Re: Remote call to COM impersonating another user
- From: "JCav" <jcavanaugh@xxxxxxxxxxxx>
- Date: Tue, 8 Jan 2008 09:13:34 -0700
I'm new to this, so bear with me. I seem to be missing something.
When I call LogonUser, it fails, I think because the domain I need to log
into is not available from the machine I run this from. When I use
the local domain it works fine - I become the other user when I impersonate
him. This is how far I got before the original post. Is there a call
that sends this information to the server and tells it to do this? As I
said, this works with whatever JIntegra does it.
"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message
news:OBIe$HVUIHA.4584@xxxxxxxxxxxxxxxxxxxxxxx
"JCav" <jcavanaugh@xxxxxxxxxxxx> wrote in message
news:47824941$0$8795$4c368faf@xxxxxxxxxxxxxxxxx
It's set up for remote calls - I am able to make these calls remotelyThe client needs to set the security context for the DCOM call at the very
using JIntegra. I guess what I need is to duplicate what JIntegra does. I
get authentication errors which leads me to believe that I need the
mechanism that sets up the call with credentials - in this case userID,
password.
beginning of the start of the process (before creating the first (D)COM
instance).
This can be done by calling "CoInitializeSecurity" using PInvoke, when
calling CoInitializeSecurity you'll have to set "DynamicCloaking" and
the "Impersonate" level for proxies in order to be able to impersonate the
"caller" at the server.
Note that the client needs to impersonate "the" windows client before
calling into the DCOM server, this again requires you to use PInvoke to
call "LogonUser" followed by an WindowsIdentity.Impersonate call using the
token obtained from LogonUser.
Herewith the CoInitializeSecurity PInvoke stuff to get you started.
public enum RpcAuthnLevel
{
Default = 0,
None,
Connect,
Call,
Pkt,
PktIntegrity,
PktPrivacy
}
public enum RpcImpLevel
{
Default = 0,
Anonymous,
Identify,
Impersonate,
Delegate
}
public enum EoAuthnCap
{
None = 0x00,
MutualAuth = 0x01,
StaticCloaking = 0x20,
DynamicCloaking = 0x40,
AnyAuthority = 0x80,
MakeFullSIC = 0x100,
Default = 0x800,
SecureRefs = 0x02,
AccessControl = 0x04,
AppID = 0x08,
Dynamic = 0x10,
RequireFullSIC = 0x200,
AutoImpersonate = 0x400,
NoCustomMarshal = 0x2000,
DisableAAA = 0x1000
}
[DllImport("Ole32.dll",
ExactSpelling = true,
EntryPoint = "CoInitializeSecurity",
CallingConvention = CallingConvention.StdCall,
SetLastError = false,
PreserveSig = false)]
private static extern void CoInitializeSecurity(
IntPtr pVoid,
int cAuthSvc,
IntPtr asAuthSvc,
IntPtr pReserved1,
uint dwAuthnLevel,
uint dwImpLevel,
IntPtr pAuthList,
uint dwCapabilities,
IntPtr pReserved3);
// Usage
...
// Initialize COM security for the process specifying impersonate for the
outgoing calls
CoInitializeSecurity(IntPtr.Zero,
-1,
IntPtr.Zero,
IntPtr.Zero,
(uint)RpcAuthnLevel.Connect,
(uint)RpcImpLevel.Impersonate,
IntPtr.Zero,
(uint)EoAuthnCap.DynamicCloaking,
IntPtr.Zero);
...
// Impersonate a windows client (LogonUser & Impersonate) and call the
server here.
// Create/Create remote instance ...
Willy.
.
- Follow-Ups:
- Re: Remote call to COM impersonating another user
- From: Willy Denoyette [MVP]
- Re: Remote call to COM impersonating another user
- References:
- Remote call to COM impersonating another user
- From: JCav
- Re: Remote call to COM impersonating another user
- From: Nicholas Paldino [.NET/C# MVP]
- Re: Remote call to COM impersonating another user
- From: JCav
- Re: Remote call to COM impersonating another user
- From: Willy Denoyette [MVP]
- Remote call to COM impersonating another user
- Prev by Date: Data loss with update
- Next by Date: Re: Embed username/password/etc. in exe at install time.
- Previous by thread: Re: Remote call to COM impersonating another user
- Next by thread: Re: Remote call to COM impersonating another user
- Index(es):
Relevant Pages
|
