what is Impersonation

Home ›

ASP.NET Forums » General ASP.NET » Security » what is Impersonation

Shortcuts

Previous Next

Last post 01-22-2007 11:02 AM by IMBack. 18 replies.

Sort Posts:

what is Impersonation

01-19-2007, 5:11 PM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

can some one expain me what is Impersonation from an ASP.NET side and when it can be used. If you have any simple examples, please share.

Thank you,

Re: what is Impersonation

01-19-2007, 6:14 PM

Contact

Answer

1,020 point Participant
Rivelyn
Member since 06-20-2006, 9:57 PM
Posts 532

I don't have an example coded because I have never had to use it yet in any of my application but it is pretty much what it says. You can programatically Impersonate a registered user.

Say for an example you need none administrative members of your website to briefly have administrative rights to perform a task of some kind on your site, when the code is called for your user that needs administrative rights you can use the Impersonation class with an Administrative userName and Password for the action.

www.someguy.ca rantings from some Canadian guy
Follow me on twitter as well twitter.com/SomeCanadianGuy

Re: what is Impersonation

01-22-2007, 2:55 AM

Contact

Answer

3,076 point Contributor
Leijun Jie - MSFT
Member since 12-13-2006, 1:22 AM
Posts 351

Hi IMBack, here are some useful links for you:

ASP.NET Impersonation

How to implement impersonation in an ASP.NET application

The future is now...
Sincerely,
LeiJun Jie
Microsoft Online Community Support

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:00 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:01 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:01 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:01 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:01 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Re: what is Impersonation

01-22-2007, 11:01 AM

Contact

293 point Member
IMBack
Member since 01-11-2007, 5:29 PM
Posts 411

Hi I tried implementing the code from : http://support.microsoft.com/kb/306158. But I am allitle bit confused of how it works.

for example: if(impersonateValidUser("username", "domain", "password")) //where do I get this information?

I have attached the code behind that I currenlty have, please let me know what should be changed.

Thank you,

public const int LOGON32_LOGON_INTERACTIVE = 2;

public const int LOGON32_PROVIDER_DEFAULT = 0;

WindowsImpersonationContext impersonationContext;

[DllImport("advapi32.dll")]

public static extern int LogonUserA(String lpszUserName,

String lpszDomain,

String lpszPassword,

int dwLogonType,

int dwLogonProvider,

ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern int DuplicateToken(IntPtr hToken,

int impersonationLevel,

ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=

true)]

public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet=CharSet.Auto)]

public static extern bool CloseHandle(IntPtr handle);

private void Page_Load(object sender, System.EventArgs e)

{

try

{

//System.Security.Principal.WindowsImpersonationContext i ;

string username = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate().ToString();

if(impersonateValidUser(username, "domain", "password"))

{

//Insert your code that runs under the security context of a specific user here.

Response.Write(" |Insert your code that runs under the security context of a specific user here.");

undoImpersonation();

}

else

{

//Your impersonation failed. Therefore, include a fail-safe mechanism here.

Response.Write(" |Your impersonation failed");

}

catch(Exception ex)

{

Response.Write(" |"+ ex.Message+ "| ");

}

private bool impersonateValidUser(string userName, string domain, string password)

{

WindowsIdentity tempWindowsIdentity;

IntPtr token = IntPtr.Zero;

IntPtr tokenDuplicate = IntPtr.Zero;

if(RevertToSelf())

{

if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,

LOGON32_PROVIDER_DEFAULT,

ref token) != 0)

{

if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)

{

tempWindowsIdentity =

new WindowsIdentity(tokenDuplicate);

impersonationContext = tempWindowsIdentity.Impersonate();

if (impersonationContext != null)

{

CloseHandle(token);

CloseHandle(tokenDuplicate);

return true;

}

if(token!= IntPtr.Zero)

CloseHandle(token);

if(tokenDuplicate!=IntPtr.Zero)

CloseHandle(tokenDuplicate);

return false;

}

private void undoImpersonation()

{

impersonationContext.Undo();

}

==========web config file===============

<system.web>

</system.web>

Page 1 of 2 (19 items) 1 2 Next >

RSS Available