Change impersonation on the fly

Discussion in 'ASP .Net Security' started by Colin, Apr 19, 2005.

  1. Colin

    Colin Guest

    Normally impersonation is set to true. Due to an intermittent Kerberos
    issue I'd like to set impersonate='False' on a per session or per error
    basis. In other works I would like to handle the error by turning
    impersonation off.

    This would allow the user experience to continue while I trouble shoot
    Active Directory.

    Is this possible?

    Colin.
    Colin, Apr 19, 2005
    #1
    1. Advertising

  2. Colin

    Brock Allen Guest

    Yep. It's not doc'd (unless you count Dominick Baier as documentation) but
    you can call:

    WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence call
    RevertToSelf and then call WindowsImpersonationContext.Undo() to go back
    to your previous identity. WindowsImpersonationContext is the return from
    Impersonate.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Normally impersonation is set to true. Due to an intermittent
    > Kerberos issue I'd like to set impersonate='False' on a per session or
    > per error basis. In other works I would like to handle the error by
    > turning impersonation off.
    >
    > This would allow the user experience to continue while I trouble shoot
    > Active Directory.
    >
    > Is this possible?
    >
    > Colin.
    >
    Brock Allen, Apr 19, 2005
    #2
    1. Advertising

  3. Colin

    Colin Guest

    Brock,

    I don't quiet follow. Am a passing the current identity into the
    WindowsImpersonationContext? This is what I have?


    ' Check the identity.
    Response.Write(("Before impersonation: " +
    WindowsIdentity.GetCurrent().Name) + "<br>")

    Dim newID As New WindowsIdentity(WindowsIdentity.GetCurrent().Token)
    Dim impersonatedUser As WindowsImpersonationContext =
    newID.Impersonate()

    ' Check the identity.
    Response.Write(("After impersonation: " +
    WindowsIdentity.GetCurrent().Name) + "<br>")

    ' Stop impersonating the user.
    impersonatedUser.Undo()

    ' Check the identity.
    Response.Write(("After Undo: " + WindowsIdentity.GetCurrent().Name)
    + "<br>")


    "Brock Allen" <> wrote in message
    news:...
    Yep. It's not doc'd (unless you count Dominick Baier as documentation) but
    you can call:

    WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence call
    RevertToSelf and then call WindowsImpersonationContext.Undo() to go back
    to your previous identity. WindowsImpersonationContext is the return from
    Impersonate.

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Normally impersonation is set to true. Due to an intermittent
    > Kerberos issue I'd like to set impersonate='False' on a per session or
    > per error basis. In other works I would like to handle the error by
    > turning impersonation off.
    >
    > This would allow the user experience to continue while I trouble shoot
    > Active Directory.
    >
    > Is this possible?
    >
    > Colin.
    >
    Colin, Apr 20, 2005
    #3
  4. Colin

    Brock Allen Guest

    Yeah, sorry, typo in my code sample. It should be something like this:

    WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);

    // do your AD stuff now as the identity of the process (not the user)

    ctx.Undo(); // go back to being the user

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Brock,
    >
    > I don't quiet follow. Am a passing the current identity into the
    > WindowsImpersonationContext? This is what I have?
    >
    > ' Check the identity.
    > Response.Write(("Before impersonation: " +
    > WindowsIdentity.GetCurrent().Name) + "<br>")
    > Dim newID As New
    > WindowsIdentity(WindowsIdentity.GetCurrent().Token)
    > Dim impersonatedUser As WindowsImpersonationContext =
    > newID.Impersonate()
    > ' Check the identity.
    > Response.Write(("After impersonation: " +
    > WindowsIdentity.GetCurrent().Name) + "<br>")
    > ' Stop impersonating the user.
    > impersonatedUser.Undo()
    > ' Check the identity.
    > Response.Write(("After Undo: " +
    > WindowsIdentity.GetCurrent().Name)
    > + "<br>")
    > "Brock Allen" <> wrote in message
    > news:...
    > Yep. It's not doc'd (unless you count Dominick Baier as documentation)
    > but
    > you can call:
    > WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence
    > call RevertToSelf and then call WindowsImpersonationContext.Undo() to
    > go back to your previous identity. WindowsImpersonationContext is the
    > return from Impersonate.
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >> Normally impersonation is set to true. Due to an intermittent
    >> Kerberos issue I'd like to set impersonate='False' on a per session
    >> or per error basis. In other works I would like to handle the error
    >> by turning impersonation off.
    >>
    >> This would allow the user experience to continue while I trouble
    >> shoot Active Directory.
    >>
    >> Is this possible?
    >>
    >> Colin.
    >>
    Brock Allen, Apr 20, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Abby
    Replies:
    0
    Views:
    616
  2. fishfry
    Replies:
    2
    Views:
    857
    Tom N
    Mar 1, 2004
  3. Matt
    Replies:
    1
    Views:
    30,478
    Toby A Inkster
    Jun 25, 2004
  4. Matt
    Replies:
    9
    Views:
    1,871
  5. Brian

    Fly outmenu on the fly

    Brian, Apr 8, 2005, in forum: Javascript
    Replies:
    0
    Views:
    103
    Brian
    Apr 8, 2005
Loading...

Share This Page