Re: Remote call to COM impersonating another user
- From: "JCav" <jcavanaugh@xxxxxxxxxxxx>
- Date: Tue, 8 Jan 2008 13:17:43 -0700
These are the calls I'm using. LogonUser is failing with a 1326 - invalid
userID or password, even though these work when I log onto the machine. So I
never get far enough to make the call to the COM object.
int retxxx = CoInitializeSecurity(IntPtr.Zero, -1, IntPtr.Zero, IntPtr.Zero,
RpcAuthnLevel.Connect, RpcImpLevel.Impersonate, IntPtr.Zero,
(int)EoAuthnCap.DynamicCloaking, IntPtr.Zero);
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
IntPtr tokenHandle = new IntPtr(0);
bool returnValue = LogonUser(xxx", "yyy", "zzz",LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT, ref tokenHandle);
"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message
news:ub%23O2VhUIHA.5404@xxxxxxxxxxxxxxxxxxxxxxx
"JCav" <jcavanaugh@xxxxxxxxxxxx> wrote in message
news:4783a140$0$28841$4c368faf@xxxxxxxxxxxxxxxxx
I'm new to this, so bear with me. I seem to be missing something.
When I call LogonUser, it fails, I think because the domain I need to log
into is not available from the machine I run this from. When I use
the local domain it works fine - I become the other user when I
impersonate him. This is how far I got before the original post. Is there
a call
that sends this information to the server and tells it to do this? As I
said, this works with whatever JIntegra does it.
You don't have to send this information to the server, it's the role of
COM to authenticate the client and pass the security context to the
server.
When you call CoInitializeSecurity, specifying DynamicCloaking (or
StaticCloacking) very early in the process, COM will automatically pass
the impersonation token of the client to the server, the server will use
this token when impersonating (the server needs to call
CoImpersonateClient for this).
What you need to take care of is that the token passed is an impersonating
token, so be carefull when calling LogonUser, the token sent must be an
impersonation token not a direct token.
That means that you'll have to specify a "batch" or "interactive" logon
type when calling LogonUser, before calling Impersonate. Another option is
to use a "network" logon type and call "DuplicateToken" before using the
duplicated token in the Impersonate call.
Willy.
.
- Follow-Ups:
- Re: Remote call to COM impersonating another user
- From: Willy Denoyette [MVP]
- Re: Remote call to COM impersonating another user
- References:
- Remote call to COM impersonating another user
- From: JCav
- Re: Remote call to COM impersonating another user
- From: Nicholas Paldino [.NET/C# MVP]
- Re: Remote call to COM impersonating another user
- From: JCav
- Re: Remote call to COM impersonating another user
- From: Willy Denoyette [MVP]
- Re: Remote call to COM impersonating another user
- From: JCav
- Re: Remote call to COM impersonating another user
- From: Willy Denoyette [MVP]
- Remote call to COM impersonating another user
- Prev by Date: RE: delete all files, which older than 5 days
- Next by Date: How to change what directory tfs "get latest version" saves to? I made it desktop the first time it prompted me but want to change the directory to somewhere else..
- Previous by thread: Re: Remote call to COM impersonating another user
- Next by thread: Re: Remote call to COM impersonating another user
- Index(es):
Relevant Pages
|
