G
Guest
Hello
Can anyone shed any light onto why I can Impersonate succesfully from an
Asp.Net form, but it fails when I try and do the same from a console
application?
Both applications call into the same com component which checks the Account
Name of the original caller. The aspnet app succesfully logs the account I
have set it to impersonate, but the console app appears to execute correctly
as it succesfully returns data but it logs the account I am logged on to the
pc as.
I am running version one of the framework on a windows 2000 machine.
Here is the code I use to do the impersonation
using System;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Data;
namespace Spicers.Systems.ProductLoadFileProcessor
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{
public ImpersonateUser()
{
}
public const int LOGON32_LOGON_INTERACTIVE =2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public bool ImpersonateValidUser(String userName, String domain, String
password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUserA(userName,domain,password,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref token) != 0)
{
if(DuplicateToken(token,2,ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if(impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
if(token != IntPtr.Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
public void UndoImpersonation()
{
impersonationContext.Undo();
}
}
}
and I call it like so...
ImpersonateUser imp = new ImpersonateUser();
if(imp.ImpersonateValidUser("username","domainname",""password))
{
// Get the feedback file directory
Data.IProductLoad prodLoad = new Data.ProductLoad();
dsDirectories = prodLoad.GetDirectories();
imp.UndoImpersonation();
}
else
{
throw new System.Exception("Impersonation didn't work");
}
the function prodLoad.GetDirectories() checks the original caller like so: -
originalCaller = SecurityCallContext.CurrentCall.OriginalCaller.AccountName;
this successfully returns the Impersonated account from an asp.net page, but
not from my console app
Thanks for your help
David
Can anyone shed any light onto why I can Impersonate succesfully from an
Asp.Net form, but it fails when I try and do the same from a console
application?
Both applications call into the same com component which checks the Account
Name of the original caller. The aspnet app succesfully logs the account I
have set it to impersonate, but the console app appears to execute correctly
as it succesfully returns data but it logs the account I am logged on to the
pc as.
I am running version one of the framework on a windows 2000 machine.
Here is the code I use to do the impersonation
using System;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.Data;
namespace Spicers.Systems.ProductLoadFileProcessor
{
/// <summary>
/// Summary description for ImpersonateUser.
/// </summary>
public class ImpersonateUser
{
public ImpersonateUser()
{
}
public const int LOGON32_LOGON_INTERACTIVE =2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public bool ImpersonateValidUser(String userName, String domain, String
password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(LogonUserA(userName,domain,password,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref token) != 0)
{
if(DuplicateToken(token,2,ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if(impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
if(token != IntPtr.Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
public void UndoImpersonation()
{
impersonationContext.Undo();
}
}
}
and I call it like so...
ImpersonateUser imp = new ImpersonateUser();
if(imp.ImpersonateValidUser("username","domainname",""password))
{
// Get the feedback file directory
Data.IProductLoad prodLoad = new Data.ProductLoad();
dsDirectories = prodLoad.GetDirectories();
imp.UndoImpersonation();
}
else
{
throw new System.Exception("Impersonation didn't work");
}
the function prodLoad.GetDirectories() checks the original caller like so: -
originalCaller = SecurityCallContext.CurrentCall.OriginalCaller.AccountName;
this successfully returns the Impersonated account from an asp.net page, but
not from my console app
Thanks for your help
David