Thank you for your reply. I used the code
here to create this:
Imports System
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions
Partial Class Default2
Inherits System.Web.UI.Page
<DllImport("C:\Windows\System32\advapi32.dll")> _
Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As Integer) As Boolean
End Function
<DllImport("C:\Windows\System32\Kernel32.dll")> _
Public Shared Function GetLastError() As Integer
End Function
Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
'The Windows NT user token.
Dim token1 As Integer
'Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.
'The parameters for LogonUser are the user name, computer name, password,
'Logon type (LOGON32_LOGON_NETWORK_CLEARTEXT), Logon provider (LOGON32_PROVIDER_DEFAULT),
'and user token.
Dim loggedOn As Boolean = LogonUser("USERNAME", "MACHINENAME", "PASSWORD", 3, 0, token1)
Response.Write("<p><b>LogonUser called</b></p>")
'Call GetLastError to try to determine why logon failed if it did not succeed.
Dim ret As Integer = GetLastError()
Response.Write("<p>LogonUser Success? " + loggedOn.ToString + "<br />")
Response.Write("NT Token Value: " + token1.ToString + "</p>")
If ret <> 0 Then
Response.Write("Error code (126 == ""Specified module could not be found""): " + ret.ToString + "</p>")
End If
'Starting impersonation here:
Response.Write("<p><b>Before impersonation:</b><br />")
Dim mWI1 As WindowsIdentity = WindowsIdentity.GetCurrent()
Response.Write(mWI1.Name.ToString + "<br />")
Response.Write(mWI1.Token.ToString + "</p>")
Dim token2 As IntPtr = New IntPtr(token1)
Response.Write("<p><b>New identity created:</b><br />")
Dim mWI2 As WindowsIdentity = New WindowsIdentity(token2)
Response.Write(mWI2.Name.ToString + "<br />")
Response.Write(mWI2.Token.ToString + "</p>")
'Impersonate the user.
Dim mWIC As WindowsImpersonationContext = mWI2.Impersonate()
Response.Write("<p><b>After impersonation:</b><br />")
Dim mWI3 As WindowsIdentity = WindowsIdentity.GetCurrent()
Response.Write(mWI3.Name.ToString + "<br />")
Response.Write(mWI3.Token.ToString + "</p>")
'Revert to previous identity.
mWIC.Undo()
Response.Write("<p><b>After impersonation is reverted:</b><br />")
Dim mWI4 As WindowsIdentity = WindowsIdentity.GetCurrent()
Response.Write(mWI4.Name.ToString + "<br />")
Response.Write(mWI4.Token.ToString + "</p>")
End Sub
End Class
And it appeared to work properly. (I am sucessfully impersonating the correct user)So I added my drive list collection code but it returns the exact same list before and after impersonation.
I am at a total loss here. Clearly the code executed by ASP even when impersonating another user does not have the same rights or visibility as when that user is actually logged in.
Bdieckman
Member
13 Points
26 Posts
Re: List of directories on local machine (Web Server)
Oct 16, 2011 04:41 PM|LINK
Hello,
Thank you for your reply. I used the code here to create this:
Imports System Imports System.Runtime.InteropServices Imports System.Security.Principal Imports System.Security.Permissions Partial Class Default2 Inherits System.Web.UI.Page <DllImport("C:\Windows\System32\advapi32.dll")> _ Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, _ ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As Integer) As Boolean End Function <DllImport("C:\Windows\System32\Kernel32.dll")> _ Public Shared Function GetLastError() As Integer End Function Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load 'The Windows NT user token. Dim token1 As Integer 'Get the user token for the specified user, machine, and password using the unmanaged LogonUser method. 'The parameters for LogonUser are the user name, computer name, password, 'Logon type (LOGON32_LOGON_NETWORK_CLEARTEXT), Logon provider (LOGON32_PROVIDER_DEFAULT), 'and user token. Dim loggedOn As Boolean = LogonUser("USERNAME", "MACHINENAME", "PASSWORD", 3, 0, token1) Response.Write("<p><b>LogonUser called</b></p>") 'Call GetLastError to try to determine why logon failed if it did not succeed. Dim ret As Integer = GetLastError() Response.Write("<p>LogonUser Success? " + loggedOn.ToString + "<br />") Response.Write("NT Token Value: " + token1.ToString + "</p>") If ret <> 0 Then Response.Write("Error code (126 == ""Specified module could not be found""): " + ret.ToString + "</p>") End If 'Starting impersonation here: Response.Write("<p><b>Before impersonation:</b><br />") Dim mWI1 As WindowsIdentity = WindowsIdentity.GetCurrent() Response.Write(mWI1.Name.ToString + "<br />") Response.Write(mWI1.Token.ToString + "</p>") Dim token2 As IntPtr = New IntPtr(token1) Response.Write("<p><b>New identity created:</b><br />") Dim mWI2 As WindowsIdentity = New WindowsIdentity(token2) Response.Write(mWI2.Name.ToString + "<br />") Response.Write(mWI2.Token.ToString + "</p>") 'Impersonate the user. Dim mWIC As WindowsImpersonationContext = mWI2.Impersonate() Response.Write("<p><b>After impersonation:</b><br />") Dim mWI3 As WindowsIdentity = WindowsIdentity.GetCurrent() Response.Write(mWI3.Name.ToString + "<br />") Response.Write(mWI3.Token.ToString + "</p>") 'Revert to previous identity. mWIC.Undo() Response.Write("<p><b>After impersonation is reverted:</b><br />") Dim mWI4 As WindowsIdentity = WindowsIdentity.GetCurrent() Response.Write(mWI4.Name.ToString + "<br />") Response.Write(mWI4.Token.ToString + "</p>") End Sub End ClassAnd it appeared to work properly. (I am sucessfully impersonating the correct user)So I added my drive list collection code but it returns the exact same list before and after impersonation.
I am at a total loss here. Clearly the code executed by ASP even when impersonating another user does not have the same rights or visibility as when that user is actually logged in.
-Brian