Re: Remote call to COM impersonating another user

"JCav" <jcavanaugh@xxxxxxxxxxxx> wrote in message news:4783a140$0$28841$4c368faf@xxxxxxxxxxxxxxxxx
I'm new to this, so bear with me. I seem to be missing something.

When I call LogonUser, it fails, I think because the domain I need to log into is not available from the machine I run this from. When I use
the local domain it works fine - I become the other user when I impersonate him. This is how far I got before the original post. Is there a call
that sends this information to the server and tells it to do this? As I said, this works with whatever JIntegra does it.


You don't have to send this information to the server, it's the role of COM to authenticate the client and pass the security context to the server.
When you call CoInitializeSecurity, specifying DynamicCloaking (or StaticCloacking) very early in the process, COM will automatically pass the impersonation token of the client to the server, the server will use this token when impersonating (the server needs to call CoImpersonateClient for this).
What you need to take care of is that the token passed is an impersonating token, so be carefull when calling LogonUser, the token sent must be an impersonation token not a direct token.
That means that you'll have to specify a "batch" or "interactive" logon type when calling LogonUser, before calling Impersonate. Another option is to use a "network" logon type and call "DuplicateToken" before using the duplicated token in the Impersonate call.




Willy.

.

Relevant Pages

  • Re: Remote call to COM impersonating another user
    ... When I call LogonUser, it fails, I think because the domain I need to log ... that sends this information to the server and tells it to do this? ... type when calling LogonUser, before calling Impersonate. ...
    (microsoft.public.dotnet.languages.csharp)
  • LogonUser works only after installing SQL Server 2000
    ... On Win XP or Server 2003 it works. ... But the strangest thing i've found out after some tests: LogonUser ... works after i installed a standard SQL Server 2000 installation. ... installation i've always got error 1314 when try to impersonate. ...
    (microsoft.public.win2000.security)
  • LogonUser works only after installing SQL Server 2000
    ... On Win XP or Server 2003 it works. ... But the strangest thing i've found out after some tests: LogonUser ... works after i installed a standard SQL Server 2000 installation. ... installation i've always got error 1314 when try to impersonate. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Under which credentials COM makes calls from another process?
    ... There are two ways our server application (server here is not ... authenticate via SSPI. ... which is used later to impersonate thread on the server ... can get some properties of these objects: client IP address and port, ...
    (microsoft.public.win2000.developer)
  • Re: Under which credentials COM makes calls from another process?
    ... There are two ways our server application (server here is not ... authenticate via SSPI. ... which is used later to impersonate thread on the server ... can get some properties of these objects: client IP address and port, ...
    (microsoft.public.platformsdk.security)