impersonation

Impersonating a Windows user

by

try this : [DllImport(“advapi32.dll”, SetLastError = true)] public static extern bool LogonUser( string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr phToken); Usage : IntPtr userToken = IntPtr.Zero; bool success = External.LogonUser( “john.doe”, “domain.com”, “MyPassword”, (int) AdvApi32Utility.LogonType.LOGON32_LOGON_INTERACTIVE, //2 (int) AdvApi32Utility.LogonProvider.LOGON32_PROVIDER_DEFAULT, //0 out userToken); if (!success) { throw new SecurityException(“Logon user failed”); } … Read more

How to use LogonUser properly to impersonate domain user from workgroup client

by

Very few posts suggest using LOGON_TYPE_NEW_CREDENTIALS instead of LOGON_TYPE_NETWORK or LOGON_TYPE_INTERACTIVE. I had an impersonation issue with one machine connected to a domain and one not, and this fixed it. The last code snippet in this post suggests that impersonating across a forest does work, but it doesn’t specifically say anything about trust being set … Read more

Impersonate using Forms Authentication

by

Impersonating a user using Forms Authentication can be done. The following code does work. The Visual Studio Magazine article referred to by Robert is an excellent resource. There are a some issues with the example code in the article, so I’ve included some working code below. Note: If you are using Visual Studio, make sure … Read more

Can I turn off impersonation just in a couple instances

by

Make sure the Application Pool do have the proper rights that you need. Then, when you want to revert to the application pool identity… run the following: private WindowsImpersonationContext context = null; public void RevertToAppPool() { try { if (!WindowsIdentity.GetCurrent().IsSystem) { context = WindowsIdentity.Impersonate(System.IntPtr.Zero); } } catch { } } public void UndoImpersonation() { try … Read more

Impersonation in ASP.NET MVC

by

Impersonation allows machine to machine impersonation, so the client browser and the server are on the same page when it comes to the impersonation. When you then attempt to access the network share, the computer doesn’t trust the impersonated credentials. You need to enable delegation for the IIS machine in Active Directory. Go to Active … Read more

Run Code as a different user

by

Impersonation requires calling some native APIs (namely, LogonUser) so it’s probably not worth posting 3 pages of wrapper code. This page has a complete working sample: http://platinumdogs.wordpress.com/2008/10/30/net-c-impersonation-with-network-credentials/ Note that impersonation has important security considerations. Make sure you follow best practices.

How to get Windows user name when identity impersonate=”true” in asp.net?

by

With <authentication mode=”Windows”/> in your application and Anonymous access enabled in IIS, you will see the following results: System.Environment.UserName: Computer Name Page.User.Identity.Name: Blank System.Security.Principal.WindowsIdentity.GetCurrent().Name: Computer Name With <authentication mode=”Windows”/> in your application, and ‘Anonymous access’ disabled and only ‘Integrated Windows Authentication’ in IIS, you will see the following results: System.Environment.UserName: ASPNET (user account used to … Read more

Windows Impersonation from C#

by

It’s possible, although it requires you to do a lot of code. See NtCreateToken and CreateToken. You need SeCreateTokenPrivilege, although that won’t be a problem since you’re running under NT AUTHORITY\SYSTEM. You can then use the created token to impersonate inside a thread.

Start a .Net Process as a Different User

by

Can you try something like this: Start a new Process as another user Code sample: System.Diagnostics.Process proc = new System.Diagnostics.Process(); System.Security.SecureString ssPwd = new System.Security.SecureString(); proc.StartInfo.UseShellExecute = false; proc.StartInfo.FileName = “filename”; proc.StartInfo.Arguments = “args…”; proc.StartInfo.Domain = “domainname”; proc.StartInfo.UserName = “username”; string password = “user entered password”; for (int x = 0; x < password.Length; x++) … Read more