E
Elad Volpin
Hi,
I'm successfully impersonating an administrative user (using
KB306158). I know it is successful because after the impersonation,
the WindowsIdentity.GetCurrent().Name returns the admin credentials
(before the impersonation it returns the logged-in user's
credentials).
I'm also testing the user's role (using IsInRole()) and receive True
for Administrator.
However, when attempting to add a user to the group, I receive a
'UnauthorizedAccessException: General access denied error'.
Assuming that I copy-pasted the code from KB306158, so that I have the
impersonateValidUser() function:
this.Response.Write("<BR>before: " +
WindowsIdentity.GetCurrent().Name); // returns the current
non-priviliged user
if( impersonateValidUser(admin, domain, password) )
{
this.Response.Write("<BR>after: " +
WindowsIdentity.GetCurrent().Name); // returns the actual admin
account
WindowsPrincipal principal = new WindowsPrincipal(
WindowsIdentity.GetCurrent() );
this.Response.Write("<BR>in role: " + Convert.ToString(
principal.IsInRole( WindowsBuiltInRole.Administrator ) ) ); // returns
True
// ... (code which retrieves existing group and existing user ldap
path)
// fails 'UnauthorizedAccessException: General access denied error'
grp.Properties["member"].Add(userPath);
grp.CommitChanges();
}
Thanks in advance,
Elad.
I'm successfully impersonating an administrative user (using
KB306158). I know it is successful because after the impersonation,
the WindowsIdentity.GetCurrent().Name returns the admin credentials
(before the impersonation it returns the logged-in user's
credentials).
I'm also testing the user's role (using IsInRole()) and receive True
for Administrator.
However, when attempting to add a user to the group, I receive a
'UnauthorizedAccessException: General access denied error'.
Assuming that I copy-pasted the code from KB306158, so that I have the
impersonateValidUser() function:
this.Response.Write("<BR>before: " +
WindowsIdentity.GetCurrent().Name); // returns the current
non-priviliged user
if( impersonateValidUser(admin, domain, password) )
{
this.Response.Write("<BR>after: " +
WindowsIdentity.GetCurrent().Name); // returns the actual admin
account
WindowsPrincipal principal = new WindowsPrincipal(
WindowsIdentity.GetCurrent() );
this.Response.Write("<BR>in role: " + Convert.ToString(
principal.IsInRole( WindowsBuiltInRole.Administrator ) ) ); // returns
True
// ... (code which retrieves existing group and existing user ldap
path)
// fails 'UnauthorizedAccessException: General access denied error'
grp.Properties["member"].Add(userPath);
grp.CommitChanges();
}
Thanks in advance,
Elad.