RE: Issue With Programmatically Impersonating a User in a Web-Part
- From: Joe <Joe@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 8 Nov 2006 13:11:01 -0800
I'd start by making some changes to your impersonation code. Yours looks a
little more complicated than it has to be, plus you've got application logic
mixed in there with it. Try this code instead:
To start impersonating the Sharepoint domain service account:
WindowsIdentity objOriginalUser = WindowsIdentity.GetCurrent();
RevertToSelf();
WindowsIdentity.GetCurrent().Impersonate();
To stop:
objOriginalUser.Impersonate();
To start impersonating a specific account:
WindowsImpersonationContext wic =
CreateIdentity(ACCOUNTNAME,DOMAIN,PASSWORD).Impersonate();
To stop:
wic.Undo();
And you'll need this code to call that previous code:
using System.Security.Principal;
using System.Runtime.InteropServices;
//////////////////////////////////////
#region Impersonation code
protected static WindowsIdentity CreateIdentity(string User, string
Domain, string Password)
{
// The Windows NT user token.
IntPtr tokenHandle = new IntPtr(0);
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_NETWORK = 3;
tokenHandle = IntPtr.Zero;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(User, Domain, Password,
LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
throw new Exception("LogonUser failed with error code: " + ret);
}
System.Diagnostics.Debug.WriteLine("Created user token: " + tokenHandle);
//The WindowsIdentity class makes a new copy of the token.
//It also handles calling CloseHandle for the copy.
WindowsIdentity id = new WindowsIdentity(tokenHandle);
CloseHandle(tokenHandle);
return id;
}
[DllImport("advapi32.dll", SetLastError=true)]
private static extern bool LogonUser(String lpszUsername, String
lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
private extern static bool CloseHandle(IntPtr handle);
[DllImport("advapi32.dll")]
static extern bool RevertToSelf();
#endregion
"ptranfa@xxxxxxxxx" wrote:
I'm trying to impliment a web-part that will allow select users (ones.
that are added to a custom sharepoint list) to Add, Edit and Delete
user accounts on a Server. The client isn't using active directory yet,
so I'm simply creating local machine accounts. I thought I had
everything up and running, if I hit the web-part logged in with
administrator privelages, the impersonation works, Prints out the
correct name BEFORE impersonation, AFTER impersonation, and then AFTER
UNDOING impersonation. It also creates, edits or deletes the user
account appropriately.
However, if I'm not logged in as a user that has Administrator
privelages, the impersonation fails (kinda the whole point for
impersonation..). Any help would be MUCH appreciated.
- Follow-Ups:
- References:
- Prev by Date: moss 2007 , web service reference adding to a .net application not working.
- Next by Date: RE: Issue With Programmatically Impersonating a User in a Web-Par
- Previous by thread: Re: Issue With Programmatically Impersonating a User in a Web-Part
- Next by thread: RE: Issue With Programmatically Impersonating a User in a Web-Par
- Index(es):
Relevant Pages
|
Loading
