J
Jason MacKenzie
I have an asp.net application with a treeview control that accesses a
network share and recurses through all the directories and displays the
structure on a scree - pretty standard stuff.
I impersonate a domain admin account with the code that I will attach below.
When I step through the code the impersonation appears to be successful and
I'm getting the username and pwd from the registry which I use in many other
places so I know they are right.
The idea is to give specific people full control over their own folders and
then control read acces through our intranet security framework.
The issue is that unless I give Everyone read access to the share I get
prompted for a user name and password - which to my way of thinking
shouldn't happen as I am impersonating a domain admin.
Any help is appreciated.
Jason
Imports System.Security
Imports System.Web.Security
Imports System.Security.Principal
Module Common
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" _
(ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As
Integer
Public Function impersonateValidUser(ByVal userName As String, ByVal
domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr
Dim tokenDuplicate As IntPtr
If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
_
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If impersonationContext Is Nothing Then
impersonateValidUser = False
Else
impersonateValidUser = True
End If
Else
impersonateValidUser = False
End If
Else
impersonateValidUser = False
End If
End Function
Public Sub undoImpersonation()
impersonationContext.Undo()
End Sub
End Module
network share and recurses through all the directories and displays the
structure on a scree - pretty standard stuff.
I impersonate a domain admin account with the code that I will attach below.
When I step through the code the impersonation appears to be successful and
I'm getting the username and pwd from the registry which I use in many other
places so I know they are right.
The idea is to give specific people full control over their own folders and
then control read acces through our intranet security framework.
The issue is that unless I give Everyone read access to the share I get
prompted for a user name and password - which to my way of thinking
shouldn't happen as I am impersonating a domain admin.
Any help is appreciated.
Jason
Imports System.Security
Imports System.Web.Security
Imports System.Security.Principal
Module Common
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" _
(ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As
Integer
Public Function impersonateValidUser(ByVal userName As String, ByVal
domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr
Dim tokenDuplicate As IntPtr
If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
_
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If impersonationContext Is Nothing Then
impersonateValidUser = False
Else
impersonateValidUser = True
End If
Else
impersonateValidUser = False
End If
Else
impersonateValidUser = False
End If
End Function
Public Sub undoImpersonation()
impersonationContext.Undo()
End Sub
End Module