Impersonation fails on all other pages

Discussion in 'ASP .Net Security' started by Corey, Aug 18, 2004.

  1. Corey

    Corey Guest

    I am trying to impersonate 3 "roles" based upon forms authentication, a SQL
    Server lookup, and a LogonUser call on a Win2003 1.1 box. The goal of the
    impersonation is to allow ACL restrictions to pdf and word documents and
    some other company specific logic. If I vary the impersonation in the
    web.config to one of these:

    <identity impersonate="true" userName="company1" password="pass1">
    <identity impersonate="true" userName="company2" password="pass2">
    <identity impersonate="true" userName="company3" password="pass3">

    Everything works as expected - Company1 cannot see Company2's documents.
    When I try to do this in code (below), everything works as expected on the
    login page - LogonUser is ok and WindowsIdentity.GetCurrent().Name returns
    the correct user. After RedirectFromLoginPage, calling
    WindowsIdentity.GetCurrent().Name returns Administrator or Network Service
    (depending on web.config settings) - LOSING the impersonation. I never call
    impersonationContext.Undo() on the login page.

    Q: Is it possible to impersonate via code for all application requests, or
    is the impersonation lost on page unload / redirect?

    Thanks for any insight,
    Corey

    CODE-->

    web.config set to:
    <identity impersonate="true">

    Login cs:

    public const int LOGON32_LOGON_INTERACTIVE = 2;
    public const int LOGON32_PROVIDER_DEFAULT = 0;
    public const int SecurityImpersonation = 2;

    WindowsImpersonationContext impersonationContext;

    [DllImport("advapi32.dll", SetLastError=true)]
    public static extern bool LogonUser(String lpszUsername, String
    lpszDomain, String lpszPassword,
    int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

    [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
    public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
    int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

    <snip>

    private bool impersonateValidUser(String userName, String domain, String
    password)
    {
    WindowsIdentity tempWindowsIdentity;
    IntPtr tokenHandle = new IntPtr(0);
    IntPtr dupeTokenHandle = new IntPtr(0);
    tokenHandle = IntPtr.Zero;
    dupeTokenHandle = IntPtr.Zero;

    if(RevertToSelf())
    {

    // Call LogonUser to obtain a handle to an access token.
    bool returnValue = LogonUser(userName, domain, password,
    LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
    ref tokenHandle);

    //testing only
    int intError=Marshal.GetLastWin32Error();
    Win32Exception ex=new Win32Exception(intError);
    string strError=ex.ToString();

    if(returnValue)
    {

    string strTest= WindowsIdentity.GetCurrent().Name; // Original
    Identity OK

    bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref
    dupeTokenHandle);
    if (retVal)
    {
    tempWindowsIdentity = new WindowsIdentity(dupeTokenHandle);
    impersonationContext = tempWindowsIdentity.Impersonate();

    string strTest2= WindowsIdentity.GetCurrent().Name; // New
    Identity - works as expected

    if (impersonationContext != null)
    {
    CloseHandle(tokenHandle);
    CloseHandle(dupeTokenHandle);
    return true;
    }
    }
    }
    }
    if(tokenHandle!= IntPtr.Zero)
    CloseHandle(tokenHandle);
    if(dupeTokenHandle!=IntPtr.Zero)
    CloseHandle(dupeTokenHandle);
    return false;
    }
    Corey, Aug 18, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raymond Basque

    Re: ASP.NET Fails after SP4 with Impersonation

    Raymond Basque, Jun 27, 2003, in forum: ASP .Net
    Replies:
    3
    Views:
    520
  2. Bassel Tabbara [MSFT]

    RE: ASP.NET Fails after SP4 with Impersonation

    Bassel Tabbara [MSFT], Jun 27, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    501
    Michael Kennedy [UB]
    Jun 28, 2003
  3. Hidulf
    Replies:
    1
    Views:
    451
    Michael Kennedy [UB]
    Jun 30, 2003
  4. =?Utf-8?B?Sm9obiBXLg==?=

    Impersonation fails after upgrade to .NET Framework 1.1

    =?Utf-8?B?Sm9obiBXLg==?=, Feb 10, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    384
    =?Utf-8?B?Sm9obiBXLg==?=
    Feb 10, 2004
  5. Gonzosez
    Replies:
    7
    Views:
    127
    Roland Hall
    Dec 19, 2003
Loading...

Share This Page