thread to impersonates user

[Guest]

I have an application that needs to connect to a file share to copy files.
I can create and successfully use the System.Diagnostics.ProcessStartInfo
class in Application "A" to set the domain, password, and call a different
executable ( Applic "B" ) . But how do I use a thread of the application "A"
and change the user for the thread - INSTEAD of a having to call Application
B -?? Ideas ?

I am hoping someone has a short & elegant way like I am using with Applic A
, instead unmanaged code.

 

[Chris Mullins]

This example shows how to do it;
http://msdn2.microsoft.com/en-us/library/system.security.principal.windowsimpersonationcontext.aspx

You just need to have your thread log in as that user, call the methods you
want, then undo the impersonation.

 

[Guest]

Hi Chris,

I am rather surprised ( disappointed ) that the sample is written for .NET
1.1 and includes the unmanaged code calls - that the
System.Diagnostics.ProcessStartInfo either avoided or hid. Is this as good
as it gets ?? Thanks

 

[Chris Mullins]

I've seen this in a number of ways:

1 - If you know the credentials, you can impersonate via your config file.
ASP.NET is very good at this.
2 - If you have a user connected using Windows Auth, and very verify they're
using Kerberos, you can impersonate them and then hit network resources.
Often they're not Kerberos authenticated though, and you run into the
network hop problem.
3 - You can do SSPI impersonation, but that really sucks.

I would just cut/paste that code and give it a try. Throw it in a "Don't
look at me" class, and just hide the implementation details from view.

There may well be a better way, but nothing comes to mind.

 

[Cowboy \(Gregory A. Beamer\)]

Unless you want to impersonate a single user for all users, which you can do
in config, it IS as good as it gets. In this particular instance, the
potential security hole opens up the issue.

You might be able to alter some of the unmanaged calls a bit to get
credentials and attach to a Process object, but I have not personally tried
it.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside of the box!
*************************************************

 

[Guest]

Understood. I am replacing the same functionality with .NET as I have in VB 6
just see how succint this is: (XX = password)

Wsh.MapNetworkDrive sLetter & ":", sName, , "NW\downloaduser", XX

what's like this in .NET - I might just as well interop WSH. as do any of
the other work.

Its embarrassing to replace with reams of code

 

[Guest]

Maybe I my request is too simple - as noted I am just replacing VB 6 code
like this; Wsh.MapNetworkDrive sLetter & ":", sName, , "domain\username", XX
where XX = password

That allows me to copy files where I need them. Hard to imagine the >NET
replacement is so convoluted - ( except for
System.Diagnostics.ProcessStartInfo ) which works just fne.

 

[Chris Mullins]

I understand your frustration.

Ah well, 99% of the time you get to eliminate whole pages of vb6 code with a
single line of .Net code. This time you're going the other way. Think of how
much conversion karma you'll gain in the process!

 

[Dave Sexton]

Hi,

You can still use Windows Scripting host if you'd like. After all, you don't have an entirely managed option anyway. Like Chris
said, you can grab that MSDN code and hide it in a class. You could do the same with your wsh code if you find it easier to work
with.

 

[Guest]

Yes indeed - there did not seem to be any gain in my case in going to the net
classes that just fell back on WIN 32 API's. So I will proceed with that
interop... maybe .NET 3 has encapsulated some of this 'plumbing' . Thanks All
!