to COM impersonating another user
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Remote call to COM impersonating another user ... When I call LogonUser, it fails, I think because the domain I need to log ... the local domain it works fine - I become the other user when I impersonate ... This can be done by calling "CoInitializeSecurity" using PInvoke, ... IntPtr asAuthSvc, ... (microsoft.public.dotnet.languages.csharp) RE: Occasional SecurityException when impersonating a user on a new th ... Why don't you just use SQL server authentication? ... it won't matter what the identity is of the calling thread. ... the new thread impersonate the local user so that the thread will be ... executes a long running task in a separate thread and refresh the ... (microsoft.public.dotnet.framework.aspnet) Re: IIS Filters and SF_NOTIFY_AUTH_COMPLETE Notification ... You should be creating a separate thread to handle this call, ... Can you post the CCI call? ... doing anything before the CCI call (maybe something is calling ... > in order to impersonate the said user. ... (microsoft.public.inetserver.iis.security) Re: Security and file permissions.... ... I use the following class to impersonate a user in one of my programs. ... public static bool Impersonate(string logon, string password, string ... IntPtr tokenDuplicate = IntPtr.Zero; ... public static extern int LogonUser( ... (microsoft.public.dotnet.languages.vb) LogonUser issues ... of the local machine, it tries to impersonate me, not the credentials I gave ... public static extern int LogonUser(string lpszUsername, string lpszDomain, ... string lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr ... IntPtr admin_token; ... (microsoft.public.dotnet.languages.csharp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)