Impersonation and Network Share

Discussion in 'ASP .Net' started by Jason MacKenzie, Jun 3, 2005.

  1. I have an asp.net application with a treeview control that accesses a
    network share and recurses through all the directories and displays the
    structure on a scree - pretty standard stuff.

    I impersonate a domain admin account with the code that I will attach below.
    When I step through the code the impersonation appears to be successful and
    I'm getting the username and pwd from the registry which I use in many other
    places so I know they are right.

    The idea is to give specific people full control over their own folders and
    then control read acces through our intranet security framework.

    The issue is that unless I give Everyone read access to the share I get
    prompted for a user name and password - which to my way of thinking
    shouldn't happen as I am impersonating a domain admin.

    Any help is appreciated.

    Jason

    Imports System.Security
    Imports System.Web.Security
    Imports System.Security.Principal

    Module Common
    Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
    Dim LOGON32_PROVIDER_DEFAULT As Integer = 0

    Dim impersonationContext As WindowsImpersonationContext

    Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
    As String, _
    ByVal lpszDomain As String, _
    ByVal lpszPassword As String, _
    ByVal dwLogonType As Integer, _
    ByVal dwLogonProvider As Integer, _
    ByRef phToken As IntPtr) As Integer
    Declare Auto Function DuplicateToken Lib "advapi32.dll" _
    (ByVal ExistingTokenHandle As IntPtr, _
    ByVal ImpersonationLevel As Integer, _
    ByRef DuplicateTokenHandle As IntPtr) As
    Integer

    Public Function impersonateValidUser(ByVal userName As String, ByVal
    domain As String, ByVal password As String) As Boolean

    Dim tempWindowsIdentity As WindowsIdentity
    Dim token As IntPtr
    Dim tokenDuplicate As IntPtr

    If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
    _
    LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
    If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
    tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
    impersonationContext = tempWindowsIdentity.Impersonate()
    If impersonationContext Is Nothing Then
    impersonateValidUser = False
    Else
    impersonateValidUser = True
    End If
    Else
    impersonateValidUser = False
    End If
    Else
    impersonateValidUser = False
    End If
    End Function

    Public Sub undoImpersonation()
    impersonationContext.Undo()
    End Sub

    End Module
     
    Jason MacKenzie, Jun 3, 2005
    #1
    1. Advertising

  2. Jason MacKenzie

    Scott Allen Guest

    Hi Jason:

    You mean the browser is prompting for a user name and password? That
    means there is a request going from the browser to the other machine -
    the code you have below will only impersonate a user for your server
    side code.

    --
    Scott
    http://www.OdeToCode.com/blogs/scott/

    On Fri, 3 Jun 2005 11:09:40 -0400, "Jason MacKenzie" <>
    wrote:

    >I have an asp.net application with a treeview control that accesses a
    >network share and recurses through all the directories and displays the
    >structure on a scree - pretty standard stuff.
    >
    >I impersonate a domain admin account with the code that I will attach below.
    >When I step through the code the impersonation appears to be successful and
    >I'm getting the username and pwd from the registry which I use in many other
    >places so I know they are right.
    >
    >The idea is to give specific people full control over their own folders and
    >then control read acces through our intranet security framework.
    >
    >The issue is that unless I give Everyone read access to the share I get
    >prompted for a user name and password - which to my way of thinking
    >shouldn't happen as I am impersonating a domain admin.
    >
    >Any help is appreciated.
    >
    >Jason
    >
    >Imports System.Security
    >Imports System.Web.Security
    >Imports System.Security.Principal
    >
    >Module Common
    > Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
    > Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
    >
    > Dim impersonationContext As WindowsImpersonationContext
    >
    > Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
    >As String, _
    > ByVal lpszDomain As String, _
    > ByVal lpszPassword As String, _
    > ByVal dwLogonType As Integer, _
    > ByVal dwLogonProvider As Integer, _
    > ByRef phToken As IntPtr) As Integer
    > Declare Auto Function DuplicateToken Lib "advapi32.dll" _
    > (ByVal ExistingTokenHandle As IntPtr, _
    > ByVal ImpersonationLevel As Integer, _
    > ByRef DuplicateTokenHandle As IntPtr) As
    >Integer
    >
    > Public Function impersonateValidUser(ByVal userName As String, ByVal
    >domain As String, ByVal password As String) As Boolean
    >
    > Dim tempWindowsIdentity As WindowsIdentity
    > Dim token As IntPtr
    > Dim tokenDuplicate As IntPtr
    >
    > If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
    >_
    > LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
    > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
    > tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
    > impersonationContext = tempWindowsIdentity.Impersonate()
    > If impersonationContext Is Nothing Then
    > impersonateValidUser = False
    > Else
    > impersonateValidUser = True
    > End If
    > Else
    > impersonateValidUser = False
    > End If
    > Else
    > impersonateValidUser = False
    > End If
    > End Function
    >
    > Public Sub undoImpersonation()
    > impersonationContext.Undo()
    > End Sub
    >
    >End Module
    >
     
    Scott Allen, Jun 3, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chuck Haeberle
    Replies:
    0
    Views:
    370
    Chuck Haeberle
    Jul 10, 2003
  2. Replies:
    3
    Views:
    188
    Joe Kaplan \(MVP - ADSI\)
    Mar 10, 2006
  3. Julie

    Impersonation and accessing Windows file share

    Julie, Mar 29, 2006, in forum: ASP .Net Security
    Replies:
    9
    Views:
    241
    Joe Kaplan \(MVP - ADSI\)
    Mar 31, 2006
  4. Steve
    Replies:
    0
    Views:
    268
    Steve
    Jun 8, 2007
  5. Saraswati lakki
    Replies:
    0
    Views:
    1,416
    Saraswati lakki
    Jan 6, 2012
Loading...

Share This Page