Impersonating as another user to alter ACL's

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I'm trying to add a user to an ACL of a folder.
Thing is that I need to present a with username/password prompt for the
administrator (or any other priviliged user) and use those credentials to
somehow get authenticated to add another useraccount to an ACL.
I just don't know where to start, is it possible to 'impersonate' an account
using .net and then use the credentials to alter ntfs settings? If so, can
someone point me in the right direction?

Cheers!
 
To impersonate a user the first thing you need is the security token of
that user and use WindowsIdentity.Impersonate () function that takes an
IntPtr (pointer) to that token.

To get the token you need to call the win32 api function LogonUser in
advapi32.dll. (see http://pinvoke.net/default.aspx/advapi32.LogonUser
for details and sample). Passing in the user name, domain and password
will authenticate the user and return a pointer to the security token,
which then can be used to call WindowsIdentity.Impersonate function.

(Be sure to wrap this entire operation in a try{}catch{}finally{}
block, and release the returned IntPtr in the catch block to avoid any
security issues... Also remember to revert back to the old identity
once your finished.)

Once the Impersonate function suceeds, your application is now using
the impersonated account's credentials. You can use the the new ACL
classes in .net 2.0 to programatically manage the ACL's of any NTFS
object. Link: http://west-wind.com/weblog/posts/4072.aspx

Hope this helps...
 
Back
Top